Update to new Datadog CFN template #10
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Branch | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches-ignore: | |
| - 'main' | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write | |
| contents: read | |
| steps: | |
| - name: Setup job workspace | |
| uses: ServerlessOpsIO/gha-setup-workspace@v1 | |
| - name: Setup Python | |
| uses: ServerlessOpsIO/gha-setup-python@v1 | |
| - name: Assume AWS Credentials | |
| uses: ServerlessOpsIO/gha-assume-aws-credentials@v1 | |
| with: | |
| build_aws_account_id: ${{ secrets.AWS_CICD_ACCOUNT_ID }} | |
| - name: Install AWS SAM | |
| uses: aws-actions/setup-sam@v2 | |
| # FIXME: We're only validating the top-level template and not the rest. | |
| - name: Validate artifact | |
| run: sam validate --lint | |
| - name: Synethsize StackSet templates | |
| run: | | |
| for _f in $(find . -type f -name 'stackset.yaml'); do | |
| _dir="$(dirname $_f)/" \ | |
| yq \ | |
| -i \ | |
| '(.. | select(has("localTemplateFile")) | .localTemplateFile) |= load_str(strenv(_dir) + .)' \ | |
| $_f; | |
| done | |
| - name: Upload SAM artifact | |
| id: upload-sam-template | |
| shell: bash | |
| run: | | |
| sam package \ | |
| --template template.yaml \ | |
| --s3-bucket aws-sam-cli-sourcebucket-${{ secrets.AWS_CICD_ACCOUNT_ID }}-us-east-1 \ | |
| --s3-prefix ${{ env.GITHUB_REPOSITORY_OWNER_PART_SLUG_URL }}/${{ env.GITHUB_REPOSITORY_NAME_PART_SLUG_URL }}/${{ env.GITHUB_REF_SLUG_URL }} \ | |
| --region us-east-1 \ | |
| --output-template-file packaged-template.yaml | |
| - name: Upload SAM artifact | |
| id: upload-sam-stackset-shipping-template | |
| shell: bash | |
| run: | | |
| sam package \ | |
| --template stacksets-shipping-template.yaml \ | |
| --s3-bucket aws-sam-cli-sourcebucket-${{ secrets.AWS_CICD_ACCOUNT_ID }}-us-east-1 \ | |
| --s3-prefix ${{ env.GITHUB_REPOSITORY_OWNER_PART_SLUG_URL }}/${{ env.GITHUB_REPOSITORY_NAME_PART_SLUG_URL }}/${{ env.GITHUB_REF_SLUG_URL }} \ | |
| --region us-east-1 \ | |
| --output-template-file packaged-stacksets-shipping-template.yaml | |
| - name: Upload SAM artifact | |
| id: upload-sam-stackset-shipper-template | |
| shell: bash | |
| run: | | |
| sam package \ | |
| --template stacksets-shipper-template.yaml \ | |
| --s3-bucket aws-sam-cli-sourcebucket-${{ secrets.AWS_CICD_ACCOUNT_ID }}-us-east-1 \ | |
| --s3-prefix ${{ env.GITHUB_REPOSITORY_OWNER_PART_SLUG_URL }}/${{ env.GITHUB_REPOSITORY_NAME_PART_SLUG_URL }}/${{ env.GITHUB_REF_SLUG_URL }} \ | |
| --region us-east-1 \ | |
| --output-template-file packaged-stacksets-shipper-template.yaml | |
| - name: 'Upload pipeline artifact' | |
| id: upload-artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: ${{ env.GITHUB_REPOSITORY_SLUG }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ github.run_number }}-${{ github.sha }} | |
| path: | | |
| **/* | |
| !.aws-sam/build | |
| !**/.terraform/providers | |
| !node_modules | |
| !.git | |
| if-no-files-found: error | |
| retention-days: 30 | |
| deploy_shipper_stackset: | |
| needs: | |
| - build | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write | |
| contents: read | |
| steps: | |
| - name: Setup job workspace | |
| uses: ServerlessOpsIO/gha-setup-workspace@v1 | |
| with: | |
| checkout_artifact: true | |
| - name: Setup Python | |
