Add Route53 zone product #46
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Main | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: | |
| - 'main' | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write | |
| contents: read | |
| steps: | |
| - name: Setup job workspace | |
| uses: ServerlessOpsIO/gha-setup-workspace@v1 | |
| - name: Setup Python environment | |
| uses: ServerlessOpsIO/gha-setup-python@v1 | |
| with: | |
| python_version: 3.12 | |
| - name: Assume AWS Credentials | |
| uses: ServerlessOpsIO/gha-assume-aws-credentials@v1 | |
| with: | |
| build_aws_account_id: ${{ secrets.AWS_CICD_ACCOUNT_ID }} | |
| - name: Install AWS SAM | |
| uses: aws-actions/setup-sam@v2 | |
| # FIXME: We're only validating the top-level template and not the rest. | |
| - name: Validate artifact | |
| run: sam validate --lint | |
| - name: Synethsize template with StackSet | |
| run: | | |
| for _f in $(find . -type f \( -name 'template.yaml' -o -name '*-template.yaml' \) -maxdepth 1); do | |
| _dir="$(dirname $_f)/" \ | |
| yq \ | |
| -i \ | |
| '(.. | select(has("localTemplateFile")) | .localTemplateFile) |= load_str(strenv(_dir) + .)' \ | |
| $_f; | |
| done | |
| - name: Store Artifacts | |
| uses: ServerlessOpsIO/gha-store-artifacts@v1 | |
| with: | |
| use_aws_sam: true | |
| deploy: | |
| needs: | |
| - build | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write | |
| contents: read | |
| steps: | |
| - name: Setup job workspace | |
| uses: ServerlessOpsIO/gha-setup-workspace@v1 | |
| with: | |
| checkout_artifact: true | |
| - name: Setup Python environment | |
| uses: ServerlessOpsIO/gha-setup-python@v1 | |
| with: | |
| python_version: 3.12 | |
| - name: Assume AWS Credentials | |
| uses: ServerlessOpsIO/gha-assume-aws-credentials@v1 | |
| with: | |
| build_aws_account_id: ${{ secrets.AWS_CICD_ACCOUNT_ID }} | |
| deploy_aws_account_id: ${{ secrets.AWS_STACKSETS_ACCOUNT_ID }} | |
| - name: Sync product templates to S3 | |
| id: sync-templates | |
| shell: bash | |
| env: | |
| AWS_ACCOUNT_ID: ${{ secrets.AWS_STACKSETS_ACCOUNT_ID }} | |
| STACKSET_S3_BUCKET_NAME_PREFIX: ${{ secrets.STACKSET_S3_BUCKET_NAME_PREFIX }} | |
| run: aws s3 sync products/ s3://${STACKSET_S3_BUCKET_NAME_PREFIX}-${AWS_ACCOUNT_ID}-${AWS_REGION}/${GITHUB_SHA}/ | |
| - name: Deploy via AWS SAM | |
| uses: ServerlessOpsIO/gha-deploy-aws-sam@v1 | |
| with: | |
| aws_account_id: ${{ secrets.AWS_STACKSETS_ACCOUNT_ID }} | |
| # NOTE: We have CAPABILITY_AUTO_EXPAND because of any future products that require | |
| # the Serverless transform or any other CFN transform. | |
| cfn_capabilities: CAPABILITY_NAMED_IAM,CAPABILITY_AUTO_EXPAND | |
| env_json: ${{ toJson(env) }} | |
| secrets_json: ${{ toJson(secrets) }} |