WIP github actions

.github/actions/deploy_to_aws/action.yml

@@ -16,12 +16,12 @@ inputs:
     required: true
   AWS_SECRET_ACCESS_KEY:
     required: true
-  # TODO move these to AWS secrets manager
-  ETHERSCAN_API_KEY:
+  ROUTE_53_DOMAIN:
     required: true
-  ALCHEMY_API_KEY:
+  SCROLL_SECRETS_ARN:
+    required: true
+  VC_SECRETS_ARN:
     required: true
-
 runs:
   using: composite
   steps:
@@ -35,7 +35,7 @@ runs:
     - uses: pulumi/actions@v3
       id: pulumi
       with:
-        command: up
+        command: preview
         stack-name: ${{ inputs.stack_name }}
         upsert: false
         work-dir: infra/aws
@@ -45,3 +45,6 @@ runs:
         AWS_SECRET_ACCESS_KEY: ${{ inputs.AWS_SECRET_ACCESS_KEY }}
         AWS_DEFAULT_REGION: ${{ inputs.aws_region }}
         SCROLL_BADGE_SERVICE_IMAGE_TAG: ${{ inputs.docker_tag }}
+        ROUTE_53_DOMAIN: ${{ inputs.ROUTE_53_DOMAIN }}
+        SCROLL_SECRETS_ARN: ${{ inputs.SCROLL_SECRETS_ARN }}
+        VC_SECRETS_ARN: ${{ inputs.VC_SECRETS_ARN }}

.github/workflows/release_and_deploy_generic.yml

@@ -1,4 +1,3 @@
-
 name: Library - Release and Deploy
 
 on:
@@ -100,7 +99,7 @@ jobs:
 
   docker:
     name: Docker
-    needs: [ref,test_and_draft_release]
+    needs: [ref, test_and_draft_release]
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
@@ -155,7 +154,7 @@ jobs:
 
   deploy_backends:
     name: Deploying AWS Infra
-    needs: [ref,docker]
+    needs: [ref, docker]
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
@@ -185,7 +184,9 @@ jobs:
           AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID_STAGING }}
           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY_STAGING }}
           PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
-          ROUTE53_ZONE_ID: ${{ secrets.ROUTE53_ZONE_ID_STAGING }}
+          ROUTE_53_DOMAIN: ${{ secrets.ROUTE_53_DOMAIN_STAGING }}
+          SCROLL_SECRETS_ARN: ${{ secrets.SCROLL_SECRETS_ARN_STAGING }}
+          VC_SECRETS_ARN: ${{ secrets.VC_SECRETS_ARN_STAGING }}
       - name: Deploy Production
         uses: ./.github/actions/deploy_to_aws
         if: ${{ inputs.deploy_production }}
@@ -196,7 +197,9 @@ jobs:
           AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID_PRODUCTION }}
           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY_PRODUCTION }}
           PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
-          ROUTE53_ZONE_ID: ${{ secrets.ROUTE53_ZONE_ID_PRODUCTION }}
+          ROUTE_53_DOMAIN: ${{ secrets.ROUTE_53_DOMAIN_PRODUCTION }}
+          SCROLL_SECRETS_ARN: ${{ secrets.SCROLL_SECRETS_ARN_PRODUCTION }}
+          VC_SECRETS_ARN: ${{ secrets.VC_SECRETS_ARN_PRODUCTION }}
   release:
     needs: [deploy_backends, test_and_draft_release, ref]
     if: ${{ inputs.create_release }}

infra/aws/index.ts

@@ -3,10 +3,10 @@ import * as aws from "@pulumi/aws";
 
 import { getIamSecrets } from "./secrets";
 
-const SCROLL_SECRETS_ARN = `${process.env["SCROLL_SECRETS_ARN"]}`;
-const VC_SECRETS_ARN = `${process.env["VC_SECRETS_ARN"]}`;
+export const SCROLL_SECRETS_ARN = `${process.env["SCROLL_SECRETS_ARN"]}`;
+export const VC_SECRETS_ARN = `${process.env["VC_SECRETS_ARN"]}`;
 
-const ROUTE53_DOMAIN = `${process.env["ROUTE_53_DOMAIN"]}`;
+export const ROUTE53_DOMAIN = `${process.env["ROUTE_53_DOMAIN"]}`;
 
 export const dockerScrollServiceImage = `${
   process.env.SCROLL_BADGE_SERVICE_IMAGE_TAG || ""