From 1b40afc054cbd0a794681571540f6d60e7d6d7ba Mon Sep 17 00:00:00 2001 From: Garrett Beatty Date: Wed, 19 Mar 2025 12:55:14 -0400 Subject: [PATCH 1/4] automatically update bootstrap generate change file use v8 use release workflow secret remove whitespace from bottom use version to detect changes fix warning point to specific tag use cli for creating PR pin more versions --- .../DetectCDKBootstrapVersionChanges.yml | 118 +++++++++++++----- .../CDK/CDKBootstrapTemplate.yaml | 3 +- 2 files changed, 89 insertions(+), 32 deletions(-) diff --git a/.github/workflows/DetectCDKBootstrapVersionChanges.yml b/.github/workflows/DetectCDKBootstrapVersionChanges.yml index 6cf5e123..d6e950a8 100644 --- a/.github/workflows/DetectCDKBootstrapVersionChanges.yml +++ b/.github/workflows/DetectCDKBootstrapVersionChanges.yml @@ -1,49 +1,107 @@ name: Detect CDK Bootstrap Version Changes -on: [pull_request] +on: + schedule: + # Runs at 00:00 UTC every Monday + - cron: '0 0 * * 1' + workflow_dispatch: + +permissions: + contents: write + pull-requests: write + id-token: write jobs: detect-cdk-bootstrap-changes: runs-on: ubuntu-latest steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2 + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 + with: + role-to-assume: ${{ secrets.RELEASE_WORKFLOW_ACCESS_TOKEN_ROLE_ARN }} + aws-region: us-west-2 + + - name: Retrieve secret from AWS Secrets Manager + uses: aws-actions/aws-secretsmanager-get-secrets@fbd65ea98e018858715f591f03b251f02b2316cb + with: + secret-ids: | + AWS_SECRET, ${{ secrets.RELEASE_WORKFLOW_ACCESS_TOKEN_NAME }} + parse-json-secrets: true + + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 with: fetch-depth: '0' + ref: dev + token: ${{ env.AWS_SECRET_TOKEN }} + + - name: Setup .NET + uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 + with: + dotnet-version: '8.0.x' + - name: Install AWS CDK run: | npm install -g aws-cdk - cdk acknowledge 32775 - - name: Get Staging Bucket Update/Replace Policy - id: stagingBucketUpdateReplacePolicy - run: | - echo "update-replace-policy=$(yq '.Resources.StagingBucket.UpdateReplacePolicy' 'src/AWS.Deploy.Orchestration/CDK/CDKBootstrapTemplate.yaml')" >> $GITHUB_OUTPUT - - name: Get Staging Bucket Deletion Policy - id: stagingBucketDeletionPolicy + + - name: Create temporary directory + run: mkdir -p temp_cdk + + - name: Save New CDK Bootstrap Template + working-directory: temp_cdk run: | - echo "deletion-policy=$(yq '.Resources.StagingBucket.DeletionPolicy' 'src/AWS.Deploy.Orchestration/CDK/CDKBootstrapTemplate.yaml')" >> $GITHUB_OUTPUT - - name: Fail If Update/Replace Policy Not 'Delete' - if: steps.stagingBucketUpdateReplacePolicy.outputs.update-replace-policy != 'Delete' + cdk acknowledge 32775 + cdk bootstrap --show-template > newTemplate.yml + + - name: Update Template with Required Policies + working-directory: temp_cdk run: | - echo "The 'UpdateReplacePolicy' of the 'StaginBucket' in the CDK bootstrap template should be 'Delete'." - exit 1 - - name: Fail If Deletion Policy Not 'Delete' - if: steps.stagingBucketDeletionPolicy.outputs.deletion-policy != 'Delete' + yq eval '.Resources.StagingBucket.UpdateReplacePolicy = "Delete"' -i newTemplate.yml + yq eval '.Resources.StagingBucket.DeletionPolicy = "Delete"' -i newTemplate.yml + + - name: Check for version changes + id: check_version run: | - echo "The 'DeletionPolicy' of the 'StaginBucket' in the CDK bootstrap template should be 'Delete'." - exit 1 - - name: Save New CDK Bootstrap Template + OLD_VERSION=$(yq eval '.Resources.CdkBootstrapVersion.Properties.Value' src/AWS.Deploy.Orchestration/CDK/CDKBootstrapTemplate.yaml) + NEW_VERSION=$(yq eval '.Resources.CdkBootstrapVersion.Properties.Value' temp_cdk/newTemplate.yml) + + if [ "$OLD_VERSION" != "$NEW_VERSION" ]; then + echo "Version