-
Notifications
You must be signed in to change notification settings - Fork 4
106 lines (100 loc) · 3.51 KB
/
deploy_control_plane.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
name: Deploy Control Plane
permissions:
id-token: write # required to use OIDC authentication
contents: read # required to checkout the code from the repo
on:
workflow_dispatch:
branches: [ main ]
inputs:
AWSCONNECTION:
description: 'Method of AWS connection'
required: true
type: choice
default: 'oidc'
options:
- oidc
DEPLOYMENTSTAGE:
description: 'Deployment Target'
required: true
type: choice
default: 'DEV'
options:
- DEV
TEMPLATE_REPO_OWNER:
description: 'Template Repo Owner (ex. unity-sds)'
required: true
type: string
default: 'unity-sds'
TEMPLATE_REPO:
description: 'Template Repo'
required: true
type: string
default: 'unity-on-demand-cloudformation'
TEMPLATE_REPO_BRANCH:
description: 'Template Repo Branch'
required: true
type: string
default: 'develop'
TEMPLATE_PATH:
description: 'Relative Path to Template in Template Repo'
required: true
type: string
default: 'templates/unity_deployer_instance-control_plane.yaml'
STACK_NAME:
description: 'Unique Stack Name'
required: true
type: string
default: ''
VPC_ID:
description: 'VPC ID in AWS'
required: true
type: string
default: ''
KEY_PAIR_NAME:
description: 'Key pair name in AWS'
required: true
type: string
default: ''
# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
deployment:
# The type of runner that the job will run on
runs-on: ubuntu-latest
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
- name: Checkout
uses: actions/checkout@v3
# Configure AWS Credentials through OIDC
- name: Configure AWS credentials
if: ${{ inputs.AWSCONNECTION == 'oidc' }}
uses: aws-actions/configure-aws-credentials@v1
with:
#role-to-assume: ${{ secrets.OIDC_ROLE }}
role-to-assume: ${{ secrets[format('OIDC_{0}_ROLE', inputs.DEPLOYMENTSTAGE)] }}
aws-region: ${{ vars.AWS_REGION }}
# Configure AWS Credentials through OIDC
- name: Configure AWS credentials
if: ${{ INPUTS.AWSCONNECTION == 'oidc' }}
uses: aws-actions/configure-aws-credentials@v1
with:
#role-to-assume: ${{ secrets.OIDC_ROLE }}
role-to-assume: ${{ secrets[format('OIDC_{0}_ROLE', INPUTS.DEPLOYMENTSTAGE)] }}
aws-region: ${{ vars.AWS_REGION }}
- name: Clone Control Plane CloudFormation Template Repo
uses: actions/checkout@v2
with:
repository: ${{ inputs.TEMPLATE_REPO_OWNER }}/${{ inputs.TEMPLATE_REPO }}
path: ./${{ inputs.TEMPLATE_REPO }}
ref: ${{ inputs.TEMPLATE_REPO_BRANCH }}
# Create the cloudformation stack using the template
# Leaves all default parameters as defaults
- name: Create Stack
uses: aws-actions/aws-cloudformation-github-deploy@v1
with:
name: ${{ inputs.STACK_NAME }}
template: ./${{ inputs.TEMPLATE_REPO }}/${{ inputs.TEMPLATE_PATH }}
parameter-overrides: >-
VPCID=${{ inputs.VPC_ID }},
PublicSubnetID=${{ vars.MCP_DEV_EKSSUBNETCONFIGB }},
KeyPairName=${{ inputs.KEY_PAIR_NAME }},
GithubToken=${{ secrets.UNITY_GITHUB_READ_ACCESS_TOKEN }}