-
Couldn't load subscription status.
- Fork 2
Github Actions Build Script
ng-druid edited this page Sep 13, 2023
·
35 revisions
hedge-deploy.yaml
todos:
- add local testing before deployment
- Each lambda should be tested at least one test
- create private.dev.json and private.prod.json files for configuration
- We could probably just put them in a encrypted s3 bucket and pull from there.
- We could also add some as variables others as variables to repo, branch settings and dynamically build the json file, write. This is probably more secure option.
- Only run when changes are made to files relevant to the hedge api. For example, don't run when change made to proxy.
- Organization
- We could use artifacts to separate things into different jobs or even probably use s3.
- We could create private repo hedge-build and store the artifacts there instead. Completely free, retension forever
- pems need to be added - generated
- api/entity/rtc-vertigo-dev.private-key.pem
- api/entity/rtc-vertigo-prod.private-key.pem
jobs:
- build golang programs via bazel > artifact
- generate JSON config > artifact
- generate pem > artifact
- local test
- serverless upload - prod = matrix
- clean-up artifacts
Create new folder at top for test data json files to replicate api gateway input.
name: Bazel Build and Deploy to AWS
on:
push:
branches: [ master ]
jobs:
generate_config:
runs-on: ubuntu-latest
steps:
- name: Install jq
run: sudo apt-get install jq
- name: Generate JSON Config file
run: |
jq -n \
--arg elasticUrl "${{ secrets.ELASTIC_URL }}" \
--arg keyspaceUsername "${{ secrets.KEYSPACE_USERNAME }}" \
--arg keyspacePassword "${{ secrets.KEYSPACE_PASSWORD }}" \
--arg apigatewayEndpoint "${{ secrets.APIGATEWAY_ENDPOINT }}" \
--arg userPoolId "${{ secrets.USER_POOL_ID }}" \
--arg userPoolArn "${{ secrets.USER_POOL_ARN }}" \
--arg identityPoolId "${{ secrets.IDENTITY_POOL_ID }}" \
--arg issuer "${{ secrets.ISSUER }}" \
--arg cognitoAppClientId "${{ secrets.COGNITO_APP_CLIENT_ID }}" \
--arg bucketName "${{ secrets.BUCKET_NAME }}" \
--arg proxyAveDomain "${{ secrets.PROXY_AVE_DOMAIN }}" \
--arg aveApikey "${{ secrets.AVE_APIKEY }}" \
--arg proxyCarbonAwareDomain "${{ secrets.PROXY_CARBON_AWARE_DOMAIN }}" \
--arg githubToken "${{ secrets.GITHUB_TOKEN }}" \
--arg githubBranch "${{ secrets.GITHUB_BRANCH }}" \
--arg githubAppId "${{ secrets.GITHUB_APP_ID }}" \
--arg githubAppClientId "${{ secrets.GITHUB_APP_CLIENT_ID }}" \
--arg githubAppClientSecret "${{ secrets.GITHUB_APP_CLIENT_SECRET }}" \
--arg hedgeEnabled "${{ secrets.HEDGE_ENABLED }}" \
--arg hedgeDomain "${{ secrets.HEDGE_DOMAIN }}" \
--arg hedgeCertArn "${{ secrets.HEDGE_CERT_ARN }}" \
--arg hedgeOriginAccessIdentity "${{ secrets.HEDGE_ORIGIN_ACCESS_IDENTITY }}" \
--arg hedgeCachePolicyId "${{ secrets.HEDGE_CACHE_POLICY_ID }}" \
--arg hedgeOriginPath "${{ secrets.HEDGE_ORIGIN_PATH }}" \
--arg awsAccountId "${{ secrets.AWS_ACCOUNT_ID }}" \
--arg defaultSigningUsername "${{ secrets.DEFAULT_SIGNING_USERNAME }}" \
