-
Notifications
You must be signed in to change notification settings - Fork 3
58 lines (55 loc) · 1.62 KB
/
aws-deploy.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
# reusable template for deployments to AWS accounts
name: aws-deploy
# Ensures that only one deploy task per branch/environment will run at a time.
concurrency:
group: ${{ inputs.environment }}
cancel-in-progress: false
on:
workflow_call:
inputs:
aws-region:
type: string
default: us-east-1
role-to-assume:
required: true
type: string
role-session-name:
required: true
type: string
role-duration-seconds:
type: number
default: 5400
environment:
required: true
type: string
default: "dev"
secrets-location:
type: string
default: "local"
jobs:
deploy:
permissions:
id-token: write
contents: read
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Install AWS CLI
run: sudo snap install aws-cli --classic
- name: Install AWS CDK CLI
run: npm install -g aws-cdk
- name: Install python dependencies
run: pip install -r requirements.txt -r requirements-dev.txt
- name: Assume AWS Role
uses: aws-actions/configure-aws-credentials@v2
with:
aws-region: ${{ inputs.aws-region }}
role-to-assume: ${{ inputs.role-to-assume }}
role-session-name: ${{ inputs.role-session-name }}
role-duration-seconds: ${{ inputs.role-duration-seconds }}
- name: CDK deploy
run: cdk deploy --all --concurrency 5 --require-approval never
env:
ENV: ${{ inputs.environment }}
SECRETS: ${{ inputs.secrets-location }}