p6m7g8 · mergify · Nov 1, 2024 · Nov 1, 2024
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -7,36 +7,16 @@ on:
 jobs:
   build:
     runs-on: ubuntu-latest
+    permissions:
+      id-token: write
     container:
       image: jsii/superchain:1-bookworm-slim-node22
     steps:
-      - name: Checkout code
-        uses: actions/[email protected]
-      - name: Restore NPM node_modules
-        uses: actions/cache/[email protected]
+      - name: CDK Construct Build
+        uses: p6m7g8-actions/cdk-construct-build@main
         with:
-          path: node_modules
-          key: ${{ runner.os }}-node_modules-${{ hashFiles('yarn.lock') }}
-          restore-keys: |
-            ${{ runner.os }}-node_modules-
-      - name: Install node_modules
-        run: |
-          sudo corepack enable
-          yarn install
-      - name: Cache NPM dependencies
-        uses: actions/[email protected]
-        with:
-          path: node_modules
-          key: ${{ runner.os }}-node_modules-${{ hashFiles('yarn.lock') }}
-          restore-keys: |
-            ${{ runner.os }}-node_modules-
-      - name: Run build
-        run: yarn run ci:gha
-      - name: Upload coverage to Codecov
-        uses: codecov/[email protected]
-        with:
-          directory: coverage
-        env:
-          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
-      - name: Run Package
-        run: yarn run jsii:pacmak:parallel
+          aws_region: ${{ secrets.CDK_DEPLOY_REGION }}
+          aws_role: ${{ secrets.AWS_ROLE }}
+          aws_session_name: ${{ secrets.AWS_SESSION_NAME }}
+          cdk_deploy_account: ${{ secrets.CDK_DEPLOY_ACCOUNT }}
+          cdk_deploy_region: ${{ secrets.CDK_DEPLOY_REGION }}
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -9,221 +9,22 @@ on:
 jobs:
   release:
     runs-on: ubuntu-latest
-    if: ${{ !contains(github.event.head_commit.message, 'chore(release):') }}
-    steps:
-      - name: no-op
-        run: echo "No-op"
-
-  release_github:
-    name: Release to Github
-    needs: release
-    runs-on: ubuntu-latest
-    outputs:
-      bump: ${{ steps.bump.outputs.bump }}
-    if: ${{ !contains(github.event.head_commit.message, 'chore(release):') }}
-    steps:
-      - name: Checkout code
-        uses: actions/[email protected]
-        with:
-          fetch-depth: 0
-      - name: Bump version
-        id: bump
-        run: |
-          bin/version.bash
-          if grep -E "^- (chore|fix|feat|major)\!*" dist/changelog.md; then
-            echo "bump=true" >> $GITHUB_OUTPUT
-          else
-            echo "bump=false" >> $GITHUB_OUTPUT
-          fi
-      - name: Github Release
-        if: ${{ steps.bump.outputs.bump == 'true' }}
-        env:
-          GITHUB_TOKEN: ${{ secrets.P6_A_GH_TOKEN }}
-          GITHUB_REPOSITORY: ${{ github.repository }}
-          GITHUB_REF: ${{ github.ref }}
-        run: |
-          TAG_NAME=$(cat dist/releasetag.txt)
-
-          if gh release view "$TAG_NAME" -R "$GITHUB_REPOSITORY" > /dev/null 2>&1; then
-            echo "Release with tag $TAG_NAME already exists. Skipping release creation."
-          else
-            gh release create "$TAG_NAME" -R "$GITHUB_REPOSITORY" -F dist/changelog.md -t "$TAG_NAME" --target "$GITHUB_REF"
-            echo "Release with tag $TAG_NAME created successfully."
