diff --git a/.github/workflows/beta-deploy.yml b/.github/workflows/beta-deploy.yml new file mode 100644 index 0000000..71a2b30 --- /dev/null +++ b/.github/workflows/beta-deploy.yml @@ -0,0 +1,51 @@ +name: Beta Deployment Workflow + +on: + issue_comment: + types: [created] + +jobs: + beta-deployment: + if: >- + github.event.issue.pull_request && + contains(github.event.comment.body, 'Approve Beta Deployment') + name: Get approval for deployment + permissions: + id-token: write + contents: read + issues: read + pull-requests: read + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Setup Node.js and AWS CDK + uses: actions/setup-node@v4 + with: + node-version: 18.x + + - name: Install dependencies and build project + run: | + npm install + npm run build + + - name: Install AWS CDK + run: npm install -g aws-cdk@2.149.0 + + - name: Assume IAM Role + uses: aws-actions/configure-aws-credentials@v4.0.2 + with: + role-to-assume: ${{ secrets.BETA_DEPLOYMENT_ROLE }} + aws-region: us-east-1 + + - name: Deploy + run: | + COMMAND_OUTPUT=$(npm run cdk diff -- OpenSearch-CI-Config-Beta -c useSsl=true -c serverAccessType=prefixList -c restrictServerAccessTo=${{secrets.PREFIX_LIST}}) + echo "$COMMAND_OUTPUT" | grep -q "Number of stacks with differences: 0" + if [ $? -eq 0 ]; then + echo "No stack changes involved" + else + npm run cdk deploy -- OpenSearch-CI-Config-Beta -c useSsl=true -c serverAccessType=prefixList -c restrictServerAccessTo=${{secrets.PREFIX_LIST}} + npm run cdk deploy -- OpenSearch-CI-Beta -c useSsl=true -c authType=github -c dataRetention=true -c macAgent=true -c useProdAgents=true -c enableViews=true -c ignoreResourcesFailures=false -c serverAccessType=prefixList -c restrictServerAccessTo=${{secrets.PREFIX_LIST}} + fi diff --git a/.github/workflows/changeset.yml b/.github/workflows/changeset.yml new file mode 100644 index 0000000..db4e0ed --- /dev/null +++ b/.github/workflows/changeset.yml @@ -0,0 +1,54 @@ +name: Create Change Set + +on: + pull_request: + types: [opened, synchronize] + branches: + - main + +jobs: + create-change-sets: + name: Create Change Sets for Beta and Prod + runs-on: ubuntu-latest + permissions: + id-token: write + contents: read + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Setup Node.js and AWS CDK + uses: actions/setup-node@v4 + with: + node-version: 18.x + + - name: Install dependencies and build project + run: | + npm install + npm run build + + - name: Install AWS CDK + run: npm install -g aws-cdk@2.149.0 + + - name: Assume IAM Role for Beta + uses: aws-actions/configure-aws-credentials@v4.0.2 + with: + role-to-assume: ${{ secrets.BETA_DEPLOYMENT_ROLE }} + aws-region: us-east-1 + + - name: Create Change Set for Beta + run: | + npm run cdk diff -- OpenSearch-CI-Config-Beta -c useSsl=true -c serverAccessType=prefixList -c restrictServerAccessTo=${{ secrets.PREFIX_LIST }} + npm run cdk diff -- OpenSearch-CI-Beta -c useSsl=true -c authType=github -c dataRetention=true -c macAgent=true -c useProdAgents=true -c enableViews=true -c ignoreResourcesFailures=false -c serverAccessType=prefixList -c restrictServerAccessTo=${{secrets.PREFIX_LIST}} + + - name: Assume IAM Role for Prod + uses: aws-actions/configure-aws-credentials@v4.0.2 + with: + role-to-assume: ${{ secrets.PROD_DEPLOYMENT_ROLE }} + aws-region: us-east-1 + + - name: Create Change Set for Prod + run: | + npm run cdk diff -- OpenSearch-CI-Config-Prod -c useSsl=true -c serverAccessType=prefixList -c restrictServerAccessTo=${{ secrets.INTERNET_ACCESS }} + npm run cdk diff -- OpenSearch-CI-Prod -c useSsl=true -c authType=github -c dataRetention=true -c macAgent=true -c useProdAgents=true -c enableViews=true -c ignoreResourcesFailures=false -c serverAccessType=prefixList -c restrictServerAccessTo=${{secrets.PREFIX_LIST}} diff --git a/.github/workflows/prod-deploy.yml b/.github/workflows/prod-deploy.yml new file mode 100644 index 0000000..2dee448 --- /dev/null +++ b/.github/workflows/prod-deploy.yml @@ -0,0 +1,51 @@ +name: Beta Deployment Workflow + +on: + issue_comment: + types: [created] + +jobs: + beta-deployment: + if: >- + github.event.issue.pull_request && + contains(github.event.comment.body, 'Approve Prod Deployment') + name: Get approval for deployment + permissions: + id-token: write + contents: read + issues: read + pull-requests: read + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Setup Node.js and AWS CDK + uses: actions/setup-node@v4 + with: + node-version: 18.x + + - name: Install dependencies and build project + run: | + npm install + npm run build + + - name: Install AWS CDK + run: npm install -g aws-cdk@2.149.0 + + - name: Assume IAM Role + uses: aws-actions/configure-aws-credentials@v4.0.2 + with: + role-to-assume: ${{ secrets.PROD_DEPLOYMENT_ROLE }} + aws-region: us-east-1 + + - name: Deploy + run: | + COMMAND_OUTPUT=$(npm run cdk diff -- OpenSearch-CI-Config-Prod -c useSsl=true -c serverAccessType=prefixList -c restrictServerAccessTo=${{secrets.PREFIX_LIST}}) + echo "$COMMAND_OUTPUT" | grep -q "Number of stacks with differences: 0" + if [ $? -eq 0 ]; then + echo "No stack changes involved" + else + npm run cdk deploy -- OpenSearch-CI-Config-Prod -c useSsl=true -c serverAccessType=prefixList -c restrictServerAccessTo=${{secrets.PREFIX_LIST}} + npm run cdk deploy -- OpenSearch-CI-Prod -c useSsl=true -c authType=github -c dataRetention=true -c macAgent=true -c useProdAgents=true -c enableViews=true -c ignoreResourcesFailures=false -c serverAccessType=prefixList -c restrictServerAccessTo=${{secrets.PREFIX_LIST}} + fi