--arg defaultSigningPassword "${{ secrets.DEFAULT_SIGNING_PASSWORD }}" \
--arg wattTimeUsername "${{ secrets.WATTTIME_USERNAME }}" \
--arg wattTimePassword "${{ secrets.WATTTIME_PASSWORD }}" \
--arg cloudName "${{ secrets.CLOUD_NAME }}" \
--arg githubMarketplaceWebookSecret "${{ secrets.GITHUB_MARKETPLACE_WEBHOOK_SECRET }}" \
'{
"elasticUrl": $elasticUrl,
"keyspaceUsername": $keyspaceUsername,
"keyspacePassword": $keyspacePassword,
"apigatewayEndpoint": $apigatewayEndpoint,
"userPoolId": $userPoolId,
"userPoolArn": $userPoolArn,
"identityPoolId": $identityPoolId,
"issuer": $issuer,
"cognitoAppClientId": $cognitoAppClientId,
"bucketName": $bucketName,
"proxyAveDomain": $proxyAveDomain,
"aveApikey": $aveApikey,
"proxyCarbonAwareDomain": $proxyCarbonAwareDomain,
"githubToken": $githubToken,
"githubBranch": $githubBranch,
"githubAppId": $githubAppId,
"githubAppClientId": $githubAppClientId,
"githubAppClientSecret": $githubAppClientSecret,
"hedgeEnabled": $hedgeEnabled,
"hedgeDomain": $hedgeDomain,
"hedgeCertArn": $hedgeCertArn,
"hedgeOriginAccessIdentity": $hedgeOriginAccessIdentity,
"hedgeCachePolicyId": $hedgeCachePolicyId,
"hedgeOriginPath": $hedgeOriginPath,
"awsAccountId": $awsAccountId,
"defaultSigningUsername": $defaultSigningUsername,
"defaultSigningPassword": $defaultSigningPassword,
"wattTimeUsername": $wattTimeUsername,
"wattTimePassword": $wattTimePassword,
"cloudName": $cloudName,
"githubMarketplaceWebookSecret": $githubMarketplaceWebookSecret
}' > private.prod.json
- name: Upload JSON Config file
uses: actions/upload-artifact@v2
with:
name: JSON Config file
path: private.prod.json
build_and_deploy:
needs: generate_config
runs-on: ubuntu-latest
steps:
- name: Set up Node.js
uses: actions/setup-node@v2
with:
node-version: '14'
- name: Set up Go 1.x
uses: actions/setup-go@v2
with:
go-version: ^1.15
id: go
- name: Check out code into the Go module directory
uses: actions/checkout@v2
- name: Install dependencies
run: npm ci
- name: Download JSON Config file
uses: actions/download-artifact@v2
with:
name: JSON Config file
- name: Install Bazel
run: |
sudo apt-get install curl
curl https://bazel.build/bazel-release.pub.gpg | sudo apt-key add -
echo "deb [arch=amd64] https://storage.googleapis.com/bazel-apt stable jdk1.8" | sudo tee /etc/apt/sources.list.d/bazel.list
sudo apt-get update && sudo apt-get install bazel
- name: Bazel build //api/entity
run: bazel build //api/entity
- name: Bazel build //api/gov
run: bazel build //api/gov
- name: Bazel build //api/user
run: bazel build //api/user
- name: Bazel build //api/authorizer
run: bazel build //api/authorizer
- name: Bazel build //api/stream
run: bazel build //api/stream
- name: Test Serverless Framework function locally with API Gateway event
run: sls invoke local -f hello -p event.json
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
- name: Deploy to AWS using Serverless
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
run: serverless deployhedge-test.yaml
todos:
- Need to run test for each available region (prod only)
