-
Notifications
You must be signed in to change notification settings - Fork 2
102 lines (88 loc) · 4.2 KB
/
deploy.yml
File metadata and controls
102 lines (88 loc) · 4.2 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
name: Infrastructure CI/CD
permissions:
id-token: write # required for requesting the JWT
contents: read # required for actions/checkout
on:
pull_request:
branches: [ main ]
workflow_dispatch:
inputs:
deployment_environment:
description: 'Environment to deploy to'
required: true
type: choice
options:
- dev
- test
jobs:
cdk_operations:
name: "CDK Operations"
runs-on: ubuntu-latest
timeout-minutes: 60
environment: ${{ github.event_name == 'workflow_dispatch' && github.event.inputs.deployment_environment || 'synthtest' }}
env:
AUTHOR: ${{ github.actor }}
CERTIFICATE_ARN: ${{ vars.CERTIFICATE_ARN }}
COMMIT_SHA: ${{ github.sha }}
DB_ALLOCATED_STORAGE: ${{ vars.DB_ALLOCATED_STORAGE }}
DB_INSTANCE_TYPE: ${{ vars.DB_INSTANCE_TYPE }}
GIT_REPOSITORY: ${{ github.repository }}
INGESTOR_DOMAIN_NAME: ${{ vars.INGESTOR_DOMAIN_NAME }}
MOSAIC_HOST: ${{ vars.MOSAIC_HOST }}
PGSTAC_VERSION: ${{ vars.PGSTAC_VERSION }}
STAC_API_CUSTOM_DOMAIN_NAME: ${{ vars.STAC_API_CUSTOM_DOMAIN_NAME }}
STAC_API_INTEGRATION_API_ARN: ${{ vars.STAC_API_INTEGRATION_API_ARN }}
STAC_BROWSER_CERTIFICATE_ARN: ${{ vars.STAC_BROWSER_CERTIFICATE_ARN }}
STAC_BROWSER_CUSTOM_DOMAIN_NAME: ${{ vars.STAC_BROWSER_CUSTOM_DOMAIN_NAME }}
STAC_BROWSER_REPO_TAG: ${{ vars.STAC_BROWSER_REPO_TAG }}
STAGE: ${{ github.event.inputs.deployment_environment || 'synthtest' }}
TITILER_DATA_ACCESS_ROLE_ARN: ${{ vars.TITILER_DATA_ACCESS_ROLE_ARN }}
TITILER_PGSTAC_API_CUSTOM_DOMAIN_NAME: ${{ vars.TITILER_PGSTAC_API_CUSTOM_DOMAIN_NAME }}
USER_STAC_ITEM_GEN_ROLE_ARN: ${{ vars.USER_STAC_ITEM_GEN_ROLE_ARN }}
USER_STAC_INBOUND_TOPIC_ARNS: ${{ vars.USER_STAC_INBOUND_TOPIC_ARNS }}
USER_STAC_COLLECTION_ID_REGISTRY: ${{ vars.USER_STAC_COLLECTION_ID_REGISTRY }}
USER_STAC_STAC_API_CUSTOM_DOMAIN_NAME: ${{ vars.USER_STAC_STAC_API_CUSTOM_DOMAIN_NAME }}
USER_STAC_TITILER_PGSTAC_API_CUSTOM_DOMAIN_NAME: ${{ vars.USER_STAC_TITILER_PGSTAC_API_CUSTOM_DOMAIN_NAME }}
WEB_ACL_ARN: ${{ vars.WEB_ACL_ARN }}
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Set up node
uses: actions/setup-node@v4
with:
node-version: 20
cache: 'npm'
- name: Install dependencies
run: npm ci
- name: Assume Github OIDC role
uses: aws-actions/configure-aws-credentials@v4
if: github.event_name == 'workflow_dispatch'
with:
aws-region: us-west-2
role-to-assume: ${{ vars.DEPLOY_ROLE }}
role-session-name: MAAP-eoapi-${{ github.event.inputs.deployment_environment || 'synthtest' }}-deploy
- name: Import stacks variables to github output
id: import-stacks-vars-to-output
if: github.event_name == 'workflow_dispatch'
env:
AUTH_STACK_NAME: ${{ vars.AUTH_STACK_NAME }}
ROLES_STACK_NAME: ${{ vars.ROLES_STACK_NAME }}
run: bash .github/workflows/scripts/import_stacks_variables_to_github_output.sh $AUTH_STACK_NAME $ROLES_STACK_NAME
- name: Set dynamic environment variables
if: github.event_name == 'workflow_dispatch'
run: |
echo "INGESTOR_DATA_ACCESS_ROLE_ARN=${{ steps.import-stacks-vars-to-output.outputs.INGESTOR_DATA_ACCESS_ROLE_ARN }}" >> $GITHUB_ENV
echo "JWKS_URL=${{ steps.import-stacks-vars-to-output.outputs.JWKS_URL }}" >> $GITHUB_ENV
- name: Set fallback dynamic variables for synthtest
if: github.event_name != 'workflow_dispatch'
run: |
echo "INGESTOR_DATA_ACCESS_ROLE_ARN=${{ vars.INGESTOR_DATA_ACCESS_ROLE_ARN }}" >> $GITHUB_ENV
echo "USER_STAC_ITEM_GEN_ROLE_ARN=${{ vars.INGESTOR_DATA_ACCESS_ROLE_ARN }}" >> $GITHUB_ENV
echo "JWKS_URL=${{ vars.JWKS_URL }}" >> $GITHUB_ENV
echo "AWS_REGION=us-west-2" >> $GITHUB_ENV
echo "AWS_DEFAULT_REGION=us-west-2" >> $GITHUB_ENV
- name: Run CDK synth
run: npm run cdk -- synth
- name: Run CDK deploy
if: github.event_name == 'workflow_dispatch'
run: npm run cdk -- deploy --all --require-approval never