changed from $OLD_VERSION to $NEW_VERSION" + echo "version_changed=true" >> $GITHUB_OUTPUT + echo "new_version=$NEW_VERSION" >> $GITHUB_OUTPUT + else + echo "No version change detected" + echo "version_changed=false" >> $GITHUB_OUTPUT + fi + + - name: Update CDK Bootstrap Template + if: steps.check_version.outputs.version_changed == 'true' run: | - cdk bootstrap --show-template > newTemplate.yml - - name: Get Latest CDK Bootstrap Version - id: latestBootstrapVersion + cp temp_cdk/newTemplate.yml src/AWS.Deploy.Orchestration/CDK/CDKBootstrapTemplate.yaml + + - name: Generate change file + if: steps.check_version.outputs.version_changed == 'true' + env: + NEW_VERSION: ${{ steps.check_version.outputs.new_version }} run: | - echo "latest-version=$(yq '.Resources.CdkBootstrapVersion.Properties.Value' 'newTemplate.yml')" >> $GITHUB_OUTPUT - - name: Get Current CDK Bootstrap Version - id: currentBootstrapVersion + dotnet tool install -g autover --version 0.0.22 + autover change --project-name "AWS.Deploy.CLI" -m "Update CDK Bootstrap template to version $NEW_VERSION" + + - name: Setup Git User run: | - echo "current-version=$(yq '.Resources.CdkBootstrapVersion.Properties.Value' 'src/AWS.Deploy.Orchestration/CDK/CDKBootstrapTemplate.yaml')" >> $GITHUB_OUTPUT - - name: Fail If CDK Bootstrap Template Changes Detected - if: steps.currentBootstrapVersion.outputs.current-version != steps.latestBootstrapVersion.outputs.latest-version + git config --global user.email "github-aws-sdk-dotnet-automation@amazon.com" + git config --global user.name "aws-sdk-dotnet-automation" + + - name: Create Pull Request + if: steps.check_version.outputs.version_changed == 'true' + env: + GITHUB_TOKEN: ${{ env.AWS_SECRET_TOKEN }} run: | - echo "A new version of the AWS CDK Bootstrap Template is available. The current template that is being used by the Deploy tool needs to be updated." - exit 1 + git checkout -b update-cdk-bootstrap-template + git add src/AWS.Deploy.Orchestration/CDK/CDKBootstrapTemplate.yaml .autover/ + git commit -m "chore: update CDK bootstrap template to version ${{ steps.check_version.outputs.new_version }}" + git push origin update-cdk-bootstrap-template + gh pr create \ + --title "Update CDK Bootstrap Template to Version ${{ steps.check_version.outputs.new_version }}" \ + --base dev \ + --head update-cdk-bootstrap-template \ + --delete-branch \ No newline at end of file diff --git a/src/AWS.Deploy.Orchestration/CDK/CDKBootstrapTemplate.yaml b/src/AWS.Deploy.Orchestration/CDK/CDKBootstrapTemplate.yaml index 88e1fc81..2cb21c9a 100644 --- a/src/AWS.Deploy.Orchestration/CDK/CDKBootstrapTemplate.yaml +++ b/src/AWS.Deploy.Orchestration/CDK/CDKBootstrapTemplate.yaml @@ -658,5 +658,4 @@ Outputs: Value: Fn::GetAtt: - CdkBootstrapVersion - - Value - + - Value \ No newline at end of file From 81b591908e0ba4f191cf3604bfea761ee399010f Mon Sep 17 00:00:00 2001 From: GarrettBeatty Date: Fri, 2 May 2025 14:30:16 -0400 Subject: [PATCH 2/4] Add comments --- .github/workflows/DetectCDKBootstrapVersionChanges.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/DetectCDKBootstrapVersionChanges.yml b/.github/workflows/DetectCDKBootstrapVersionChanges.yml index d6e950a8..a2646c8d 100644 --- a/.github/workflows/DetectCDKBootstrapVersionChanges.yml +++ b/.github/workflows/DetectCDKBootstrapVersionChanges.yml @@ -16,26 +16,26 @@ jobs: runs-on: ubuntu-latest steps: - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 + uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 #v4.1.0 with: role-to-assume: ${{ secrets.RELEASE_WORKFLOW_ACCESS_TOKEN_ROLE_ARN }} aws-region: us-west-2 - name: Retrieve secret from AWS Secrets Manager - uses: aws-actions/aws-secretsmanager-get-secrets@fbd65ea98e018858715f591f03b251f02b2316cb + uses: aws-actions/aws-secretsmanager-get-secrets@fbd65ea98e018858715f591f03b251f02b2316cb #v2.0.8 with: secret-ids: | AWS_SECRET, ${{ secrets.RELEASE_WORKFLOW_ACCESS_TOKEN_NAME }} parse-json-secrets: true - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2 with: fetch-depth: '0' ref: dev token: ${{ env.AWS_SECRET_TOKEN }} - name: Setup .NET - uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 + uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 #v4.3.1 with: dotnet-version: '8.0.x' @@ -83,7 +83,7 @@ jobs: env: NEW_VERSION: ${{ steps.check_version.outputs.new_version }} run: | - dotnet tool install -g autover --version 0.0.22 + dotnet tool install -g autover --version 0.0.25 autover change --project-name "AWS.Deploy.CLI" -m "Update CDK Bootstrap template to version $NEW_VERSION" - name: Setup Git User From 82373be4d2faef5b10529d8a61ad8e9d6347cf21 Mon Sep 17 00:00:00 2001 From: GarrettBeatty Date: Tue, 6 May 2025 16:24:00 -0400 Subject: [PATCH 3/4] use new workflow --- .github/workflows/AutoUpdateBootstrap.yml | 107 ++++++++++++++++ .../DetectCDKBootstrapVersionChanges.yml | 116 +++++------------- 2 files changed, 136 insertions(+), 87 deletions(-) create mode 100644 .github/workflows/AutoUpdateBootstrap.yml diff --git a/.github/workflows/AutoUpdateBootstrap.yml b/.github/workflows/AutoUpdateBootstrap.yml new file mode 100644 index 00000000..390efc79 --- /dev/null +++ b/.github/workflows/AutoUpdateBootstrap.yml @@ -0,0 +1,107 @@ +name: Auto update Bootstrap Version Changes + +on: + schedule: + # Runs at 00:00 UTC every Monday + - cron: '0 0 * * 1' + workflow_dispatch: + +permissions: + contents: write + pull-requests: write + id-token: write + +jobs: + detect-cdk-bootstrap-changes: + runs-on: ubuntu-latest + steps: + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 #v4.1.0 + with: + role-to-assume: ${{ secrets.RELEASE_WORKFLOW_ACCESS_TOKEN_ROLE_ARN }} + aws-region: us-west-2 + + - name: Retrieve secret from AWS Secrets Manager + uses: aws-actions/aws-secretsmanager-get-secrets@fbd65ea98e018858715f591f03b251f02b2316cb #v2.0.8 + with: + secret-ids: | + AWS_SECRET, ${{ secrets.RELEASE_WORKFLOW_ACCESS_TOKEN_NAME }} + parse-json-secrets: true + + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2 + with: + fetch-depth: '0' + ref: dev + token: ${{ env.AWS_SECRET_TOKEN }} + + - name: Setup .NET + uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 #v4.3.1 + with: + dotnet-version: '8.0.x' + + - name: Install AWS CDK + run: | + npm install -g aws-cdk + + - name: Create temporary directory + run: mkdir -p temp_cdk + + - name: Save New CDK Bootstrap Template + working-directory: temp_cdk + run: | + cdk acknowledge 32775 + cdk bootstrap --show-template > newTemplate.yml + + - name: Update Template with Required Policies + working-directory: temp_cdk + run: | + yq eval '.Resources.StagingBucket.UpdateReplacePolicy = "Delete"' -i newTemplate.yml + yq eval '.Resources.StagingBucket.DeletionPolicy = "Delete"' -i newTemplate.yml + + - name: Check for version changes + id: check_version + run: | + OLD_VERSION=$(yq eval '.Resources.CdkBootstrapVersion.Properties.Value' src/AWS.Deploy.Orchestration/CDK/CDKBootstrapTemplate.yaml) + NEW_VERSION=$(yq eval '.Resources.CdkBootstrapVersion.Properties.Value' temp_cdk/newTemplate.yml) + + if [ "$OLD_VERSION" != "$NEW_VERSION" ]; then + echo "Version changed from $OLD_VERSION to $NEW_VERSION" + echo "version_changed=true" >> $GITHUB_OUTPUT + echo "new_version=$NEW_VERSION" >> $GITHUB_OUTPUT + else + echo "No version change detected" + echo "version_changed=false" >> $GITHUB_OUTPUT + fi + + - name: Update CDK Bootstrap Template + if: steps.check_version.outputs.version_changed == 'true' + run: | + cp temp_cdk/newTemplate.yml src/AWS.Deploy.Orchestration/CDK/CDKBootstrapTemplate.yaml + + - name: Generate change file + if: steps.check_version.outputs.version_changed == 'true' + env: + NEW_VERSION: ${{ steps.check_version.outputs.new_version }} + run: | + dotnet tool install -g autover --version 0.0.25 + autover change --project-name "AWS.Deploy.CLI" -m "Update CDK Bootstrap template to version $NEW_VERSION" + + - name: Setup Git User + run: | + git config --global user.email "github-aws-sdk-dotnet-automation@amazon.com" + git config --global user.name "aws-sdk-dotnet-automation" + + - name: Create Pull Request + if: steps.check_version.outputs.version_changed == 'true' + env: + GITHUB_TOKEN: ${{ env.AWS_SECRET_TOKEN }} + run: | + git checkout -b update-cdk-bootstrap-template + git add src/AWS.Deploy.Orchestration/CDK/CDKBootstrapTemplate.yaml .autover/ + git commit -m "chore: update CDK bootstrap template to version ${{ steps.check_version.outputs.new_version }}" + git push origin update-cdk-bootstrap-template + gh pr create \ + --title "Update CDK Bootstrap Template to Version ${{ steps.check_version.outputs.new_version }}" \ + --base dev \ + --head update-cdk-bootstrap-template \ + --delete-branch \ No newline at end of file diff --git a/.github/workflows/DetectCDKBootstrapVersionChanges.yml b/.github/workflows/DetectCDKBootstrapVersionChanges.yml index a2646c8d..6cf5e123 100644 --- a/.github/workflows/DetectCDKBootstrapVersionChanges.yml +++ b/.github/workflows/DetectCDKBootstrapVersionChanges.yml @@ -1,107 +1,49 @@ name: Detect CDK Bootstrap Version Changes -on: - schedule: - # Runs at 00:00 UTC every Monday - - cron: '0 0 * * 1' - workflow_dispatch: - -permissions: - contents: write - pull-requests: write - id-token: write +on: [pull_request] jobs: detect-cdk-bootstrap-changes: runs-on: ubuntu-latest steps: - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 #v4.1.0 - with: - role-to-assume: ${{ secrets.RELEASE_WORKFLOW_ACCESS_TOKEN_ROLE_ARN }} - aws-region: us-west-2 - - - name: Retrieve secret from AWS Secrets Manager - uses: aws-actions/aws-secretsmanager-get-secrets@fbd65ea98e018858715f591f03b251f02b2316cb #v2.0.8 - with: - secret-ids: | - AWS_SECRET, ${{ secrets.RELEASE_WORKFLOW_ACCESS_TOKEN_NAME }} - parse-json-secrets: true - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2 with: fetch-depth: '0' - ref: dev - token: ${{ env.AWS_SECRET_TOKEN }} - - - name: Setup .NET - uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 #v4.3.1 - with: - dotnet-version: '8.0.x' - - name: Install AWS CDK run: | npm install -g aws-cdk - - - name: Create temporary directory - run: mkdir -p temp_cdk - - - name: Save New CDK Bootstrap Template - working-directory: temp_cdk - run: | cdk acknowledge 32775 - cdk bootstrap --show-template > newTemplate.yml - - - name: Update Template with Required Policies - working-directory: temp_cdk + - name: Get Staging Bucket Update/Replace Policy + id: stagingBucketUpdateReplacePolicy run: | - yq eval '.Resources.StagingBucket.UpdateReplacePolicy = "Delete"' -i newTemplate.yml - yq eval '.Resources.StagingBucket.DeletionPolicy = "Delete"' -i newTemplate.yml - - - name: Check for version changes - id: check_version + echo "update-replace-policy=$(yq '.Resources.StagingBucket.UpdateReplacePolicy' 'src/AWS.Deploy.Orchestration/CDK/CDKBootstrapTemplate.yaml')" >> $GITHUB_OUTPUT + - name: Get Staging Bucket Deletion Policy + id: stagingBucketDeletionPolicy run: | - OLD_VERSION=$(yq eval '.Resources.CdkBootstrapVersion.Properties.Value' src/AWS.Deploy.Orchestration/CDK/CDKBootstrapTemplate.yaml) - NEW_VERSION=$(yq eval '.Resources.CdkBootstrapVersion.Properties.Value' temp_cdk/newTemplate.yml) - - if [ "$OLD_VERSION" != "$NEW_VERSION" ]; then - echo "Version changed from $OLD_VERSION to $NEW_VERSION" - echo "version_changed=true" >> $GITHUB_OUTPUT - echo "new_version=$NEW_VERSION" >> $GITHUB_OUTPUT - else - echo "No version change detected" - echo "version_changed=false" >> $GITHUB_OUTPUT - fi - - - name: Update CDK Bootstrap Template - if: steps.check_version.outputs.version_changed == 'true' + echo "deletion-policy=$(yq '.Resources.StagingBucket.DeletionPolicy' 'src/AWS.Deploy.Orchestration/CDK/CDKBootstrapTemplate.yaml')" >> $GITHUB_OUTPUT + - name: Fail If Update/Replace Policy Not 'Delete' + if: steps.stagingBucketUpdateReplacePolicy.outputs.update-replace-policy != 'Delete' run: | - cp temp_cdk/newTemplate.yml src/AWS.Deploy.Orchestration/CDK/CDKBootstrapTemplate.yaml - - - name: Generate change file - if: steps.check_version.outputs.version_changed == 'true' - env: - NEW_VERSION: ${{ steps.check_version.outputs.new_version }} + echo "The 'UpdateReplacePolicy' of the 'StaginBucket' in the CDK bootstrap template should be 'Delete'." + exit 1 + - name: Fail If Deletion Policy Not 'Delete' + if: steps.stagingBucketDeletionPolicy.outputs.deletion-policy != 'Delete' run: | - dotnet tool install -g autover --version 0.0.25 - autover change --project-name "AWS.Deploy.CLI" -m "Update CDK Bootstrap template to version $NEW_VERSION" - - - name: Setup Git User + echo "The 'DeletionPolicy' of the 'StaginBucket' in the CDK bootstrap template should be 'Delete'." + exit 1 + - name: Save New CDK Bootstrap Template run: | - git config --global user.email "github-aws-sdk-dotnet-automation@amazon.com" - git config --global user.name "aws-sdk-dotnet-automation" - - - name: Create Pull Request - if: steps.check_version.outputs.version_changed == 'true' - env: - GITHUB_TOKEN: ${{ env.AWS_SECRET_TOKEN }} + cdk bootstrap --show-template > newTemplate.yml + - name: Get Latest CDK Bootstrap Version + id: latestBootstrapVersion + run: | + echo "latest-version=$(yq '.Resources.CdkBootstrapVersion.Properties.Value' 'newTemplate.yml')" >> $GITHUB_OUTPUT + - name: Get Current CDK Bootstrap Version + id: currentBootstrapVersion + run: | + echo "current-version=$(yq '.Resources.CdkBootstrapVersion.Properties.Value' 'src/AWS.Deploy.Orchestration/CDK/CDKBootstrapTemplate.yaml')" >> $GITHUB_OUTPUT + - name: Fail If CDK Bootstrap Template Changes Detected + if: steps.currentBootstrapVersion.outputs.current-version != steps.latestBootstrapVersion.outputs.latest-version run: | - git checkout -b update-cdk-bootstrap-template - git add src/AWS.Deploy.Orchestration/CDK/CDKBootstrapTemplate.yaml .autover/ - git commit -m "chore: update CDK bootstrap template to version ${{ steps.check_version.outputs.new_version }}" - git push origin update-cdk-bootstrap-template - gh pr create \ - --title "Update CDK Bootstrap Template to Version ${{ steps.check_version.outputs.new_version }}" \ - --base dev \ - --head update-cdk-bootstrap-template \ - --delete-branch \ No newline at end of file + echo "A new version of the AWS CDK Bootstrap Template is available. The current template that is being used by the Deploy tool needs to be updated." + exit 1 From ad058dc78279431d20d035a5405fcef8666f1264 Mon Sep 17 00:00:00 2001 From: Garrett Beatty Date: Tue, 6 May 2025 16:24:38 -0400 Subject: [PATCH 4/4] Update AutoUpdateBootstrap.yml --- .github/workflows/AutoUpdateBootstrap.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/AutoUpdateBootstrap.yml b/.github/workflows/AutoUpdateBootstrap.yml index 390efc79..f34bde3c 100644 --- a/.github/workflows/AutoUpdateBootstrap.yml +++ b/.github/workflows/AutoUpdateBootstrap.yml @@ -1,4 +1,4 @@ -name: Auto update Bootstrap Version Changes +name: Auto Update Bootstrap Version Changes on: schedule: @@ -104,4 +104,4 @@ jobs: --title "Update CDK Bootstrap Template to Version ${{ steps.check_version.outputs.new_version }}" \ --base dev \ --head update-cdk-bootstrap-template \ - --delete-branch \ No newline at end of file + --delete-branch