This repository has been archived by the owner on Oct 3, 2024. It is now read-only.
Initial setup for repo #44
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Test AWS Init Package | |
on: | |
pull_request: | |
paths-ignore: | |
- "**.md" | |
- "**.jpg" | |
- "**.png" | |
- "**.gif" | |
- "**.svg" | |
- "adr/**" | |
- "docs/**" | |
- "CODEOWNERS" | |
workflow_dispatch: | |
inputs: | |
cluster_name_private: | |
type: string | |
default: "zarf-init-aws-private-test" | |
description: Name of the eks cluster for private ECR test | |
cluster_name_public: | |
type: string | |
default: "zarf-init-aws-public-test" | |
description: Name of the eks cluster for public ECR test | |
instance_type: | |
type: string | |
default: t3.medium | |
description: EC2 instance type to use for the EKS cluster nodes | |
permissions: | |
id-token: write | |
contents: read | |
# Abort prior jobs in the same workflow / PR | |
concurrency: | |
group: init-aws-${{ github.ref }} | |
cancel-in-progress: true | |
jobs: | |
# Build AWS init package and EKS package | |
build: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 | |
- name: Install latest version of Zarf | |
uses: defenseunicorns/setup-zarf@main | |
- name: Setup NodeJS | |
uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # v3.8.1 | |
with: | |
node-version: 18 | |
cache: "npm" | |
cache-dependency-path: "package-lock.json" | |
- name: Install Node dependencies | |
run: npm ci | |
- name: Setup Go | |
uses: defenseunicorns/zarf/.github/actions/golang@main | |
- name: Build ECR Pepr module | |
run: make build-module | |
- name: Build AWS init package | |
run: make aws-init-package | |
- name: Build EKS package | |
run: make eks-package | |
# Upload the contents of the build directory for later stages to use | |
- name: Upload build artifacts | |
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 | |
with: | |
name: build-artifacts | |
path: build/ | |
retention-days: 1 | |
# Deploy and test AWS init package with private ECR registry | |
validate-private-ecr: | |
runs-on: ubuntu-latest | |
needs: build | |
env: | |
CLUSTER_NAME: ${{ inputs.cluster_name_private || 'zarf-init-aws-private-test' }} | |
PULUMI_CONFIG_PASSPHRASE: "" | |
steps: | |
- name: Checkout | |
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 | |
- name: Download build artifacts | |
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 | |
with: | |
name: build-artifacts | |
path: build/ | |
- name: Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@8c3f20df09ac63af7b3ae3d7c91f105f857d8497 # v4.0.0 | |
with: | |
role-to-assume: ${{ secrets.AWS_NIGHTLY_ROLE }} | |
aws-region: us-east-1 | |
role-duration-seconds: 14400 | |
- name: Install latest version of Zarf | |
uses: defenseunicorns/setup-zarf@main | |
- name: Install Pulumi | |
run: curl -fsSL https://get.pulumi.com | sh | |
- name: Setup NodeJS | |
uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # v3.8.1 | |
with: | |
node-version: 18 | |
cache: "npm" | |
cache-dependency-path: "iam/package-lock.json" | |
- name: Install Node dependencies | |
working-directory: iam | |
run: npm ci | |
- name: Deploy EKS package | |
run: make deploy-eks-package CLUSTER_NAME="$CLUSTER_NAME" INSTANCE_TYPE=${{ inputs.instance_type }} | |
- name: Create IAM roles | |
run: make create-iam CLUSTER_NAME="$CLUSTER_NAME" | |
- name: Update Zarf config file with registry type and IAM role ARNs | |
run: make update-zarf-config REGISTRY_TYPE="private" | |
# This allows Zarf to use the zarf-config.toml config file | |
- name: Move Zarf init package to root of repository | |
run: mv build/zarf-init-amd64-*.tar.zst . | |
- name: Zarf init with private ECR registry | |
run: | | |
zarf init \ | |
--registry-url="$(aws sts get-caller-identity --query 'Account' --output text).dkr.ecr.us-east-1.amazonaws.com" \ | |
--registry-push-username="AWS" \ | |