name: Regression Test Hedge
on:
push:
branches: [ master ]
jobs:
build_and_deploy:
runs-on: ubuntu-latest
strategy:
matrix:
region: ['us-east-1', 'us-east-2', 'eu-east-1']
steps:
- name: Set up Node.js
uses: actions/setup-node@v2
with:
node-version: '14'
- name: Update system packages
run: sudo apt-get update
- name: Install HTTPie
run: sudo apt-get install -y httpie
- name: Install AWS SDK
run: npm install aws-sdk
- name: Authenticate with AWS Cognito
env:
AWS_REGION: 'your-aws-region' # replace 'your-aws-region' with your AWS region
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
USER_POOL_ID: ${{ secrets.USER_POOL_ID }}
CLIENT_ID: ${{ secrets.CLIENT_ID }}
run: |
# Here you should add a script or command that will authenticate with AWS Cognito and return a JWT token
# The JWT token should be stored in an environment variable for the next step
export TOKEN=$(node your_auth_script.js)
- name: Run HTTP POST tests
run: |
http POST https://${{ matrix.region }}.climateaware.eco/db Authorization:"Bearer $TOKEN"Example event.json file for testing api gateway input of entity api lambda
{
"resource": "/entity/ad/adlistitems",
"path": "/entity/ad/adlistitems",
"httpMethod": "GET",
"headers": {
"Content-Length": "625",
"Content-Type": "application/json",
"Host": "p1vgub4jtb.execute-api.us-east-1.amazonaws.com",
"Postman-Token": "71cbea13-de45-4160-b91c-2695baf650e2",
"User-Agent": "PostmanRuntime/6.4.1",
"X-Amzn-Trace-Id": "Root=1-5ec7a5d9-e77a95ff2fc7420140ab5832",
"X-Forwarded-For": "75.118.234.96",
"X-Forwarded-Port": "443",
"X-Forwarded-Proto": "https",
"accept": "*/*",
"accept-encoding": "gzip, deflate",
"authorization": "Bearer eyJraWQiOiJVTlRrNGhWaFVycTBrOHVBR3ZEWXNcL3cwZ1wvaVcrYjlQd2VPYk1iTTZTXC93PSIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiJlMzZiNDJmZS1iMDljLTQ1MTQtYTUxOS1lMTc4YmI1Mjk1N2UiLCJ0b2tlbl91c2UiOiJhY2Nlc3MiLCJzY29wZSI6ImF3cy5jb2duaXRvLnNpZ25pbi51c2VyLmFkbWluIGFkc19hcGlcL2Fkc19hcGkgbWVkaWFfYXBpXC9tZWRpYV9hcGkgb3BlbmlkIHByb2ZpbGUgdGF4b25vbXlfYXBpXC90YXhvbm9teV9hcGkgcHJvZmlsZXNfYXBpXC9wcm9maWxlc19hcGkgY2hhdFwvY2hhdCIsImF1dGhfdGltZSI6MTU5MDUwNzk1NiwiaXNzIjoiaHR0cHM6XC9cL2NvZ25pdG8taWRwLnVzLWVhc3QtMS5hbWF6b25hd3MuY29tXC91cy1lYXN0LTFfejhQaEszRDhWIiwiZXhwIjoxNTkwNTExNTU2LCJpYXQiOjE1OTA1MDc5NTYsInZlcnNpb24iOjIsImp0aSI6ImFlZTY0Yzg1LTUxYWUtNDliNC1hZGY5LTZlMTBkMTc1ZTkxYiIsImNsaWVudF9pZCI6IjNsa2lkbjc5cTRqcThuYWhrZWNzZ3VsZWlqIiwidXNlcm5hbWUiOiJ0b2RkeiJ9.O3kdN7_FZiPwBo7OGecOsBRdrE13qASe35f2pg12qLbCyVwqO4aiPmQX82NxgAoEHxs6Arq3sTkORfeCTf5pUzgEIM-9KhDaVSbUdje4Wge-KezheRVY9i1ssxvq02_8D_5gY7Ak_K7PnEV_cblF3szGeQ6xtYw-5WIbxExn6aBK0OBSCvzqEc0lY6laP3Kjjq7eqAkkFsigiFmbDrrAStYCZbtId-tYiDv2wdGDu9QPX7zhlv8xbyTHlxRDJNR39e8WQcwVn38YCHbJoFhAqRP3NUKTzFYPAA4Ta4prY1tfmtKT3jWGqCcvk4_fmMnLQXsbvU1p-mPqdmcldViNnw",
"cache-control": "no-cache"
},
"multiValueHeaders": {
"Content-Length": [
"625"
],
"Content-Type": [
"application/json"
],
"Host": [
"p1vgub4jtb.execute-api.us-east-1.amazonaws.com"
],
"Postman-Token": [
"71cbea13-de45-4160-b91c-2695baf650e2"
],
