ci: add cicd process for aws-cdk/cdk8s TDE-928 (#230) #1068
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
on: [push] | |
jobs: | |
main: | |
name: Format & Deploy(master) | |
runs-on: ubuntu-latest | |
concurrency: deploy-${{ github.ref }} | |
permissions: | |
id-token: write | |
contents: read | |
steps: | |
- uses: actions/checkout@v4 | |
# Initial build and linting | |
- name: Use Node.js 18.x | |
uses: actions/setup-node@v4 | |
with: | |
node-version: '18.x' | |
- name: Install | |
run: npm install --ci | |
- name: format | |
run: npm run lint -- --fix=false # ensure eslint is not configured to --fix | |
- name: format | |
run: npm run format -- --fix=false # ensure eslint is not configured to --fix | |
# Configure access to AWS / EKS | |
- name: Setup kubectl | |
uses: azure/setup-kubectl@v3 | |
with: | |
version: 'latest' | |
- name: AWS Configure | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
aws-region: ap-southeast-2 | |
mask-aws-account-id: true | |
role-to-assume: ${{ secrets.AWS_CI_ROLE }} | |
- name: Login to EKS | |
run: | | |
aws eks update-kubeconfig --name Workflows --region ap-southeast-2 | |
- name: Check EKS connection | |
run: | | |
kubectl get nodes | |
# TODO It would be nice to split the AWS-CDK/CDK8s deployments into steps | |
# and run them only when infra/cdk or infra/cdk8s is modified. | |
# and use github deployments to track when things were deployed. | |
# Setup the EKS cluster with AWS-CDK | |
- name: (CDK) Diff | |
if: github.ref != 'refs/heads/master' | |
run: | | |
npx cdk diff Workflows \ | |
-c ci-role-arn=${{ secrets.AWS_CI_ROLE }} \ | |
-c aws-account-id=${{ secrets.AWS_ACCOUNT_ID }} | |
- name: (CDK) Deploy | |
if: github.ref == 'refs/heads/master' | |
run: | | |
npx cdk deploy Workflows \ | |
-c ci-role-arn=${{ secrets.AWS_CI_ROLE }} \ | |
-c aws-account-id=${{ secrets.AWS_ACCOUNT_ID }} | |
# Configure the Kubernetes cluster with CDK8s | |
- name: (CDK8s) Synth | |
run: | | |
npx cdk8s synth | |
# kubectl diff - is somewhat dangerous as it dumps out secrets in plain text | |
# so it should not be used in this pipeline | |
# TODO use a --prune and --applyset to remove unused objects | |
- name: (CDK8s) Deploy | |
if: github.ref == 'refs/heads/master' | |
run: | | |
kubectl apply -f dist/ | |
# - name: Install Argo | |
# run: | | |
# curl -sLO https://github.com/argoproj/argo-workflows/releases/download/v3.4.0-rc2/argo-linux-amd64.gz | |
# gunzip argo-linux-amd64.gz | |
# chmod +x argo-linux-amd64 | |
# ./argo-linux-amd64 version | |
# - name: Lint workflows | |
# run: | | |
# ./argo-linux-amd64 lint templates/ -n argo | |
# ./argo-linux-amd64 lint workflows/ -n argo | |
# - name: Deploy workflows | |
# if: github.ref == 'refs/heads/master' | |
# run: | | |
# # Deploy templates first | |
# kubectl apply -f templates/argo-tasks/ --namespace argo | |
# # Find all workflows that have kind "WorkflowTemplate" | |
# WORKFLOWS=$(grep '^kind: WorkflowTemplate$' -R workflows/ -H | cut -d ':' -f1) | |
# # For each workflow attempt to deploy it using kubectl | |
# for wf in $WORKFLOWS; do | |
# kubectl apply -f $wf --namespace argo | |
# done | |
# - name: Deploy config files | |
# if: github.ref == 'refs/heads/master' | |
# run: | | |
# npx cdk8s synth | |
# kubectl apply -f dist/ | |
# # Re-lint the workflows after deployment because their dependencies is test with deployement. | |
# - name: Re-Lint workflows | |
# run: | | |
# ./argo-linux-amd64 lint templates/ -n argo | |
# ./argo-linux-amd64 lint workflows/ -n argo |