| uses: ServerlessOpsIO/gha-setup-python@v1 | |
| # - name: Assume AWS Credentials | |
| # uses: ServerlessOpsIO/gha-assume-aws-credentials@v1 | |
| # with: | |
| # build_aws_account_id: ${{ secrets.AWS_CICD_ACCOUNT_ID }} | |
| # deploy_aws_account_id: ${{ secrets.AWS_MANAGEMENT_ACCOUNT_ID }} | |
| # | |
| # - name: Install AWS SAM | |
| # uses: aws-actions/setup-sam@v2 | |
| # | |
| # - name: Deploy via AWS SAM | |
| # uses: ServerlessOpsIO/gha-deploy-aws-sam@v1 | |
| # with: | |
| # aws_account_id: ${{ secrets.AWS_MANAGEMENT_ACCOUNT_ID }} | |
| # template_file: packaged-stacksets-shipper-template.yaml | |
| # stack_name: "${{ env.GITHUB_REPOSITORY_NAME_PART_SLUG_URL }}-${{ env.GITHUB_EVENT_REF_SLUG_URL }}-shipper" | |
| # cfn_capabilities: CAPABILITY_NAMED_IAM,CAPABILITY_AUTO_EXPAND | |
| # env_json: ${{ toJson(vars) }} | |
| # secrets_json: ${{ toJson(secrets) }} | |
| deploy_shipping_stackset: | |
| needs: | |
| - build | |
| - deploy_shipper_stackset | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write | |
| contents: read | |
| steps: | |
| - name: Setup job workspace | |
| uses: ServerlessOpsIO/gha-setup-workspace@v1 | |
| with: | |
| checkout_artifact: true | |
| - name: Setup Python | |
| uses: ServerlessOpsIO/gha-setup-python@v1 | |
| # - name: Assume AWS Credentials | |
| # uses: ServerlessOpsIO/gha-assume-aws-credentials@v1 | |
| # with: | |
| # build_aws_account_id: ${{ secrets.AWS_CICD_ACCOUNT_ID }} | |
| # deploy_aws_account_id: ${{ secrets.AWS_MANAGEMENT_ACCOUNT_ID }} | |
| # | |
| # - name: Install AWS SAM | |
| # uses: aws-actions/setup-sam@v2 | |
| # | |
| # - name: Deploy via AWS SAM | |
| # uses: ServerlessOpsIO/gha-deploy-aws-sam@v1 | |
| # with: | |
| # aws_account_id: ${{ secrets.AWS_MANAGEMENT_ACCOUNT_ID }} | |
| # template_file: packaged-stacksets-shipping-template.yaml | |
| # stack_name: "${{ env.GITHUB_REPOSITORY_NAME_PART_SLUG_URL }}-${{ env.GITHUB_EVENT_REF_SLUG_URL }}-shipping" | |
| # cfn_capabilities: CAPABILITY_NAMED_IAM,CAPABILITY_AUTO_EXPAND | |
| # env_json: ${{ toJson(vars) }} | |
| # secrets_json: ${{ toJson(secrets) }} | |
| deploy_management: | |
| needs: | |
| - build | |
| - deploy_shipper_stackset | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write | |
| contents: read | |
| steps: | |
| - name: Setup job workspace | |
| uses: ServerlessOpsIO/gha-setup-workspace@v1 | |
| with: | |
| checkout_artifact: true | |
| - name: Setup Python | |
| uses: ServerlessOpsIO/gha-setup-python@v1 | |
| # - name: Assume AWS Credentials | |
| # uses: ServerlessOpsIO/gha-assume-aws-credentials@v1 | |
| # with: | |
| # build_aws_account_id: ${{ secrets.AWS_CICD_ACCOUNT_ID }} | |
| # deploy_aws_account_id: ${{ secrets.AWS_MANAGEMENT_ACCOUNT_ID }} | |
| # | |
| # - name: Install AWS SAM | |
| # uses: aws-actions/setup-sam@v2 | |
| # | |
| # - name: Deploy via AWS SAM | |
| # uses: ServerlessOpsIO/gha-deploy-aws-sam@v1 | |
| # with: | |
| # aws_account_id: ${{ secrets.AWS_MANAGEMENT_ACCOUNT_ID }} | |
| # template_file: packaged-template.yaml | |
| # stack_name: "${{ env.GITHUB_REPOSITORY_NAME_PART_SLUG_URL }}-${{ env.GITHUB_EVENT_REF_SLUG_URL }}-management" | |
| # cfn_capabilities: CAPABILITY_NAMED_IAM,CAPABILITY_AUTO_EXPAND | |
| # env_json: ${{ toJson(vars) }} | |
| # secrets_json: ${{ toJson(secrets) }} |