Add GitHub Actions workflow for CloudFormation deployment #18
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Validate and Deploy Python CDK | |
| permissions: | |
| id-token: write | |
| contents: read | |
| on: | |
| pull_request: | |
| types: [opened, synchronize, reopened] | |
| jobs: | |
| deploy: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout PR branch | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.head_ref }} | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.11' | |
| - name: Set up Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '20' | |
| - name: Install AWS CDK CLI | |
| run: npm install -g aws-cdk | |
| - name: Configure AWS credentials (OIDC) | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/Github | |
| aws-region: us-west-2 | |
| - name: Set up Python virtual environment | |
| run: python -m venv .venv | |
| - name: Upgrade pip | |
| run: | | |
| source .venv/bin/activate | |
| pip install --upgrade pip | |
| - name: Install jq and moreutils | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y jq moreutils | |
| - name: Patch config.json with jq | |
| env: | |
| MediaLakeEnvironmentName: dev | |
| InitialUserEmail: 'medialake+test@amazon.com' | |
| InitialUserFirstName: 'Medialake' | |
| InitialUserLastName: 'User' | |
| OpenSearchDeploymentSize: 'large' | |
| run: | | |
| if [ -f guidance-for-medialake-on-aws/config.json ]; then | |
| echo "Using existing config file"; | |
| else | |
| echo "Creating config file"; | |
| cp guidance-for-medialake-on-aws/.cicd/config.json-template guidance-for-medialake-on-aws/config.json; | |
| fi | |
| AWS_ACCOUNT_ID="$(aws sts get-caller-identity --query Account --output text)" | |
| AWS_REGION="$(aws configure get region || echo 'us-west-2')" | |
| jq --arg e "$MediaLakeEnvironmentName" '.environment = $e' guidance-for-medialake-on-aws/config.json | sponge guidance-for-medialake-on-aws/config.json | |
| jq --arg a "$AWS_ACCOUNT_ID" '.account_id = $a' guidance-for-medialake-on-aws/config.json | sponge guidance-for-medialake-on-aws/config.json | |
| jq --arg r "$AWS_REGION" '.primary_region = $r' guidance-for-medialake-on-aws/config.json | sponge guidance-for-medialake-on-aws/config.json | |
| jq --arg u "$InitialUserEmail" '.initial_user.email = $u' guidance-for-medialake-on-aws/config.json | sponge guidance-for-medialake-on-aws/config.json | |
| jq --arg f "$InitialUserFirstName" '.initial_user.first_name = $f' guidance-for-medialake-on-aws/config.json | sponge guidance-for-medialake-on-aws/config.json | |
| jq --arg l "$InitialUserLastName" '.initial_user.last_name = $l' guidance-for-medialake-on-aws/config.json | sponge guidance-for-medialake-on-aws/config.json | |
| jq --arg s "$OpenSearchDeploymentSize" '.opensearch_deployment_size = $s' guidance-for-medialake-on-aws/config.json | sponge guidance-for-medialake-on-aws/config.json | |
| - name: Install CDK project dependencies | |
| run: | | |
| source .venv/bin/activate | |
| pip install -r guidance-for-medialake-on-aws/requirements.txt | |
| - name: Synthesize CDK stacks | |
| run: | | |
| source .venv/bin/activate | |
| cd guidance-for-medialake-on-aws | |
| cdk synth | |
| - name: Deploy all CDK stacks | |
| run: | | |
| source .venv/bin/activate | |
| cd guidance-for-medialake-on-aws | |
| cdk deploy --all --require-approval=never |