-          fi
-
-  release_npmjs:
-    name: Release to NPM JS
-    needs: release_github
-    runs-on: ubuntu-latest
-    container:
-      image: jsii/superchain:1-bookworm-slim-node22
-    if: ${{ needs.release_github.outputs.bump == 'true' && !contains(github.event.head_commit.message, 'chore(release):') }}
-    steps:
-      - name: Checkout code
-        uses: actions/[email protected]
-        with:
-          fetch-depth: 0
-      - name: Restore NPM node_modules
-        uses: actions/cache/[email protected]
-        with:
-          path: node_modules
-          key: ${{ runner.os }}-node_modules-${{ hashFiles('yarn.lock') }}
-          restore-keys: |
-            ${{ runner.os }}-node_modules-
-      - name: Install node_modules
-        run: |
-          sudo corepack enable
-          yarn install
-      - name: Cache NPM node_modules
-        uses: actions/[email protected]
-        with:
-          path: node_modules
-          key: ${{ runner.os }}-node_modules-${{ hashFiles('yarn.lock') }}
-          restore-keys: |
-            ${{ runner.os }}-node_modules-
-      - name: Bump version
-        run: bin/version.bash
-      - name: Compile
-        run: yarn run compile
-      - name: JSII Pacmak JS
-        run: yarn run jsii:pacmak:js
-      - name: Publish to NPM
-        env:
-          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
-        run: yarn run publish:npm
-
-  release_pypi:
-    name: Release to PYPI
-    needs: release_github
-    runs-on: ubuntu-latest
-    container:
-      image: jsii/superchain:1-bookworm-slim-node22
-    if: ${{ needs.release_github.outputs.bump == 'true' && !contains(github.event.head_commit.message, 'chore(release):') }}
-    steps:
-      - name: Checkout code
-        uses: actions/[email protected]
-        with:
-          fetch-depth: 0
-      - name: Setup Python
-        uses: actions/[email protected]
-        with:
-          python-version: '3.x'
-      - name: Restore NPM node_modules
-        uses: actions/cache/[email protected]
-        with:
-          path: node_modules
-          key: ${{ runner.os }}-node_modules-${{ hashFiles('yarn.lock') }}
-          restore-keys: |
-            ${{ runner.os }}-node_modules-
-      - name: Install node_modules
-        run: |
-          sudo corepack enable
-          yarn install
-      - name: Cache NPM node_modules
-        uses: actions/[email protected]
-        with:
-          path: node_modules
-          key: ${{ runner.os }}-node_modules-${{ hashFiles('yarn.lock') }}
-          restore-keys: |
-            ${{ runner.os }}-node_modules-
-      - name: Bump version
-        run: bin/version.bash
-      - name: Compile
-        run: yarn run compile
-      - name: JSII Pacmak PY
-        run: yarn run jsii:pacmak:py
-      - name: Publish to PYPI
-        env:
-          TWINE_USERNAME: ${{ secrets.TWINE_USERNAME }}
-          TWINE_PASSWORD: ${{ secrets.TWINE_PASSWORD }}
-        run: yarn run publish:pypi
-
-  release_nuget:
-    name: Release to Nuget
-    needs: release_github
-    runs-on: ubuntu-latest
-    container:
-      image: jsii/superchain:1-bookworm-slim-node22
-    if: ${{ needs.release_github.outputs.bump == 'true' && !contains(github.event.head_commit.message, 'chore(release):') }}
-    steps:
-      - name: Checkout code
-        uses: actions/[email protected]
-        with:
-          fetch-depth: 0
-      - name: Restore NPM node_modules
-        uses: actions/cache/[email protected]
-        with:
-          path: node_modules
-          key: ${{ runner.os }}-node_modules-${{ hashFiles('yarn.lock') }}
-          restore-keys: |
-            ${{ runner.os }}-node_modules-
-      - name: Install node_modules
-        run: |
-          sudo corepack enable
-          yarn install
-      - name: Cache NPM node_modules
-        uses: actions/[email protected]
-        with:
-          path: node_modules
-          key: ${{ runner.os }}-node_modules-${{ hashFiles('yarn.lock') }}
-          restore-keys: |
-            ${{ runner.os }}-node_modules-
-      - name: Bump version
-        run: bin/version.bash
-      - name: Compile
-        run: yarn run compile
-      - name: JSII Pacmak PY
-        run: yarn run jsii:pacmak:dotnet
-      - name: Publish to Nuget
-        env:
-          NUGET_API_KEY: ${{ secrets.NUGET_API_KEY }}
-        run: |
-          yarn run publish:nuget
-
-  release_golang:
-    name: Release to GoLang
-    needs: release_github
