-
Notifications
You must be signed in to change notification settings - Fork 134
110 lines (107 loc) · 3.66 KB
/
reusable_deploy_layer_stack.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
name: Deploy cdk stack
on:
workflow_call:
inputs:
stage:
description: "Deployment stage (BETA, PROD)"
required: true
type: string
artifact-name:
description: "CDK Layer artifact name to download"
required: true
type: string
latest_published_version:
description: "Latest version that is published"
required: true
type: string
secrets:
target-account-role:
required: true
permissions:
contents: read
jobs:
deploy-cdk-stack:
permissions:
id-token: write
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
region:
[
"af-south-1",
"eu-central-1",
"eu-central-2",
"us-east-1",
"us-east-2",
"us-west-1",
"us-west-2",
"ap-east-1",
"ap-south-1",
"ap-northeast-1",
"ap-northeast-2",
"ap-northeast-3",
"ap-southeast-1",
"ap-southeast-2",
"ap-southeast-3",
"ap-southeast-4",
"ca-central-1",
"ca-west-1",
"eu-west-1",
"eu-west-2",
"eu-west-3",
"eu-south-1",
"eu-south-2",
"eu-north-1",
"sa-east-1",
"me-south-1",
"il-central-1",
]
steps:
- name: checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: aws credentials
uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1
with:
aws-region: ${{ matrix.region }}
role-to-assume: ${{ secrets.target-account-role }}
mask-aws-account-id: true
- name: Setup Node.js
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
with:
node-version: "20"
- name: Setup dependencies
uses: ./.github/actions/cached-node-modules
- name: Download artifact
uses: actions/download-artifact@6b208ae046db98c579e8a3aa621ab581ff575935 # v4.1.1
with:
name: ${{ inputs.artifact-name }}
- name: Unzip artifact
run: unzip -o cdk.out.zip
- name: Deploy Layer
run: npm run cdk -w layers -- deploy --app cdk.out --context region=${{ matrix.region }} 'LayerPublisherStack' --require-approval never --verbose --outputs-file cdk-outputs.json
- name: Store latest Layer ARN
if: ${{ inputs.stage == 'PROD' }}
run: |
mkdir cdk-layer-stack
jq -r -c '.LayerPublisherStack.LatestLayerArn' layers/cdk-outputs.json > cdk-layer-stack/${{ matrix.region }}-layer-version.txt
cat cdk-layer-stack/${{ matrix.region }}-layer-version.txt
- name: Save Layer ARN artifact
if: ${{ inputs.stage == 'PROD' }}
uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8 # v4.3.0
with:
name: cdk-layer-stack
path: ./cdk-layer-stack/* # NOTE: upload-artifact does not inherit working-directory setting.
if-no-files-found: error
retention-days: 1
overwrite: true
- name: CDK deploy canary
run: npm run cdk -w layers -- deploy --app cdk.out --context region=${{ matrix.region }} 'CanaryStack' --require-approval never --verbose --outputs-file cdk-outputs.json
update_layer_arn_docs:
needs: deploy-cdk-stack
permissions:
contents: write
if: ${{ inputs.stage == 'PROD' }}
uses: ./.github/workflows/reusable_update_layer_arn_docs.yml
with:
latest_published_version: ${{ inputs.latest_published_version }}