Add Deployment workflows

Signed-off-by: Divya Madala <[email protected]>

.github/workflows/beta-deploy.yml

@@ -0,0 +1,51 @@
+name: Beta Deployment Workflow
+
+on:
+  issue_comment:
+    types: [created]
+
+jobs:
+  beta-deployment:
+    if: >-
+      github.event.issue.pull_request &&
+      contains(github.event.comment.body, 'Approve Beta Deployment')
+    name: Get approval for deployment
+    permissions:
+      id-token: write
+      contents: read
+      issues: read
+      pull-requests: read
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      - name: Setup Node.js and AWS CDK
+        uses: actions/setup-node@v4
+        with:
+          node-version: 18.x
+
+      - name: Install dependencies and build project
+        run: |
+          npm install
+          npm run build
+
+      - name: Install AWS CDK
+        run: npm install -g [email protected]
+
+      - name: Assume IAM Role
+        uses: aws-actions/[email protected]
+        with:
+          role-to-assume: ${{ secrets.BETA_DEPLOYMENT_ROLE }}
+          aws-region: us-east-1
+
+      - name: Deploy
+        run: |
+          COMMAND_OUTPUT=$(npm run cdk diff -- OpenSearch-CI-Config-Beta -c useSsl=true -c serverAccessType=prefixList -c restrictServerAccessTo=${{secrets.PREFIX_LIST}})
+          echo "$COMMAND_OUTPUT" | grep -q "Number of stacks with differences: 0"
+          if [ $? -eq 0 ]; then
+            echo "No stack changes involved"
+          else
+            npm run cdk deploy -- OpenSearch-CI-Config-Beta -c useSsl=true -c serverAccessType=prefixList -c restrictServerAccessTo=${{secrets.PREFIX_LIST}}
+            npm run cdk deploy -- OpenSearch-CI-Beta -c useSsl=true -c authType=github -c dataRetention=true -c macAgent=true -c useProdAgents=true -c enableViews=true -c ignoreResourcesFailures=false -c serverAccessType=prefixList -c restrictServerAccessTo=${{secrets.PREFIX_LIST}}
+          fi

.github/workflows/changeset.yml

@@ -0,0 +1,54 @@
+name: Create Change Set
+
+on:
+  pull_request:
+    types: [opened, synchronize]
+    branches:
+      - main
+
+jobs:
+  create-change-sets:
+    name: Create Change Sets for Beta and Prod
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: read
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      - name: Setup Node.js and AWS CDK
+        uses: actions/setup-node@v4
+        with:
+          node-version: 18.x
+
+      - name: Install dependencies and build project
+        run: |
+          npm install
+          npm run build
+
+      - name: Install AWS CDK
+        run: npm install -g [email protected]
+
+      - name: Assume IAM Role for Beta
+        uses: aws-actions/[email protected]
+        with:
+          role-to-assume: ${{ secrets.BETA_DEPLOYMENT_ROLE }}
+          aws-region: us-east-1
+
+      - name: Create Change Set for Beta
+        run: |
+          npm run cdk diff -- OpenSearch-CI-Config-Beta -c useSsl=true -c serverAccessType=prefixList -c restrictServerAccessTo=${{ secrets.PREFIX_LIST }}
+          npm run cdk diff -- OpenSearch-CI-Beta -c useSsl=true -c authType=github -c dataRetention=true -c macAgent=true -c useProdAgents=true -c enableViews=true -c ignoreResourcesFailures=false -c serverAccessType=prefixList -c restrictServerAccessTo=${{secrets.PREFIX_LIST}}
+
+      - name: Assume IAM Role for Prod
+        uses: aws-actions/[email protected]
+        with:
+          role-to-assume: ${{ secrets.PROD_DEPLOYMENT_ROLE }}
+          aws-region: us-east-1
+
+      - name: Create Change Set for Prod
+        run: |
+          npm run cdk diff -- OpenSearch-CI-Config-Prod -c useSsl=true -c serverAccessType=prefixList -c restrictServerAccessTo=${{ secrets.INTERNET_ACCESS }}
+          npm run cdk diff -- OpenSearch-CI-Prod -c useSsl=true -c authType=github -c dataRetention=true -c macAgent=true -c useProdAgents=true -c enableViews=true -c ignoreResourcesFailures=false -c serverAccessType=prefixList -c restrictServerAccessTo=${{secrets.PREFIX_LIST}}

.github/workflows/prod-deploy.yml

@@ -0,0 +1,51 @@
+name: Beta Deployment Workflow
+
+on:
+  issue_comment:
+    types: [created]
+
+jobs:
+  beta-deployment:
+    if: >-
+      github.event.issue.pull_request &&
+      contains(github.event.comment.body, 'Approve Prod Deployment')
+    name: Get approval for deployment
+    permissions:
+      id-token: write
+      contents: read
+      issues: read
+      pull-requests: read
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      - name: Setup Node.js and AWS CDK
+        uses: actions/setup-node@v4
+        with:
+          node-version: 18.x
+
+      - name: Install dependencies and build project
+        run: |
+          npm install
+          npm run build
+
+      - name: Install AWS CDK
+        run: npm install -g [email protected]
+
+      - name: Assume IAM Role
+        uses: aws-actions/[email protected]
+        with:
+          role-to-assume: ${{ secrets.PROD_DEPLOYMENT_ROLE }}
+          aws-region: us-east-1
+
+      - name: Deploy
+        run: |
+          COMMAND_OUTPUT=$(npm run cdk diff -- OpenSearch-CI-Config-Prod -c useSsl=true -c serverAccessType=prefixList -c restrictServerAccessTo=${{secrets.PREFIX_LIST}})
+          echo "$COMMAND_OUTPUT" | grep -q "Number of stacks with differences: 0"
+          if [ $? -eq 0 ]; then
+            echo "No stack changes involved"
+          else
+            npm run cdk deploy -- OpenSearch-CI-Config-Prod -c useSsl=true -c serverAccessType=prefixList -c restrictServerAccessTo=${{secrets.PREFIX_LIST}}
+            npm run cdk deploy -- OpenSearch-CI-Prod -c useSsl=true -c authType=github -c dataRetention=true -c macAgent=true -c useProdAgents=true -c enableViews=true -c ignoreResourcesFailures=false -c serverAccessType=prefixList -c restrictServerAccessTo=${{secrets.PREFIX_LIST}}
+          fi