feat(infra): parametrize environment

Opetushallitus · Sep 12, 2024 · 27dcb9e · 27dcb9e
1 parent 358e614
commit 27dcb9e
Show file tree

Hide file tree

Showing 4 changed files with 97 additions and 32 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -11,14 +11,10 @@ concurrency: build-${{ github.ref }}
 jobs:
   build:
     name: Build
-
     runs-on: ubuntu-latest
-
     permissions:
       contents: read
       packages: write
-      id-token: write
-
     steps:
     - uses: actions/checkout@v4
     - name: Build and push Docker image
@@ -28,20 +24,22 @@ jobs:
         echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
     - run: docker push ghcr.io/opetushallitus/koto-rekisteri:$GITHUB_SHA
       if: github.ref_name == 'main'
-    - name: Log in to dev
-      uses: aws-actions/configure-aws-credentials@v4
-      with:
-        aws-region: eu-west-1
-        role-to-assume: arn:aws:iam::682033502734:role/kitu-github-actions-role
-    - name: Diff
-      if: github.ref_name != 'main'
-      run: |
-        npm ci
-        npx cdk diff --all --require-approval=never
-      working-directory: infra
-    - name: Deploy
-      if: github.ref_name == 'main'
-      run: |
-        npm ci
-        npx cdk deploy --all --require-approval=never
-      working-directory: infra
+
+  deploy_dev:
+    name: Deploy to dev
+    needs: build
+    uses: ./.github/workflows/deploy-env.yml
+    with:
+      env: dev
+      account_id: 682033502734
+
+  deploy_test:
+    name: Deploy to test
+    needs: deploy_dev
+    uses: ./.github/workflows/deploy-env.yml
+    with:
+      env: test
+      account_id: 961341546901
+
+
+
diff --git a/.github/workflows/deploy-env.yml b/.github/workflows/deploy-env.yml
@@ -0,0 +1,42 @@
+name: Deploy
+
+on:
+  workflow_call:
+    inputs:
+      env:
+        type: string
+        required: true
+      account_id:
+        type: string
+        required: true
+
+jobs:
+  deploy:
+    name: Deploy to ${{ inputs.env }} (${{ inputs.account_id }})
+    runs-on: ubuntu-latest
+    environment: ${{ inputs.env }}
+    env:
+      KITU_ENV: ${{ inputs.env }}
+      ACCOUNT_ID: ${{ inputs.account_id }}
+    permissions:
+      id-token: write
+      contents: read
+    steps:
+      - uses: actions/checkout@v4
+      - name: Log in to ${{ env.KITU_ENV }}
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-region: eu-west-1
+          role-to-assume: arn:aws:iam::${{ env.ACCOUNT_ID }}:role/kitu-github-actions-role
+      - name: Diff
+        if: github.ref_name != 'main'
+        run: |
+          npm ci
+          npx cdk diff --all --require-approval=never
+        working-directory: infra
+      - name: Deploy
+        if: github.ref_name == 'main'
+        run: |
+          npm ci
+          npx cdk deploy --all --require-approval=never
+        working-directory: infra
diff --git a/infra/bin/infra.ts b/infra/bin/infra.ts
@@ -8,25 +8,45 @@ import { InfraStack } from "../lib/infra-stack";
 // VPCs: 10.15.0.0/18, 10.15.64.0/18, 10.15.128.0/18, 10.15.192.0/18 (16382 addresses)
 // Subnets: (let AWS calculate these for us)
 
-const accounts = {
+const environments = {
   dev: {
     account: "682033502734",
     region: "eu-west-1",
-  },
-  network: {
-    cidrs: {
-      dev: "10.15.0.0/18",
+    network: {
+      cidr: "10.15.0.0/18",
+      maxAzs: 2,
     },
-    maxAzs: {
-      dev: 2,
+  },
+  test: {
+    account: "961341546901",
+    region: "eu-west-1",
+    network: {
+      cidr: "10.15.64.0/18",
+      maxAzs: 3,
     },
   },
 };
 
+type EnvName = keyof typeof environments;
+
 const app = new cdk.App();
 
-const devStack = new InfraStack(app, "InfraStack", {
-  env: accounts.dev,
-  cidrBlock: accounts.network.cidrs.dev,
-  maxAzs: accounts.network.maxAzs.dev,
+const envName = process.env.KITU_ENV;
+
+if (envName === undefined) {
+  throw new Error("KITU_ENV required");
+}
+
+if (environments[envName as EnvName] === undefined) {
+  throw new Error(
+    `KITU_ENV invalid value ${envName}, expected one of ${Object.keys(environments).join(", ")}`,
+  );
+}
+
+const env = environments[envName as EnvName];
+
+new InfraStack(app, "InfraStack", {
+  env,
+  cidrBlock: env.network.cidr,
+  maxAzs: env.network.maxAzs,
 });
diff --git a/infra/cdk.context.json b/infra/cdk.context.json
@@ -3,5 +3,10 @@
     "eu-west-1a",
     "eu-west-1b",
     "eu-west-1c"
+  ],
+  "availability-zones:account=961341546901:region=eu-west-1": [
+    "eu-west-1a",
+    "eu-west-1b",
+    "eu-west-1c"
   ]
 }