Main Pipeline - CDK Actions #181
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Main Pipeline - CDK Actions | |
on: | |
workflow_dispatch: {} | |
pull_request: | |
types: | |
# For Synth | |
- opened | |
- reopened | |
- synchronize | |
- edited | |
# For Deploy | |
- closed | |
# NOTE: You CAN'T have the `paths` key here!! | |
# if you do, and the PR doesn't trigger this, | |
# you won't be able to merge it. | |
# (Apart of dependabot updates. See the | |
# README.md in this dir for more details...) | |
branches: | |
- main | |
#### Overall Strategy: | |
# If Open a PR: Make sure everything can Synth (No deploy) | |
# If Merge a PR: Deploy to your account (No synth, it just passed) | |
# If workflow_dispatch: Synth first, then deploy if pass | |
env: | |
EXAMPLES_PATH: ./Examples # No trailing slash plz! | |
jobs: | |
setup-matrix: | |
runs-on: ubuntu-latest | |
outputs: | |
synth-matrix: ${{ steps.setup-synth.outputs.synth-config-files }} | |
deploy-matrix: ${{ steps.setup-deploy.outputs.deploy-config-files }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Setup cdk-synth Matrix | |
id: setup-synth | |
run: | | |
file_list=$(cd "${{ env.EXAMPLES_PATH }}" && find * -regextype egrep -regex '.*ya?ml$') | |
json_list=$(echo $file_list | jq --raw-input --compact-output 'split(" ")') | |
echo "synth-config-files=$json_list" >> "$GITHUB_OUTPUT" | |
- name: Setup cdk-deploy Matrix | |
id: setup-deploy | |
run: | | |
github_vars_list=$(echo "${{ vars.DEPLOY_EXAMPLES }}" | tr '\r\n' ' ') | |
json_list=$(echo $github_vars_list | jq --raw-input --compact-output 'split(" ")') | |
echo "deploy-config-files=$json_list" >> "$GITHUB_OUTPUT" | |
if [ $json_list == '[]' ]; then | |
echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY | |
echo "> **No deploy examples found**, skipping deployments. Populate the 'DEPLOY_EXAMPLES' GH Variable to change." >> $GITHUB_STEP_SUMMARY | |
fi | |
cdk-synth: | |
if: ( github.event_name == 'pull_request' && github.event.action != 'closed' ) || | |
( github.event_name == 'workflow_dispatch' ) | |
runs-on: ubuntu-latest | |
needs: | |
- setup-matrix | |
strategy: | |
matrix: | |
example-config: ${{ fromJson(needs.setup-matrix.outputs.synth-matrix) }} | |
environment: ${{ matrix.example-config }} | |
steps: | |
- uses: actions/checkout@v4 | |
## Install Everything / Setup Env Vars: | |
- name: Setup CDK | |
uses: ./.github/workflows/composite-setup-cdk | |
with: | |
secrets: ${{ toJson(secrets) }} | |
vars: ${{ toJson(vars) }} | |
## Log into AWS: | |
- uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
aws-region: "${{ vars.AWS_REGION }}" | |
role-to-assume: "arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ vars.AWS_DEPLOY_ROLE }}" | |
- name: "Synthesize: ${{ matrix.example-config }}" | |
run: make cdk-synth config-file="${{ env.EXAMPLES_PATH }}/${{ matrix.example-config }}" | |
cdk-deploy-base: | |
## If the PR is merged, or if we manually trigger it (MAIN ONLY): | |
# - !failure() && !cancelled(): Let it check the 'if' block here, EVEN if cdk-synth skipped. | |
# - needs.setup-matrix.outputs.deploy-matrix != '[]': Only run if there's something to deploy. | |
# - (github.event_name block): Only run if it's a PR merge or on workflow_dispatch. | |
if: | | |
!failure() && !cancelled() && | |
needs.setup-matrix.outputs.deploy-matrix != '[]' && | |
( | |
( github.event_name == 'pull_request' && github.event.pull_request.merged ) || | |
( github.event_name == 'workflow_dispatch' ) | |
) | |
runs-on: ubuntu-latest | |
needs: | |
- setup-matrix | |
- cdk-synth | |
permissions: | |
id-token: write | |
contents: read | |
steps: | |
## Moved this check away from the job-level 'if', so it actually fails if you're | |
# not on main. Failure is easier to see than a skipped job. | |
- name: Fail if not 'main' (else skips this step) | |
# Yes the pull_request line is redundant with the 'branch' trigger at the top of the | |
# file, but better safe than sorry. Keeps the logic uniform with workflow_dispatch too. | |
if: ( github.event_name == 'pull_request' && github.base_ref != 'main' ) || | |
( github.event_name == 'workflow_dispatch' && github.ref != 'refs/heads/main' ) | |
run: exit -1 | |
- uses: actions/checkout@v4 | |
## Install Everything / Setup Env Vars: | |
- name: Setup CDK | |
uses: ./.github/workflows/composite-setup-cdk | |
with: | |
secrets: ${{ toJson(secrets) }} | |
vars: ${{ toJson(vars) }} | |
## Log into AWS: | |
- uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
aws-region: "${{ vars.AWS_REGION }}" | |
role-to-assume: "arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ vars.AWS_DEPLOY_ROLE }}" | |
## Deploy the Base Stack: | |
- name: Deploy Base Stack | |
run: make cdk-deploy-base | |
cdk-deploy-leaf: | |
## Since cdk-synth can be skipped, it'll skip EVERY job after it, even if the job isn't *directly* tied | |
# to it. | |
# - !failure() && !cancelled(): Let it check the 'if' block here, EVEN if cdk-synth skipped. | |
# - needs.cdk-deploy-base.result == 'success': Only run if cdk-deploy-base runs AND succeeds. | |
if: | | |
!failure() && !cancelled() && needs.cdk-deploy-base.result == 'success' | |
runs-on: ubuntu-latest | |
needs: | |
- setup-matrix | |
- cdk-deploy-base | |
strategy: | |
# Since they all use the Base Stack, only one can create/update at a time: | |
max-parallel: 1 | |
matrix: | |
deploy-config: ${{ fromJson(needs.setup-matrix.outputs.deploy-matrix) }} | |
environment: "${{ matrix.deploy-config }}" | |
permissions: | |
id-token: write | |
contents: read | |
steps: | |
- uses: actions/checkout@v4 | |
## Install Everything / Setup Env Vars: | |
- name: Setup CDK | |
uses: ./.github/workflows/composite-setup-cdk | |
with: | |
secrets: ${{ toJson(secrets) }} | |
vars: ${{ toJson(vars) }} | |
## Log into AWS: | |
- uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
aws-region: "${{ vars.AWS_REGION }}" | |
role-to-assume: "arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ vars.AWS_DEPLOY_ROLE }}" | |
## Deploy the Leaf Stack: | |
- name: "Deploying: ${{ matrix.deploy-config }}" | |
# CONTAINER_ID: If not defined in Environment, default to everything before the first period in the filename. | |
run: | | |
CONTAINER_ID=${CONTAINER_ID:=$(echo "${{ matrix.deploy-config }}" | sed 's/\..*//i')} | |
make cdk-deploy-leaf \ | |
config-file="${{ env.EXAMPLES_PATH }}/${{ matrix.deploy-config }}" \ | |
container-id=${CONTAINER_ID} |