Add Deployment workflows #2
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Create Change Set | |
| on: | |
| pull_request: | |
| types: [opened, synchronize] | |
| branches: | |
| - main | |
| jobs: | |
| create-change-sets: | |
| name: Create Change Sets | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| environment: [Beta, Prod] | |
| environment: ${{ matrix.environment }} | |
| permissions: | |
| id-token: write | |
| contents: read | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v3 | |
| - name: Setup Node.js and AWS CDK | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 18.x | |
| - name: Install dependencies and build project | |
| run: | | |
| npm install | |
| npm run build | |
| - name: Install AWS CDK | |
| run: npm install -g [email protected] | |
| - name: Assume IAM Role for Beta | |
| uses: aws-actions/[email protected] | |
| with: | |
| role-to-assume: ${{ secrets.CHANGESET_ROLE }} | |
| aws-region: us-east-1 | |
| - name: Create Change Set for Beta | |
| id: cdk_diff | |
| run: | | |
| cdk acknowledge 30717 | |
| echo "diff_output<<EOF" >> $GITHUB_OUTPUT | |
| echo "## CI-Config Stack Changeset" >> $GITHUB_OUTPUT | |
| npm run cdk diff -- OpenSearch-CI-Config-${{ matrix.environment }} -c useSsl=true -c serverAccessType=prefixList -c restrictServerAccessTo=${{ secrets.PREFIX_LIST }} | sed -E 's/[0-9]{12}/[MASKED]/g' >> $GITHUB_OUTPUT | |
| echo "" >> $GITHUB_OUTPUT | |
| echo "## CI Stack ChangeSet ${{ matrix.environment }}" >> $GITHUB_OUTPUT | |
| npm run cdk diff -- OpenSearch-CI-${{ matrix.environment }} -c useSsl=true -c authType=github -c dataRetention=true -c macAgent=true -c useProdAgents=true -c enableViews=true -c ignoreResourcesFailures=false -c serverAccessType=prefixList -c restrictServerAccessTo=${{secrets.PREFIX_LIST}} | sed -E 's/[0-9]{12}/[MASKED]/g' >> $GITHUB_OUTPUT | |
| echo "EOF" >> $GITHUB_OUTPUT | |
| - name: Update PR with ChangeSet | |
| uses: actions/github-script@v7 | |
| env: | |
| AWS_ID: ${{ secrets.ACCOUNT_ID }} | |
| DIFF_OUTPUT: ${{ steps.cdk_diff.outputs.diff_output }} | |
| with: | |
| github-token: ${{ secrets.GH_TOKEN }} | |
| script: | | |
| const maskedOutput = process.env.DIFF_OUTPUT.replace(/\b\d{12}\b/g, '[MASKED]'); | |
| github.rest.issues.createComment({ | |
| issue_number: context.issue.number, | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| body: `<details>\n<summary>Stack Changeset Details ${{ matrix.environment }} </summary>\n\n\`\`\`\n${maskedOutput}\n\`\`\`\n</details>` | |
| }) |