Merge pull request #2 from subhamay-bhattacharyya/feature/SB-0001-ini… #2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This is a basic workflow to help you get started with Actions | |
| name: Validate and upload CFN Templates to S3 | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: | |
| - main | |
| - 'feature**' | |
| paths-ignore: | |
| - '**/README.md' | |
| - '**/.github/workflows/**.yaml' | |
| - '**/CHANGELOG.md' | |
| - '**/LICENSE' | |
| - '**/VERSION' | |
| - '.gitignore' | |
| permissions: | |
| id-token: write # This is required for aws oidc connection | |
| contents: write # This is required for actions/checkout | |
| pull-requests: write # This is required for gh bot to comment PR | |
| issues: write # This is required for gh bot to comment issues | |
| jobs: | |
| start: | |
| uses: subhamay-bhattacharyya/gh-action-reusable-aws-cfn-wf/.github/workflows/setup-repository.yaml@main | |
| with: | |
| deploy-reviewer-test: ${{ vars.ACTION_APPROVER_1}} | |
| deploy-reviewer-prod: ${{ vars.ACTION_APPROVER_1 }} | |
| pr-approver: ${{ vars.PR_APPROVER }} | |
| test-env: false | |
| prod-env: false | |
| secrets: | |
| git-token: ${{ secrets.GIT_TOKEN }} | |
| validate-cfn-templates: | |
| if: github.event_name == 'push' && startsWith(github.ref, 'refs/heads/feature') | |
| needs: start | |
| uses: subhamay-bhattacharyya/gh-action-reusable-aws-cfn-wf/.github/workflows/cfn-validate.yaml@main | |
| with: | |
| issue-number: ${{ github.run_id }} | |
| checkov-scan: | |
| if: github.event_name == 'push' && startsWith(github.ref, 'refs/heads/feature') | |
| needs: validate-cfn-templates | |
| uses: subhamay-bhattacharyya/gh-action-reusable-aws-cfn-wf/.github/workflows/checkov-scan.yaml@main | |
| release: | |
| if: github.event_name == 'push' && startsWith(github.ref, 'refs/heads/feature') | |
| needs: checkov-scan | |
| uses: subhamay-bhattacharyya/gh-action-reusable-aws-cfn-wf/.github/workflows/release.yaml@main | |
| create-pr: | |
| if: success() | |
| needs: release | |
| uses: subhamay-bhattacharyya/gh-action-reusable-aws-cfn-wf/.github/workflows/create-pr.yaml@main | |
| secrets: | |
| git-token: ${{ secrets.GIT_TOKEN }} | |
| upload-to-s3: | |
| if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
| needs: [start] | |
| uses: subhamay-bhattacharyya/gh-action-reusable-aws-cfn-wf/.github/workflows/cfn-templ-s3-upload.yaml@main | |
| with: | |
| aws-region: ${{ vars.AWS_REGION }} | |
| aws-role-arn: ${{ vars.DEVL_AWS_ROLE_ARN }} | |
| aws-cfn-template-bucket: ${{ vars.CFN_TEMPLATE_S3_BUCKET }} | |
| kms-key-arn: ${{ vars.CFN_TEMPLATES_S3_KMS_KEY_ID }} | |
| # name: "Upload CFN Templates to S3" | |
| # runs-on: ubuntu-latest | |
| # defaults: | |
| # run: | |
| # shell: bash | |
| # working-directory: . | |
| # steps: | |
| # # Checkout the repository code | |
| # - name: Checkout code | |
| # id: git-checkout | |
| # uses: actions/checkout@v4 | |
| # # Configure AWS credentials | |
| # - name: Configure AWS credentials from AWS account | |
| # id: aws-config | |
| # uses: aws-actions/[email protected] | |
| # with: | |
| # role-to-assume: ${{ vars.DEVL_AWS_ROLE_ARN }} | |
| # aws-region: ${{ vars.AWS_REGION }} | |
| # role-session-name: github-aws-cfn-oidc | |
| # # Upload the stack templates to S3 | |
| # - name: Upload the stack templates to S3 | |
| # run: | | |
| # aws s3 sync ${{ github.workspace }}/cfn-templates/ s3://${{ vars.CFN_TEMPLATES_S3_BUCKET }} --sse "aws:kms" \ | |
| # --sse-kms-key-id ${{ vars.CFN_TEMPLATES_S3_KMS_KEY_ID }} --storage-class GLACIER_IR --exclude ".gitignore" \ | |
| # --exclude ".github/workflows/*.yaml" \ | |
| # --exclude "*.md" \ | |
| # --exclude "CODEOWNERS" \ | |
| # --exclude "LICENSE" \ | |
| # --exclude "VERSION" |