-
Notifications
You must be signed in to change notification settings - Fork 0
100 lines (89 loc) · 3.6 KB
/
validate-upload-cfn-tmpl.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
# This is a basic workflow to help you get started with Actions
name: Validate and upload CFN Templates to S3
on:
workflow_dispatch:
push:
branches:
- main
- 'feature**'
paths-ignore:
- '**/README.md'
- '**/.github/workflows/**.yaml'
- '**/CHANGELOG.md'
- '**/LICENSE'
- '**/VERSION'
- '.gitignore'
permissions:
id-token: write # This is required for aws oidc connection
contents: write # This is required for actions/checkout
pull-requests: write # This is required for gh bot to comment PR
issues: write # This is required for gh bot to comment issues
jobs:
start:
uses: subhamay-bhattacharyya/gh-action-reusable-aws-cfn-wf/.github/workflows/setup-repository.yaml@main
with:
deploy-reviewer-test: ${{ vars.ACTION_APPROVER_1}}
deploy-reviewer-prod: ${{ vars.ACTION_APPROVER_1 }}
pr-approver: ${{ vars.PR_APPROVER }}
test-env: false
prod-env: false
secrets:
git-token: ${{ secrets.GIT_TOKEN }}
validate-cfn-templates:
if: github.event_name == 'push' && startsWith(github.ref, 'refs/heads/feature')
needs: start
uses: subhamay-bhattacharyya/gh-action-reusable-aws-cfn-wf/.github/workflows/cfn-validate.yaml@main
with:
issue-number: ${{ github.run_id }}
checkov-scan:
if: github.event_name == 'push' && startsWith(github.ref, 'refs/heads/feature')
needs: validate-cfn-templates
uses: subhamay-bhattacharyya/gh-action-reusable-aws-cfn-wf/.github/workflows/checkov-scan.yaml@main
release:
if: github.event_name == 'push' && startsWith(github.ref, 'refs/heads/feature')
needs: checkov-scan
uses: subhamay-bhattacharyya/gh-action-reusable-aws-cfn-wf/.github/workflows/release.yaml@main
create-pr:
if: success()
needs: release
uses: subhamay-bhattacharyya/gh-action-reusable-aws-cfn-wf/.github/workflows/create-pr.yaml@main
secrets:
git-token: ${{ secrets.GIT_TOKEN }}
upload-to-s3:
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
needs: [start]
uses: subhamay-bhattacharyya/gh-action-reusable-aws-cfn-wf/.github/workflows/cfn-templ-s3-upload.yaml@main
with:
aws-region: ${{ vars.AWS_REGION }}
aws-role-arn: ${{ vars.DEVL_AWS_ROLE_ARN }}
aws-cfn-template-bucket: ${{ vars.CFN_TEMPLATE_S3_BUCKET }}
kms-key-arn: ${{ vars.CFN_TEMPLATES_S3_KMS_KEY_ID }}
# name: "Upload CFN Templates to S3"
# runs-on: ubuntu-latest
# defaults:
# run:
# shell: bash
# working-directory: .
# steps:
# # Checkout the repository code
# - name: Checkout code
# id: git-checkout
# uses: actions/checkout@v4
# # Configure AWS credentials
# - name: Configure AWS credentials from AWS account
# id: aws-config
# uses: aws-actions/[email protected]
# with:
# role-to-assume: ${{ vars.DEVL_AWS_ROLE_ARN }}
# aws-region: ${{ vars.AWS_REGION }}
# role-session-name: github-aws-cfn-oidc
# # Upload the stack templates to S3
# - name: Upload the stack templates to S3
# run: |
# aws s3 sync ${{ github.workspace }}/cfn-templates/ s3://${{ vars.CFN_TEMPLATES_S3_BUCKET }} --sse "aws:kms" \
# --sse-kms-key-id ${{ vars.CFN_TEMPLATES_S3_KMS_KEY_ID }} --storage-class GLACIER_IR --exclude ".gitignore" \
# --exclude ".github/workflows/*.yaml" \
# --exclude "*.md" \
# --exclude "CODEOWNERS" \
# --exclude "LICENSE" \
# --exclude "VERSION"