Skip to content

build(deps-dev): bump the aws-cdk group with 6 updates #1946

build(deps-dev): bump the aws-cdk group with 6 updates

build(deps-dev): bump the aws-cdk group with 6 updates #1946

Workflow file for this run

on: [push]
name: Build, Format and Test
runs-on: ubuntu-latest
- uses: linz/action-typescript@9bf69b0f313b3525d3ba3116f26b1aff7eb7a6c0 # v3.1.0
- name: Download actionlint
run: docker build --tag actionlint - < .github/workflows/actionlint.dockerfile
- name: Run actionlint to check workflow files
run: docker run --volume="${PWD}:/repo" --workdir=/repo actionlint -color
runs-on: ubuntu-latest
concurrency: deploy-prod-${{ github.ref }}
needs: [main]
if: ${{ github.ref == 'refs/heads/master' }}
name: prod
id-token: write
contents: read
- uses: linz/action-typescript@9bf69b0f313b3525d3ba3116f26b1aff7eb7a6c0 # v3.1.0
# Configure access to AWS / EKS
- name: Setup kubectl
uses: azure/setup-kubectl@901a10e89ea615cf61f57ac05cecdf23e7de06d8 # v3
version: 'latest'
- name: AWS Configure
uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4
aws-region: ap-southeast-2
mask-aws-account-id: true
role-to-assume: ${{ secrets.AWS_CI_ROLE }}
- name: Find Changes in Infra
id: get-infra-changes
run: |
mapfile -d '' modified_infra_files < <(git diff --name-only -z ${{ github.event.before }} ${{ github.event.after }} -- "infra/*")
if [[ "${#modified_infra_files[@]}" -ge 1 ]]; then
echo "run_infra=true" >> "$GITHUB_OUTPUT"
echo "run_infra=false" >> "$GITHUB_OUTPUT"
- name: (CDK) Deploy
if: steps.get-infra-changes.outputs.run_infra == 'true'
run: |
npx cdk deploy ${{ env.CLUSTER_NAME }} \
-c maintainer-arns=${{ secrets.AWS_CI_ROLE }},${{ secrets.AWS_ADMIN_ROLE }},${{ secrets.AWS_WFMAINTAINER_ROLE }} \
-c aws-account-id=${{ secrets.AWS_ACCOUNT_ID }} \
--require-approval never
- name: Login to EKS
run: |
aws eks update-kubeconfig --name ${{ env.CLUSTER_NAME }} --region ap-southeast-2
- name: Check EKS connection
run: |
kubectl get nodes
# Configure the Kubernetes cluster with CDK8s
- name: (CDK8s) Synth
if: steps.get-infra-changes.outputs.run_infra == 'true'
run: |
npx cdk8s synth
# nb: kubectl diff - is somewhat dangerous as it dumps out secrets in plain text
# so it should not be used in this pipeline
# TODO use a --prune and --applyset to remove unused objects
- name: (CDK8s) Deploy
if: steps.get-infra-changes.outputs.run_infra == 'true'
run: |
kubectl apply -f dist/
# FIXME since `WATCH_CONTROLLER_SEMAPHORE_CONFIGMAPS=false` we need to restart argo-workflow-controller
# to make sure ConfigMap changes are taken into account
kubectl rollout restart deployment argo-workflows-workflow-controller -n argo
- name: Install Argo
run: |
curl -sLO
gunzip argo-linux-amd64.gz
chmod +x argo-linux-amd64
./argo-linux-amd64 version
- name: Lint workflows
if: github.ref != 'refs/heads/master'
run: |
# Create test namespace
kubectl create namespace "$GITHUB_SHA"
# Create copy of Workflows files to change their namespaces
mkdir test
cp -r workflows/ test/workflows/
# Deploy templates in the test namespace
# Note: the templates have no default namespace so no need to modify them
kubectl apply -f templates/argo-tasks/ --namespace "$GITHUB_SHA"
# Find all workflows that have kind "WorkflowTemplate"
WORKFLOWS=$(grep -R -H '^kind: WorkflowTemplate$' test/workflows/ | cut -d ':' -f1)
# For each workflow template attempt to deploy it using kubectl
for wf in $WORKFLOWS; do
# Change namespace in files
sed -i "/^\([[:space:]]*namespace: \).*/s//\1$GITHUB_SHA/" "$wf"
kubectl apply -f "$wf" --namespace "$GITHUB_SHA"
# Find all cron workflows that have kind "CronWorkflow"
CRON_WORKFLOWS=$(grep -R -H '^kind: CronWorkflow$' test/workflows/ | cut -d ':' -f1)
# For each cron workflow attempt to deploy it using kubectl
for cwf in $CRON_WORKFLOWS; do
# Change namespace in files
sed -i "/^\([[:space:]]*namespace: \).*/s//\1$GITHUB_SHA/" "$cwf"
kubectl apply -f "$cwf" --namespace "$GITHUB_SHA"
# Finally lint the templates
./argo-linux-amd64 lint templates/ -n "$GITHUB_SHA"
./argo-linux-amd64 lint test/workflows/ -n "$GITHUB_SHA"
- name: Delete Test namespace
if: always()
run: |
# Delete the test namespace
stderr_tmp="$(mktemp --directory)/stderr"
if ! kubectl delete namespaces "$GITHUB_SHA" 2> >(tee "$stderr_tmp" >&2)
grep -q 'Error from server (NotFound): namespaces ".*" not found' "$stderr_tmp"
- name: Deploy workflows
if: github.ref == 'refs/heads/master'
run: |
# Deploy templates first
kubectl apply -f templates/argo-tasks/ --namespace argo
# Find all workflows that have kind "WorkflowTemplate"
WORKFLOWS=$(grep '^kind: WorkflowTemplate$' -R workflows/ -H | cut -d ':' -f1)
# For each workflow template attempt to deploy it using kubectl
for wf in $WORKFLOWS; do
kubectl apply -f "$wf" --namespace argo
# Find all cron workflows that have kind "CronWorkflow"
CRON_WORKFLOWS=$(grep '^kind: CronWorkflow$' -R workflows/ -H | cut -d ':' -f1)
# For each cron workflow attempt to deploy it using kubectl
for cwf in $CRON_WORKFLOWS; do
kubectl apply -f "$cwf" --namespace argo