"User-Agent": [
"PostmanRuntime/6.4.1"
],
"X-Amzn-Trace-Id": [
"Root=1-5ec7a5d9-e77a95ff2fc7420140ab5832"
],
"X-Forwarded-For": [
"75.118.234.96"
],
"X-Forwarded-Port": [
"443"
],
"X-Forwarded-Proto": [
"https"
],
"accept": [
"*/*"
],
"accept-encoding": [
"gzip, deflate"
],
"authorization": [
"Bearer eyJraWQiOiJVTlRrNGhWaFVycTBrOHVBR3ZEWXNcL3cwZ1wvaVcrYjlQd2VPYk1iTTZTXC93PSIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiJlMzZiNDJmZS1iMDljLTQ1MTQtYTUxOS1lMTc4YmI1Mjk1N2UiLCJ0b2tlbl91c2UiOiJhY2Nlc3MiLCJzY29wZSI6ImF3cy5jb2duaXRvLnNpZ25pbi51c2VyLmFkbWluIGFkc19hcGlcL2Fkc19hcGkgbWVkaWFfYXBpXC9tZWRpYV9hcGkgb3BlbmlkIHByb2ZpbGUgdGF4b25vbXlfYXBpXC90YXhvbm9teV9hcGkgcHJvZmlsZXNfYXBpXC9wcm9maWxlc19hcGkgY2hhdFwvY2hhdCIsImF1dGhfdGltZSI6MTU5MDE0MTQ1MCwiaXNzIjoiaHR0cHM6XC9cL2NvZ25pdG8taWRwLnVzLWVhc3QtMS5hbWF6b25hd3MuY29tXC91cy1lYXN0LTFfejhQaEszRDhWIiwiZXhwIjoxNTkwMTQ1MDUwLCJpYXQiOjE1OTAxNDE0NTAsInZlcnNpb24iOjIsImp0aSI6IjQ4OWVkMTNhLTM5ZDUtNDcxMS1iNTI1LTllNTlhODdjYTM2MiIsImNsaWVudF9pZCI6IjNsa2lkbjc5cTRqcThuYWhrZWNzZ3VsZWlqIiwidXNlcm5hbWUiOiJ0b2RkeiJ9.IhzKi4MilXOArmX75VmIhRlVSqYQl_0wLibWETAukwcAnp_Zl2I6_p8ryA9wEudjqXFBpRcZa2wlZh2ZZ4Jd8nuFq9PcwD5WBTTeQ0dSlHQ6ls9FFSigqUW-w62JM1RwI52ImU8G_ZvVJlX9Bc6UbRlT6BzLVcJMco4k3oSWoU9mYbn-u2KBQ9x2SJEH6YHBmOJxgty5jo_Q1xPHTRjnY9lNI3oVOUCIbIjHEcw9Kj5MMeWC4zHmxhaae6gO1GMI9RMydpnqL1AJ2jpWXgJDyudDTGIACtryBZKlVdGhq-dbfURTvarKGNodrJGE9do3zZF7NbraSgS7DnJKv5bv7g"
],
"cache-control": [
"no-cache"
]
},
"queryStringParameters": {
"typeId": "5665f5f8-5533-4aa1-96f4-b78e02714de0"
},
"multiValueQueryStringParameters": null,
"pathParameters": {
"entityName": "ad",
"queryName": "adlistitems"
},
"stageVariables": null,
"requestContext": {
"accountId": "989992233821",
"resourceId": "GET /entity/ad/adlistitems",
"stage": "$default",
"requestId": "M7bZ9hnfoAMEVcw=",
"identity": {
"cognitoIdentityPoolId": "",
"accountId": "",
"cognitoIdentityId": "",
"caller": "",
"apiKey": "",
"apiKeyId": "",
"accessKey": "",
"sourceIp": "75.118.234.96",
"cognitoAuthenticationType": "",
"cognitoAuthenticationProvider": "",
"userArn": "",
"userAgent": "PostmanRuntime/6.4.1",
"user": ""
},
"resourcePath": "/entity/ad/adlistitems",
"authorizer": {
"claims": {
"auth_time": "1590141450",
"client_id": "3lkidn79q4jq8nahkecsguleij",
"exp": "1590145050",
"iat": "1590141450",
"iss": "https://cognito-idp.us-east-1.amazonaws.com/us-east-1_z8PhK3D8V",
"jti": "489ed13a-39d5-4711-b525-9e59a87ca362",
"sub": "e36b42fe-b09c-4514-a519-e178bb52957e",
"token_use": "access",
"username": "toddz",
"version": "2"
},
"scopes": [
"aws.cognito.signin.user.admin",
"ads_api/ads_api",
"media_api/media_api",
"openid",
"profile",
"taxonomy_api/taxonomy_api",
"profiles_api/profiles_api",
"chat/chat"
]
},
"httpMethod": "GET",
"apiId": "p1vgub4jtb"
},
"body": ""
}Sure, here's a simple example of a GitHub workflow that runs a Node.js script to authenticate with AWS Cognito and get a bearer token. This workflow uses GitHub's workflow_dispatch event, which allows you to manually trigger the workflow from GitHub's UI.