--registry-push-password="$(aws ecr get-login-password --region us-east-1)" \ | |
--components="zarf-ecr-credential-helper" \ | |
--confirm | |
- name: Teardown the cluster | |
if: always() | |
run: make remove-eks-package | |
- name: Delete private ECR repositories | |
if: always() | |
run: | | |
repos=("defenseunicorns/pepr/controller" "defenseunicorns/zarf/agent" "defenseunicorns/zarf-init-aws/ecr-credential-helper") | |
for repo in "${repos[@]}" | |
do | |
aws ecr delete-repository --repository-name "${repo}" --force || true | |
done | |
- name: Delete IAM roles | |
if: always() | |
run: make delete-iam | |
- name: Save logs | |
if: always() | |
uses: defenseunicorns/zarf/.github/actions/save-logs@main | |
# TODO: add slack webhook URL secret | |
# - name: Send trigger to Slack on workflow failure | |
# if: failure() | |
# uses: defenseunicorns/zarf/.github/actions/slack@main | |
# with: | |
# slack-webhook-url: ${{ secrets.SLACK_WEBHOOK_URL }} | |
# Deploy and test AWS init package with public ECR registry | |
validate-public-ecr: | |
runs-on: ubuntu-latest | |
needs: build | |
env: | |
CLUSTER_NAME: ${{ inputs.cluster_name_public || 'zarf-init-aws-public-test' }} | |
PULUMI_CONFIG_PASSPHRASE: "" | |
steps: | |
- name: Checkout | |
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 | |
- name: Download build artifacts | |
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 | |
with: | |
name: build-artifacts | |
path: build/ | |
- name: Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@8c3f20df09ac63af7b3ae3d7c91f105f857d8497 # v4.0.0 | |
with: | |
role-to-assume: ${{ secrets.AWS_NIGHTLY_ROLE }} | |
aws-region: us-east-1 | |
role-duration-seconds: 14400 | |
- name: Install latest version of Zarf | |
uses: defenseunicorns/setup-zarf@main | |
- name: Install Pulumi | |
run: curl -fsSL https://get.pulumi.com | sh | |
- name: Setup NodeJS | |
uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # v3.8.1 | |
with: | |
node-version: 18 | |
cache: "npm" | |
cache-dependency-path: "iam/package-lock.json" | |
- name: Install Node dependencies | |
working-directory: iam | |
run: npm ci | |
- name: Deploy EKS package | |
run: make deploy-eks-package CLUSTER_NAME="$CLUSTER_NAME" INSTANCE_TYPE=${{ inputs.instance_type }} | |
- name: Create IAM roles | |
run: make create-iam CLUSTER_NAME="$CLUSTER_NAME" | |
- name: Update Zarf config file with registry type and IAM role ARNs | |
run: make update-zarf-config REGISTRY_TYPE="public" | |
# This allows Zarf to use the zarf-config.toml config file | |
- name: Move Zarf init package to root of repository | |
run: mv build/zarf-init-amd64-*.tar.zst . | |
- name: Zarf init with public ECR registry | |
run: | | |
zarf init \ | |
--registry-url="$(aws ecr-public describe-registries --query 'registries[0].registryUri' --output text --region us-east-1)" \ | |
--registry-push-username="AWS" \ | |
--registry-push-password="$(aws ecr-public get-login-password --region us-east-1)" \ | |
--components="zarf-ecr-credential-helper" \ | |
--confirm | |
- name: Teardown the cluster | |
if: always() | |
run: make remove-eks-package | |
- name: Delete public ECR repositories | |
if: always() | |
run: | | |
repos=("defenseunicorns/pepr/controller" "defenseunicorns/zarf/agent" "defenseunicorns/zarf-init-aws/ecr-credential-helper") | |
for repo in "${repos[@]}" | |
do | |
aws ecr-public delete-repository --repository-name "${repo}" --force || true | |
done | |
- name: Delete IAM roles | |
if: always() | |
run: make delete-iam | |
- name: Save logs | |
if: always() | |
uses: defenseunicorns/zarf/.github/actions/save-logs@main | |
# TODO: add slack webhook URL secret | |
# - name: Send trigger to Slack on workflow failure | |
# if: failure() | |
# uses: defenseunicorns/zarf/.github/actions/slack@main | |
# with: | |
# slack-webhook-url: ${{ secrets.SLACK_WEBHOOK_URL }} |