Untitled
unknown
plain_text
6 months ago
4.4 kB
3
Indexable
on:
workflow_call:
inputs:
aws-environment:
description: The AWS environment to synth for, one of [dev, staging, prod]
type: string
required: true
aws-account:
description: The AWS account to use while synthesizing stacks
type: string
required: true
aws-primary-region:
description: The primary AWS region to synthesize stacks for
type: string
required: true
aws-secondary-region:
description: The secondary AWS region to synthesize stacks for
type: string
required: true
working-dir:
description: The working directory for synth
type: string
required: false
default: infra/cdk
node-version:
description: Node Version
type: number
required: false
default: 18
python-version:
description: python version
type: string
required: false
default: '3.9'
jobs:
synth:
name: synth-${{ inputs.aws-environment }}
runs-on: ubuntu-latest
steps:
- name: checkout
uses: actions/checkout@v3
- name: Setup python
uses: principalglobalassetmanagement-emu/pgam-github-actions-shared/python/python-setup@master
with:
python-version: ${{ inputs.python-version }}
working-dir: ${{ inputs.working-dir }}
PFG_ARTIFACTORY_USERNAME: ${{ secrets.PFG_ARTIFACTORY_USERNAME }}
PFG_ARTIFACTORY_PASSWORD: ${{ secrets.PFG_ARTIFACTORY_PASSWORD }}
- uses: actions/setup-node@v3
with:
node-version: ${{ inputs.node-version }}
- name: Install CDK
run: sudo npm install -g aws-cdk
- name: Configure ${{ inputs.aws-environment }} Primary AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws:iam::${{ inputs.aws-account }}:role/${{ secrets.AWS_CI_BUILD_ROLE }}
aws-region: ${{ inputs.aws-primary-region }}
- name: CDK Synth ${{ inputs.aws-environment }} ${{ inputs.aws-primary-region }}
shell: bash
env:
AWS_ACCOUNT_ID: ${{ inputs.aws-account }}
AWS_PRIMARY_REGION: ${{ inputs.aws-primary-region }}
AWS_SECONDARY_REGION: ${{ inputs.aws-secondary-region }}
AWS_ENVIRONMENT: ${{ inputs.aws-environment }}
run: |
pip install -q --upgrade pip
cdk synth --output cdk.out/${{ inputs.aws-environment }}/${{ inputs.aws-primary-region }}
working-directory: ${{ inputs.working-dir }}
- name: Configure ${{ inputs.aws-environment }} Secondary AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws:iam::${{ inputs.aws-account }}:role/${{ secrets.AWS_CI_BUILD_ROLE }}
aws-region: ${{ inputs.aws-secondary-region }}
- name: CDK Synth ${{ inputs.aws-environment }} ${{ inputs.aws-secondary-region }}
shell: bash
env:
AWS_ACCOUNT_ID: ${{ inputs.aws-account }}
AWS_PRIMARY_REGION: ${{ inputs.aws-primary-region }}
AWS_SECONDARY_REGION: ${{ inputs.aws-secondary-region }}
AWS_ENVIRONMENT: ${{ inputs.aws-environment }}
run: |
pip install -q --upgrade pip
cdk synth --output cdk.out/${{ inputs.aws-environment }}/${{ inputs.aws-secondary-region }}
working-directory: ${{ inputs.working-dir }}
- name: Run CFN Lint
uses: principalfinancialgroup-emu/common-actions-prinam-cdk-lint@v2
with:
working-dir: ${{ inputs.working-dir }}
- name: Run CFN NAG
uses: principalfinancialgroup-emu/common-actions-prinam-cdk-nag@v1
with:
working-dir: ${{ inputs.working-dir }}
- name: Zip CDK Output
shell: bash
run: |
zip -r cdk-${{ inputs.aws-environment }}.zip ./cdk.out/${{ inputs.aws-environment }}
working-directory: ${{ inputs.working-dir }}
- name: Archive CDK Output
uses: actions/upload-artifact@v4
with:
name: cdk-${{ inputs.aws-environment }}-synth-output
path: ${{ inputs.working-dir }}/cdk-${{ inputs.aws-environment }}.zipEditor is loading...
Leave a Comment