-    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
     container:
       image: jsii/superchain:1-bookworm-slim-node22
-    if: ${{ needs.release_github.outputs.bump == 'true' && !contains(github.event.head_commit.message, 'chore(release):') }}
     steps:
-      - name: Checkout code
-        uses: actions/[email protected]
-        with:
-          fetch-depth: 0
-      - name: Restore NPM node_modules
-        uses: actions/cache/[email protected]
-        with:
-          path: node_modules
-          key: ${{ runner.os }}-node_modules-${{ hashFiles('yarn.lock') }}
-          restore-keys: |
-            ${{ runner.os }}-node_modules-
-      - name: Install node_modules
-        run: |
-          sudo corepack enable
-          yarn install
-      - name: Cache NPM node_modules
-        uses: actions/[email protected]
-        with:
-          path: node_modules
-          key: ${{ runner.os }}-node_modules-${{ hashFiles('yarn.lock') }}
-          restore-keys: |
-            ${{ runner.os }}-node_modules-
-      - name: Bump version
-        run: bin/version.bash
-      - name: Compile
-        run: yarn run compile
-      - name: JSII Pacmak GoLang
-        run: yarn run jsii:pacmak:go
-      - name: Publish to GoLang
-        env:
-          GIT_USER_NAME: github-actions
-          GIT_USER_EMAIL: [email protected]
-          GH_TOKEN: ${{ secrets.GO_GITHUB_TOKEN }}
-          GITHUB_TOKEN: ${{ secrets.GO_GITHUB_TOKEN }}
-        run: |
-          git config --global user.name "$GIT_USER_NAME"
-          git config --global user.email "$GIT_USER_EMAIL"
-          git remote set-url origin "https://[email protected]/$GITHUB_REPOSITORY.git"
-          yarn run publish:golang
+      - name: CDK Construct Build & Release
+        uses: p6m7g8-actions/cdk-construct-release@main
+        with:
+          aws_region: ${{ secrets.CDK_DEPLOY_REGION }}
+          aws_role: ${{ secrets.AWS_ROLE }}
+          aws_session_name: ${{ secrets.AWS_SESSION_NAME }}
+          cdk_deploy_account: ${{ secrets.CDK_DEPLOY_ACCOUNT }}
+          cdk_deploy_region: ${{ secrets.CDK_DEPLOY_REGION }}
+          npm_token: ${{ secrets.NPM_TOKEN }}
+          twine_username: ${{ secrets.TWINE_USERNAME }}
+          twine_password: ${{ secrets.TWINE_PASSWORD }}
+          nuget_api_key: ${{ secrets.NUGET_API_KEY }}
+          go_github_token: ${{ secrets.GO_GITHUB_TOKEN }}
+          p6_a_gh_token: ${{ secrets.P6_A_GH_TOKEN }}
diff --git a/.github/workflows/upgrade-main.yml b/.github/workflows/upgrade-main.yml
@@ -8,56 +8,6 @@ on:
 jobs:
   upgrade:
     runs-on: ubuntu-latest
-    container:
-      image: jsii/superchain:1-bookworm-slim-node22
     steps:
-      - name: Checkout code
-        uses: actions/[email protected]
-        with:
-          fetch-depth: 0
-          ref: main
-      - name: Restore NPM node_modules
-        uses: actions/cache/[email protected]
-        with:
-          path: node_modules
-          key: ${{ runner.os }}-node_modules-${{ hashFiles('yarn.lock') }}
-          restore-keys: |
-            ${{ runner.os }}-node_modules-
-      - name: Install node_modules
-        run: |
-          sudo corepack enable
-          yarn install
-      - name: Cache NPM dependencies
-        uses: actions/[email protected]
-        with:
-          path: node_modules
-          key: ${{ runner.os }}-node_modules-${{ hashFiles('yarn.lock') }}
-          restore-keys: |
-            ${{ runner.os }}-node_modules-
-      - name: Update Deps
-        run: yarn up
-      - name: Gather Diff
-        id: diff
-        run: |
-          git diff > diff.txt
-          echo "diff<<EOF" >> $GITHUB_ENV
-          cat diff.txt >> $GITHUB_ENV
-          echo "EOF" >> $GITHUB_ENV
-      - name: Create Pull Request
-        id: create-pr
-        uses: peter-evans/[email protected]
-        with:
-          token: ${{ secrets.P6_PGOLLUCCI_GH_TOKEN }}
-          commit-message: |-
-            chore(deps): upgrade dependencies
-          branch: github-actions/upgrade-main
-          title: "chore(deps): upgrade dependencies"
-          labels: auto-merge
-          body: |
-              Upgrades project dependencies. The following changes were made:
-              ```diff
-              ${{ env.diff }}
-              ```
-          author: github-actions <[email protected]>
-          committer: github-actions <[email protected]>
-          signoff: true
+      - name: Upgrade Deps
+        uses: p6m7g8-actions/cdk-construct-upgrade@main