-
Notifications
You must be signed in to change notification settings - Fork 5
161 lines (149 loc) · 5.17 KB
/
synth.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
name: Synth NineChronicles.IAP CDK Stack
# environment secrets cannot be inherited from caller workflow to reusable workflow.
# I think this is HORRIBLE design
# https://github.com/actions/runner/issues/1490
on:
workflow_call:
inputs:
environment:
required: true
type: string
secrets:
ACCOUNT_ID:
required: true
AWS_ACCESS_KEY_ID:
required: true
AWS_SECRET_ACCESS_KEY:
required: true
KMS_KEY_ID:
required: true
ADHOC_KMS_KEY_ID:
required: true
GOOGLE_CREDENTIAL:
required: true
APPLE_CREDENTIAL:
required: true
APPLE_KEY_ID:
required: true
APPLE_ISSUER_ID:
required: true
SLACK_WEBHOOK_URL:
required: true
IAP_GARAGE_WEBHOOK_URL:
required: true
IAP_ALERT_WEBHOOK_URL:
required: true
GOLDEN_DUST_REQUEST_SHEET_ID:
required: true
GOLDEN_DUST_WORK_SHEET_ID:
required: true
SEASON_PASS_JWT_SECRET:
required: true
VOUCHER_URL:
required: true
VOUCHER_JWT_SECRET:
required: true
BRIDGE_DATA:
required: true
REFUND_SHEET_ID:
required: true
HEADLESS_GQL_JWT_SECRET:
required: true
jobs:
synth:
runs-on: ubuntu-latest
environment: ${{ inputs.environment }}
outputs:
url: ${{ steps.deployment.outputs.SERVICE_HOST }}
steps:
- uses: actions/checkout@v3
- name: Setup Python
uses: actions/setup-python@v4
with:
python-version: "3.10"
- name: Setup Node.JS
uses: actions/setup-node@v3
with:
node-version: 18
- name: Install Poetry
uses: snok/install-poetry@v1
with:
version: 1.8.4
virtualenvs-in-project: true
- name: Cache Poetry
id: cache-poetry
uses: actions/cache@v3
with:
path: .venv
key: poetry-${{ runner.os }}-${{ hashFiles('poetry.lock') }}
- name: Cache node_modules
id: cache-node
uses: actions/cache@v3
with:
path: iap/frontend/node_modules
key: poetry-${{ runner.os }}-${{ hashFiles('iap/frontend/yarn.lock') }}
- name: Install dependencies
run: |
poetry install
pushd iap/frontend
yarn install
popd
yarn add aws-cdk
- name: Build IAP Layer
run: |
pushd iap
poetry export --with=iap --without-hashes -o requirements.txt
pip install -r requirements.txt -t layer/python/lib/python3.10/site-packages/
pip install --platform manylinux2014_x86_64 --only-binary=:all: cryptography -t layer/python/lib/python3.10/site-packages/ --upgrade
popd
- name: Build Worker Layer
run: |
pushd worker
poetry export --with=worker --without-hashes -o requirements.txt
pip install -r requirements.txt -t layer/python/lib/python3.10/site-packages/
popd
- name: Synth stack
env:
STAGE: ${{ github.ref == 'refs/heads/preview' && 'preview' || vars.STAGE }}
REGION_NAME: ${{ vars.REGION_NAME }}
ACCOUNT_ID: ${{ secrets.ACCOUNT_ID }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
HEADLESS: ${{ vars.HEADLESS }}
ODIN_GQL_URL: ${{ vars.ODIN_GQL_URL }}
HEIMDALL_GQL_URL: ${{ vars.HEIMDALL_GQL_URL }}
THOR_GQL_URL: ${{ vars.THOR_GQL_URL }}
KMS_KEY_ID: ${{ secrets.KMS_KEY_ID }}
ADHOC_KMS_KEY_ID: ${{ secrets.ADHOC_KMS_KEY_ID }}
GOOGLE_CREDENTIAL: ${{ secrets.GOOGLE_CREDENTIAL }}
GOOGLE_PACKAGE_NAME: ${{ vars.GOOGLE_PACKAGE_NAME }}
APPLE_BUNDLE_ID: ${{ vars.APPLE_BUNDLE_ID }}
APPLE_VALIDATION_URL: ${{ vars.APPLE_VALIDATION_URL }}
APPLE_CREDENTIAL: ${{ secrets.APPLE_CREDENTIAL }}
APPLE_KEY_ID: ${{ secrets.APPLE_KEY_ID }}
APPLE_ISSUER_ID: ${{ secrets.APPLE_ISSUER_ID }}
IAP_GARAGE_WEBHOOK_URL: ${{ secrets.IAP_GARAGE_WEBHOOK_URL }}
IAP_ALERT_WEBHOOK_URL: ${{ secrets.IAP_ALERT_WEBHOOK_URL }}
GOLDEN_DUST_REQUEST_SHEET_ID: ${{ secrets.GOLDEN_DUST_REQUEST_SHEET_ID }}
GOLDEN_DUST_WORK_SHEET_ID: ${{ secrets.GOLDEN_DUST_WORK_SHEET_ID }}
FORM_SHEET: ${{ vars.FORM_SHEET }}
CDN_HOST: ${{ vars.CDN_HOST }}
CDN_HOST_K: ${{ vars.CDN_HOST_K }}
PLANET_URL: ${{ vars.PLANET_URL }}
SEASON_PASS_JWT_SECRET: ${{ secrets.SEASON_PASS_JWT_SECRET }}
VOUCHER_URL: ${{ secrets.VOUCHER_URL }}
VOUCHER_JWT_SECRET: ${{ secrets.VOUCHER_JWT_SECRET }}
BRIDGE_DATA: ${{ secrets.BRIDGE_DATA }}
REFUND_SHEET_ID : ${{ secrets.REFUND_SHEET_ID }}
HEADLESS_GQL_JWT_SECRET: ${{ secrets.HEADLESS_GQL_JWT_SECRET }}
run: |
source $VENV
yarn cdk synth
slack_notification:
uses: ./.github/workflows/slack_message.yml
needs: synth
if: ${{ failure() }}
with:
environment: ${{ inputs.environment }}
secrets:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}