Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add Deployment workflows #519

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Add Deployment workflows #519

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
998c04b
Add Deployment workflows
Divyaasm Jan 28, 2025
5704841
Update deployment workflows
Divyaasm Feb 11, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
72 changes: 72 additions & 0 deletions .github/workflows/changeset.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,72 @@
name: Create Change Set

on:
pull_request:
types: [opened, synchronize]
branches:
- main

jobs:
create-change-sets:
name: Create Change Sets
runs-on: ubuntu-latest
strategy:
matrix:
environment: [Beta, Prod]
environment: ${{ matrix.environment }}
permissions:
id-token: write
contents: read
steps:
- name: Checkout repository
uses: actions/checkout@v3

- name: Setup Node.js and AWS CDK
uses: actions/setup-node@v4
with:
node-version: 18.x

- name: Install dependencies and build project
run: |
npm install
npm run build

- name: Install AWS CDK
run: npm install -g aws-cdk@2.149.0

- name: Assume IAM Role for Beta
uses: aws-actions/configure-aws-credentials@v4.0.2
with:
role-to-assume: ${{ secrets.CHANGESET_ROLE }}
aws-region: us-east-1

- name: Create Change Set for Beta
Copy link
Member

@gaiksaya gaiksaya Feb 11, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
- name: Create Change Set for Beta
- name: Create Change Set for ${{matrix.environment}}

id: cdk_diff
run: |
cdk acknowledge 30717
echo "diff_output<<EOF" >> $GITHUB_OUTPUT
echo "## CI-Config Stack Changeset" >> $GITHUB_OUTPUT
npm run cdk diff -- OpenSearch-CI-Config-${{ matrix.environment }} -c useSsl=true -c serverAccessType=prefixList -c restrictServerAccessTo=${{ secrets.PREFIX_LIST }} | sed -E 's/[0-9]{12}/[MASKED]/g' >> $GITHUB_OUTPUT

echo "" >> $GITHUB_OUTPUT
echo "## CI Stack ChangeSet ${{ matrix.environment }}" >> $GITHUB_OUTPUT
npm run cdk diff -- OpenSearch-CI-${{ matrix.environment }} -c useSsl=true -c authType=github -c dataRetention=true -c macAgent=true -c useProdAgents=true -c enableViews=true -c ignoreResourcesFailures=false -c serverAccessType=prefixList -c restrictServerAccessTo=${{secrets.PREFIX_LIST}} | sed -E 's/[0-9]{12}/[MASKED]/g' >> $GITHUB_OUTPUT
Comment on lines +48 to +53
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Lets not use context variables. Maybe create a new PR with properties set as desired?
Lets get that PR in first which will simply the deployment and diff commands significantly.


echo "EOF" >> $GITHUB_OUTPUT


- name: Update PR with ChangeSet
uses: actions/github-script@v7
env:
AWS_ID: ${{ secrets.ACCOUNT_ID }}
DIFF_OUTPUT: ${{ steps.cdk_diff.outputs.diff_output }}
with:
github-token: ${{ secrets.GH_TOKEN }}
script: |
const maskedOutput = process.env.DIFF_OUTPUT.replace(/\b\d{12}\b/g, '[MASKED]');
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: `<details>\n<summary>Stack Changeset Details ${{ matrix.environment }} </summary>\n\n\`\`\`\n${maskedOutput}\n\`\`\`\n</details>`
})
52 changes: 52 additions & 0 deletions .github/workflows/deploy.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
name: Deployment Workflow

on:
push:
branches:
- main

jobs:
deployment:
name: Deploy Environment
strategy:
fail-fast: true
matrix:
environment: [ Beta, Prod ]
environment: ${{ matrix.environment }}
permissions:
id-token: write
contents: read
runs-on: ubuntu-latest
continue-on-error: false
steps:
- name: Checkout repository
uses: actions/checkout@v3

- name: Assume IAM Role
uses: aws-actions/configure-aws-credentials@v4.0.2
with:
role-to-assume: ${{ secrets.DEPLOYMENT_ROLE }}
aws-region: us-east-1

- name: Setup Node.js and AWS CDK
uses: actions/setup-node@v4
with:
node-version: 18.x

- name: Install dependencies and build project
run: |
npm install
npm run build

- name: Install AWS CDK
run: |
npm install -g aws-cdk@2.149.0
cdk acknowledge 30717

- name: Deploy CI-Config Stack
run: |
npm run cdk deploy -- OpenSearch-CI-Config-${{ matrix.environment }} -c useSsl=true -c serverAccessType=prefixList -c restrictServerAccessTo=${{secrets.PREFIX_LIST}} 2>&1 | tee deployment_logs.txt | sed -E 's/[0-9]{12}/[MASKED]/g' | grep "Deployment failed:" && exit 1

- name: Deploy CI Stack
run: |
npm run cdk deploy -- OpenSearch-CI-${{ matrix.environment }} -c useSsl=true -c authType=oidc -c dataRetention=true -c macAgent=true -c useProdAgents=true -c enableViews=true -c ignoreResourcesFailures=false -c serverAccessType=prefixList -c restrictServerAccessTo=${{secrets.PREFIX_LIST}} --require-approval never 2>&1 | tee deployment_logs.txt | sed -E 's/[0-9]{12}/[MASKED]/g' | grep "Deployment failed:" && exit 1
Loading