EREGCSC-2883 (attempt 3) Connect GitHub to CDK via OIDC #1545
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "Remove Experimental" | |
| on: | |
| workflow_dispatch: | |
| pull_request: | |
| types: [ closed ] | |
| permissions: | |
| id-token: write | |
| contents: read | |
| actions: read | |
| jobs: | |
| remove: | |
| environment: | |
| name: "dev" | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| # gettign PR is trivial here because the only tirgger is closing a PR | |
| - name: Echo PR# | |
| env: | |
| PR: ${{ github.event.number }} | |
| run: echo "Your PR is ${PR}" | |
| # Checkout the code | |
| - uses: actions/checkout@v3 | |
| with: | |
| submodules: true | |
| # Setup Node | |
| - uses: actions/setup-node@v3 | |
| with: | |
| node-version: 18.14 | |
| # Setup Python | |
| - uses: actions/setup-python@v4 | |
| with: | |
| python-version: '3.12' | |
| # Configure AWS credentials for GitHub Actions | |
| - name: Configure AWS credentials for GitHub Actions | |
| uses: aws-actions/configure-aws-credentials@v2 | |
| with: | |
| role-to-assume: ${{ secrets.AWS_OIDC_ROLE_TO_ASSUME }} | |
| aws-region: us-east-1 | |
| - name: remove hello world cdk stack | |
| env: | |
| PR_NUMBER: ${{ github.event.number }} | |
| AWS_ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID }} | |
| AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }} | |
| run: | | |
| pushd cdk-eregs | |
| npm install -g aws-cdk | |
| npm install | |
| STAGE=dev${PR_NUMBER} cdk destroy -c stage=dev${PR_NUMBER} -c account=${AWS_ACCOUNT_ID} -c region=${AWS_DEFAULT_REGION} \ | |
| dev${PR_NUMBER}-HelloWorldStack --force | |
| popd | |
| # Remove parsers | |
| - name: remove parsers | |
| env: | |
| PR: ${{ github.event.number }} | |
| run: | | |
| pushd solution/parser | |
| npm install serverless@">=3.38.0 <4" -g | |
| npm install | |
| chmod +x ~/work/cmcs-eregulations/cmcs-eregulations/.github/workflows/delete_cloudformation_stacks.sh | |
| ~/work/cmcs-eregulations/cmcs-eregulations/.github/workflows/delete_cloudformation_stacks.sh cmcs-eregs-parser-dev${PR} $PR "./serverless-ecfr.yml" | |
| ~/work/cmcs-eregulations/cmcs-eregulations/.github/workflows/delete_cloudformation_stacks.sh cmcs-eregs-fr-parser-dev${PR} $PR "./serverless-fr.yml" | |
| popd | |
| # remove the regulations site | |
| - name: remove experimental regulations site server | |
| # If previous step fails the database will not be removed and you cannot rerun it | |
| # In this instance we want to just remove the database so that we dont have | |
| # to go into the database and do it manually. | |
| # If process is manually stopped it will not run this step. | |
| if: success() || failure() | |
| env: | |
| PR: ${{ github.event.number }} | |
| RUN_ID: ${{ github.run_id }} | |
| run: | | |
| pushd solution/backend | |
| npm install serverless@">=3.38.0 <4" -g | |
| npm install | |
| serverless invoke --config ./serverless-experimental.yml --function empty_bucket --stage dev${PR} | |
| # remove the database if its there. | |
| serverless invoke --config ./serverless-experimental.yml --function drop_database --stage dev${PR} | |
| ~/work/cmcs-eregulations/cmcs-eregulations/.github/workflows/delete_cloudformation_stacks.sh cmcs-eregs-site-dev${PR} $PR "./serverless-experimental.yml" | |
| popd | |
| - name: remove text-extractor lambda | |
| if: success() || failure() | |
| env: | |
| PR: ${{ github.event.number }} | |
| RUN_ID: ${{ github.run_id }} | |
| run: | | |
| pushd solution/text-extractor | |
| npm install serverless@">=3.38.0 <4" -g | |
| serverless remove --stage dev${PR} | |
| popd | |
| # Remove the static assets | |
| - name: remove static assets | |
| if: success() || failure() | |
| env: | |
| PR: ${{ github.event.number }} | |
| RUN_ID: ${{ github.run_id }} | |
| run: | | |
| pushd solution/static-assets | |
| npm install serverless@">=3.38.0 <4" -g | |
| npm install | |
| serverless remove --stage dev${PR} | |
| popd |