To use this workflow, you would need to add your AWS credentials, Cognito User Pool ID, and Cognito Client ID as secrets in your GitHub repository.
First, create a new file named cognito_auth.js in your repository and put the following content inside it:
const AWS = require('aws-sdk');
const cognitoidentityserviceprovider = new AWS.CognitoIdentityServiceProvider();
const poolData = {
UserPoolId: process.env.USER_POOL_ID,
ClientId: process.env.CLIENT_ID
};
const authDetails = {
AuthFlow: 'ADMIN_USER_PASSWORD_AUTH',
ClientId: poolData.ClientId,
UserPoolId: poolData.UserPoolId,
AuthParameters: {
USERNAME: process.argv[2],
PASSWORD: process.argv[3]
}
};
cognitoidentityserviceprovider.adminInitiateAuth(authDetails, function(err, data) {
if (err) {
console.error(err);
} else {
console.log('Bearer token:', data.AuthenticationResult.IdToken);
}
});
Then, create a new file named main.yml inside the .github/workflows directory in your repository and put the following content inside it:
name: AWS Cognito Authentication
on:
workflow_dispatch:
inputs:
username:
description: 'Cognito username'
required: true
password:
description: 'Cognito password'
required: true
jobs:
authenticate:
runs-on: ubuntu-latest
steps:
- name: Check out code
uses: actions/checkout@v2
- name: Set up Node.js
uses: actions/setup-node@v2
with:
node-version: '14'
- name: Install AWS SDK
run: npm install aws-sdk
- name: Authenticate with AWS Cognito
env:
AWS_REGION: 'your-aws-region' # replace 'your-aws-region' with your AWS region
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
USER_POOL_ID: ${{ secrets.USER_POOL_ID }}
CLIENT_ID: ${{ secrets.CLIENT_ID }}
run: node cognito_auth.js ${{ github.event.inputs.username }} ${{ github.event.inputs.password }}Replace 'your-aws-region' with your AWS region. This workflow can be triggered manually from the GitHub Actions tab in your repository. When triggering the workflow, you will be prompted to enter a username and password. The workflow will then run the Node.js script with these inputs and print out the bearer token.
- .workflow
- hedge-deploy.yaml
- builds hedge
- tests locally
- deploys to aws
- hedge-test.yaml (runs after hedge deploy) - uses http pie to verify endpoints using hedge-objects-dev and hedge-objects-prod
- hedge-deploy.yaml
Example og using a github action to generate a json file for the config json using environment vars.
name: Generate JSON file
on:
push:
branches:
- main
pull_request:
branches:
- main
env:
DEFAULT_USERNAME: 'your-username'
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Generate JSON file
run: |
echo '{
"username": "${{ env.DEFAULT_USERNAME }}",
"password": "${{ secrets.DEFAULT_PASSWORD }}"
}' > prod.private.json
shell: bash
- name: Upload JSON file
uses: actions/upload-artifact@v2
with:
name: JSON file
path: prod.private.jsonCleaner approach using jq
name: Generate JSON file
on:
push:
branches:
- main
pull_request:
branches:
- main
env:
DEFAULT_USERNAME: 'your-username'
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Install jq
run: sudo apt-get install jq
- name: Generate JSON file
run: |
jq -n \
--arg username "$DEFAULT_USERNAME" \
--arg password "$DEFAULT_PASSWORD" \
'{username: $username, password: $password}' > prod.private.json
env:
DEFAULT_PASSWORD: ${{ secrets.DEFAULT_PASSWORD }}
- name: Upload JSON file
