Skip to content

refactor pulumi gitops-bridge #8

refactor pulumi gitops-bridge

refactor pulumi gitops-bridge #8

Workflow file for this run

name: Pulumi Preview
on:
pull_request:
paths:
- pulumi/**
workflow_dispatch: null
jobs:
preview:
runs-on: ubuntu-latest
strategy:
fail-fast: false
# This IAM Matrix should have a name with the stack name, awsAccountID, and iamRole
# with access to deploy AWS resources in you account. The easiest method is attaching AdministratorAccess Policy to role
# See https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services for details on implementing OIDC with Github Actions
matrix:
arrays: [
stack: {name: "hub", awsAccountID: "AWS_ACCOUNT_ID", iamRole: "AWS_DEPLOY_ROLE"},
stack: {name: "dev", awsAccountID: "AWS_ACCOUNT_ID", iamRole: "AWS_DEPLOY_ROLE"},
stack: {name: "prod", awsAccountID: "AWS_ACCOUNT_ID", iamRole: "AWS_DEPLOY_ROLE"},
]
permissions:
id-token: write
contents: read
name: Pulumi Preview ${{ matrix.arrays.stack.name }}
steps:
- name: Checkout 🛎️
uses: actions/checkout@v4
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{ secrets.AWS_DEFAULT_REGION }}
## the following creates an ARN based on the values entered into github secrets
role-to-assume: arn:aws:iam::${{ secrets[matrix.arrays.stack.awsAccountID] }}:role/${{ secrets[matrix.arrays.stack.iamRole] }}
role-session-name: myGitHubActions
- name: 📦️ Pulumi Install 📦️
uses: pulumi/actions@v5
- name: Overrides Pulumi Config 🔨
working-directory: pulumi
env:
PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
run: |
pulumi stack select ${{ matrix.arrays.stack.name }}
pulumi config set githubOrg ${GITHUB_REPOSITORY_OWNER}
pulumi config set githubRepo $(echo "${GITHUB_REPOSITORY}" | cut -d '/' -f2)
pulumi config set veleroBucketPrefix ${{ secrets.VELERO_BACKUP_BUCKET }}
if [ ${{ matrix.arrays.stack.name }} != "hub" ]; then
pulumi config set hubStackName ${{ secrets.PULUMI_ACCOUNT }}/${{ secrets.PULUMI_PROJECT }}/hub
fi
cat stacks/Pulumi.${{ matrix.arrays.stack.name }}.yaml
- name: Setup Node LTS ✨
uses: actions/setup-node@v4
with:
node-version: lts/*
cache: npm
cache-dependency-path: pulumi/src/package-lock.json
- name: Installing dependencies 📦️
run: |
cd ./pulumi/src
npm install
- name: Preview infrastructure 🚀
uses: pulumi/actions@v5
with:
command: preview
work-dir: ./pulumi
stack-name: ${{ matrix.arrays.stack.name }}
comment-on-summary: true
diff: true
env:
PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
GITHUB_TOKEN: ${{ secrets.PULUMI_GITHUB_TOKEN }}