Skip to content

Commit

Permalink
I'm going to say we probably don't need products in the management ac…
Browse files Browse the repository at this point in the history 
…count so let's consolidate
  • Loading branch information
@tmclaugh
tmclaugh committed Sep 1, 2024
1 parent 328d8d3 commit c3b2663
Show file tree
Hide file tree
Showing 3 changed files with 26 additions and 206 deletions.
130 changes: 2 additions & 128 deletions .github/workflows/main.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -77,17 +77,6 @@ jobs:
--region us-east-1 \
--output-template-file packaged-template.yaml
- name: Upload SAM artifact
id: upload-sam-stackset-template
shell: bash
run: |
sam package \
--template delegate-template.yaml \
--s3-bucket aws-sam-cli-sourcebucket-346402060170-us-east-1 \
--s3-prefix ${{ env.GITHUB_REPOSITORY_OWNER_PART_SLUG_URL }}/${{ env.GITHUB_REPOSITORY_NAME_PART_SLUG_URL }}/${{ env.GITHUB_REF_SLUG_URL }} \
--region us-east-1 \
--output-template-file packaged-delegate-template.yaml
- name: 'Upload pipeline artifact'
id: upload-artifact
uses: actions/upload-artifact@v4
Expand All @@ -102,122 +91,7 @@ jobs:
if-no-files-found: error
retention-days: 30

deploy_management:
if: false
needs:
- build
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read

steps:
- name: Set extra GitHub environment variables
id: github-env-vars
uses: rlespinasse/github-slug-action@v4

- name: Download artifact
id: download-artifact
uses: actions/download-artifact@v4
with:
name: ${{ env.GITHUB_REPOSITORY_SLUG }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ github.run_number }}-${{ github.sha }}

- name: Setup Python
id: install-python
uses: actions/setup-python@v3
with:
python-version: 3.12
cache: pipenv

- name: Install pipenv
id: install-pipenv
shell: bash
run: python -m pip install --upgrade pipenv


- name: Install dependencies
id: install-python-deps
shell: bash
run: pipenv install --dev

- name: Assume build account AWS credentials
id: build-account-credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws:iam::346402060170:role/GitHubActionsBuildRole
role-session-name: ${{ env.GITHUB_REPOSITORY_NAME_PART_SLUG_URL }}-${{ github.run_number }}-${{ github.job }}
role-duration-seconds: 3600 # 60 minutes; needs to be less than our current max duration
aws-region: us-east-1

- name: Assume deploy account AWS credentials
id: deploy-account-credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws:iam::349603509961:role/GitHubActionsCfnDeployRole
role-session-name: ${{ env.GITHUB_REPOSITORY_NAME_PART_SLUG_URL }}-${{ github.run_number }}-${{ github.job }}
role-duration-seconds: 3600 # 60 minutes; needs to be less than our current max duration
aws-region: us-east-1
role-chaining: true

- name: Install AWS SAM
uses: aws-actions/setup-sam@v2

- name: Process AWS Tags
id: processaws-tags
shell: bash
run: >-
AWS_CFN_TAGS=$(
cat cfn-tags.json |
jq -r '
to_entries |
map("\(.key)=\(.value|tostring)") |
. += [
"org:branch=${{ env.GITHUB_EVENT_REF_SLUG_URL }}",
"org:stackName=${{ env.GITHUB_REPOSITORY_NAME_PART_SLUG_URL }}-${{ env.GITHUB_EVENT_REF_SLUG_URL }}"
] |
join(" ")
'
) &&
echo "AWS_CFN_TAGS=--tags ${AWS_CFN_TAGS}">> $GITHUB_ENV
- name: Process AWS Cloudformation Parameters
id: process-aws-parameters
shell: bash
env:
GHA_SECRETS: ${{ tojson(secrets) }}
GHA_ENV: ${{ toJson(env) }}
run: >-
AWS_CFN_PARAMS=$(
jq \
-n \
--argjson secrets "$GHA_SECRETS" \
--argjson env "$GHA_ENV" \
-f cfn-parameters.json |
jq \
-r '
to_entries |
map("\(.key)=\(.value|tostring)") |
join(" ")
'
) &&
echo "AWS_CFN_PARAMS=--parameter-overrides ${AWS_CFN_PARAMS}" >> $GITHUB_ENV
- name: Deploy via SAM
id: deploy-sam
shell: bash
run: |
sam deploy \
--template-file packaged-template.yaml \
--stack-name ${{ env.GITHUB_REPOSITORY_NAME_PART_SLUG_URL }}-${{ env.GITHUB_EVENT_REF_SLUG_URL }} \
--s3-bucket aws-sam-cli-sourcebucket-346402060170-us-east-1 \
--s3-prefix ${{ env.GITHUB_REPOSITORY_OWNER_PART_SLUG_URL }}/${{ env.GITHUB_REPOSITORY_NAME_PART_SLUG_URL }}/${{ env.GITHUB_REF_SLUG_URL }} \
--region us-east-1 \
--role-arn arn:aws:iam::349603509961:role/CfnExecIamRole \
--on-failure DELETE \
$AWS_CFN_PARAMS \
$AWS_CFN_TAGS
deploy_stackset:
deploy:
needs:
- build
runs-on: ubuntu-latest
Expand Down Expand Up @@ -326,7 +200,7 @@ jobs:
shell: bash
run: |
sam deploy \
--template-file packaged-delegate-template.yaml \
--template-file packaged-template.yaml \
--stack-name ${{ env.GITHUB_REPOSITORY_NAME_PART_SLUG_URL }}-${{ env.GITHUB_EVENT_REF_SLUG_URL }} \
--s3-bucket aws-sam-cli-sourcebucket-346402060170-us-east-1 \
--s3-prefix ${{ env.GITHUB_REPOSITORY_OWNER_PART_SLUG_URL }}/${{ env.GITHUB_REPOSITORY_NAME_PART_SLUG_URL }}/${{ env.GITHUB_REF_SLUG_URL }} \
Expand Down
73 changes: 0 additions & 73 deletions delegate-template.yaml
View file

This file was deleted.

29 changes: 24 additions & 5 deletions template.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,10 +45,29 @@ Resources:
"aws:PrincipalOrgID":
- !Ref AwsOrganizationId

OrgProductsManagementStack:
Type: AWS::Serverless::Application
OrgProductsStackSet:
Type: AWS::CloudFormation::StackSet
Properties:
Location: "./products/products.yaml"
StackSetName: OrgProducts
Description: Organization products
CallAs: DELEGATED_ADMIN
Parameters:
CfnTemplateBucket: !Ref CfnTemplateBucket
GitHubSha: !Ref GitHubSha
- ParameterKey: CfnTemplateBucket
ParameterValue: !Ref CfnTemplateBucket
- ParameterKey: GitHubSha
ParameterValue: !Ref GitHubSha
StackInstancesGroup:
- DeploymentTargets:
OrganizationalUnitIds: !Ref TargetOuIds
Regions: !Ref TargetRegions
AutoDeployment:
Enabled: true
RetainStacksOnAccountRemoval: false
ManagedExecution:
Active: true
OperationPreferences:
RegionConcurrencyType: PARALLEL
FailureToleranceCount: 1
MaxConcurrentCount: 5
PermissionModel: SERVICE_MANAGED
TemplateBody: *template_body

0 comments on commit c3b2663

Please sign in to comment.