uses: actions/upload-artifact@v2
with:
name: JSON file
path: prod.private.jsonUsing our variables
name: Generate JSON file
on:
push:
branches:
- main
pull_request:
branches:
- main
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Install jq
run: sudo apt-get install jq
- name: Generate JSON file
run: |
jq -n \
--arg elasticUrl "${{ secrets.ELASTIC_URL }}" \
--arg keyspaceUsername "${{ secrets.KEYSPACE_USERNAME }}" \
--arg keyspacePassword "${{ secrets.KEYSPACE_PASSWORD }}" \
--arg apigatewayEndpoint "${{ secrets.APIGATEWAY_ENDPOINT }}" \
--arg userPoolId "${{ secrets.USER_POOL_ID }}" \
--arg userPoolArn "${{ secrets.USER_POOL_ARN }}" \
--arg identityPoolId "${{ secrets.IDENTITY_POOL_ID }}" \
--arg issuer "${{ secrets.ISSUER }}" \
--arg cognitoAppClientId "${{ secrets.COGNITO_APP_CLIENT_ID }}" \
--arg bucketName "${{ secrets.BUCKET_NAME }}" \
--arg proxyAveDomain "${{ secrets.PROXY_AVE_DOMAIN }}" \
--arg aveApikey "${{ secrets.AVE_APIKEY }}" \
--arg proxyCarbonAwareDomain "${{ secrets.PROXY_CARBON_AWARE_DOMAIN }}" \
--arg githubToken "${{ secrets.GITHUB_TOKEN }}" \
--arg githubBranch "${{ secrets.GITHUB_BRANCH }}" \
--arg githubAppId "${{ secrets.GITHUB_APP_ID }}" \
--arg githubAppClientId "${{ secrets.GITHUB_APP_CLIENT_ID }}" \
--arg githubAppClientSecret "${{ secrets.GITHUB_APP_CLIENT_SECRET }}" \
--arg hedgeEnabled "${{ secrets.HEDGE_ENABLED }}" \
--arg hedgeDomain "${{ secrets.HEDGE_DOMAIN }}" \
--arg hedgeCertArn "${{ secrets.HEDGE_CERT_ARN }}" \
--arg hedgeOriginAccessIdentity "${{ secrets.HEDGE_ORIGIN_ACCESS_IDENTITY }}" \
--arg hedgeCachePolicyId "${{ secrets.HEDGE_CACHE_POLICY_ID }}" \
--arg hedgeOriginPath "${{ secrets.HEDGE_ORIGIN_PATH }}" \
--arg awsAccountId "${{ secrets.AWS_ACCOUNT_ID }}" \
--arg defaultSigningUsername "${{ secrets.DEFAULT_SIGNING_USERNAME }}" \
--arg defaultSigningPassword "${{ secrets.DEFAULT_SIGNING_PASSWORD }}" \
--arg wattTimeUsername "${{ secrets.WATTTIME_USERNAME }}" \
--arg wattTimePassword "${{ secrets.WATTTIME_PASSWORD }}" \
--arg cloudName "${{ secrets.CLOUD_NAME }}" \
--arg githubMarketplaceWebookSecret "${{ secrets.GITHUB_MARKETPLACE_WEBHOOK_SECRET }}" \
'{
"elasticUrl": $elasticUrl,
"keyspaceUsername": $keyspaceUsername,
"keyspacePassword": $keyspacePassword,
"apigatewayEndpoint": $apigatewayEndpoint,
"userPoolId": $userPoolId,
"userPoolArn": $userPoolArn,
"identityPoolId": $identityPoolId,
"issuer": $issuer,
"cognitoAppClientId": $cognitoAppClientId,
"bucketName": $bucketName,
"proxyAveDomain": $proxyAveDomain,
"aveApikey": $aveApikey,
"proxyCarbonAwareDomain": $proxyCarbonAwareDomain,
"githubToken": $githubToken,
"githubBranch": $githubBranch,
"githubAppId": $githubAppId,
"githubAppClientId": $githubAppClientId,
"githubAppClientSecret": $githubAppClientSecret,
"hedgeEnabled": $hedgeEnabled,
"hedgeDomain": $hedgeDomain,
"hedgeCertArn": $hedgeCertArn,
"hedgeOriginAccessIdentity": $hedgeOriginAccessIdentity,
"hedgeCachePolicyId": $hedgeCachePolicyId,
"hedgeOriginPath": $hedgeOriginPath,
"awsAccountId": $awsAccountId,
"defaultSigningUsername": $defaultSigningUsername,
"defaultSigningPassword": $defaultSigningPassword,
"wattTimeUsername": $wattTimeUsername,
"wattTimePassword": $wattTimePassword,
"cloudName": $cloudName,
"githubMarketplaceWebookSecret": $githubMarketplaceWebookSecret
}' > prod.private.json