reusable_deploy_v2_layer_stack.yml

name: Deploy CDK Layer v2 stack

permissions:
  id-token: write
  contents: write

on:
  workflow_call:
    inputs:
      stage:
        description: "Deployment stage (BETA, PROD)"
        required: true
        type: string
      artefact-name:
        description: "CDK Layer Artefact name to download"
        required: true
        type: string
      environment:
        description: "GitHub Environment to use for encrypted secrets"
        required: true
        type: string
      latest_published_version:
        description: "Latest version that is published"
        required: true
        type: string

jobs:
  deploy-cdk-stack:
    runs-on: ubuntu-latest
    environment: ${{ inputs.environment }}
    defaults:
      run:
        working-directory: ./layer
    strategy:
      fail-fast: false
      matrix:
        # To get a list of current regions, use:
        # aws ec2 describe-regions --all-regions --query "Regions[].RegionName" --output text | tr "\t" "\n" | sort
        include:
          - region: "af-south-1"
            has_arm64_support: "true"
          - region: "ap-east-1"
            has_arm64_support: "true"
          - region: "ap-northeast-1"
            has_arm64_support: "true"
          - region: "ap-northeast-2"
            has_arm64_support: "true"
          - region: "ap-northeast-3"
            has_arm64_support: "true"
          - region: "ap-south-1"
            has_arm64_support: "true"
          - region: "ap-south-2"
            has_arm64_support: "false"
          - region: "ap-southeast-1"
            has_arm64_support: "true"
          - region: "ap-southeast-2"
            has_arm64_support: "true"
          - region: "ap-southeast-3"
            has_arm64_support: "true"
          - region: "ap-southeast-4"
            has_arm64_support: "false"
          - region: "ca-central-1"
            has_arm64_support: "true"
          - region: "eu-central-1"
            has_arm64_support: "true"
          - region: "eu-central-2"
            has_arm64_support: "false"
          - region: "eu-north-1"
            has_arm64_support: "true"
          - region: "eu-south-1"
            has_arm64_support: "true"
          - region: "eu-south-2"
            has_arm64_support: "false"
          - region: "eu-west-1"
            has_arm64_support: "true"
          - region: "eu-west-2"
            has_arm64_support: "true"
          - region: "eu-west-3"
            has_arm64_support: "true"
          - region: "me-central-1"
            has_arm64_support: "false"
          - region: "me-south-1"
            has_arm64_support: "true"
          - region: "sa-east-1"
            has_arm64_support: "true"
          - region: "us-east-1"
            has_arm64_support: "true"
          - region: "us-east-2"
            has_arm64_support: "true"
          - region: "us-west-1"
            has_arm64_support: "true"
          - region: "us-west-2"
            has_arm64_support: "true"
    steps:
      - name: checkout
        uses: actions/checkout@v3
      - name: Install poetry
        run: pipx install poetry
      - name: aws credentials
        uses: aws-actions/configure-aws-credentials@e1e17a757e536f70e52b5a12b2e8d1d1c60e04ef
        with:
          aws-region: ${{ matrix.region }}
          role-to-assume: ${{ secrets.AWS_LAYERS_ROLE_ARN }}
      - name: Setup Node.js
        uses: actions/setup-node@v3
        with:
          node-version: "16.12"
      - name: Setup python
        uses: actions/setup-python@v4
        with:
          python-version: "3.10"
          cache: "pip"
      - name: Resolve and install project dependencies
        # CDK spawns system python when compiling stack
        # therefore it ignores both activated virtual env and cached interpreter by GH
        run: |
          poetry export --format requirements.txt --output requirements.txt
          pip install -r requirements.txt
      - name: install cdk and deps
        working-directory: ./
        run: |
          npm install
          npx cdk --version
      - name: install deps
        run: poetry install
      - name: Download artifact
        uses: actions/download-artifact@v3
        with:
          name: ${{ inputs.artefact-name }}
          path: layer
      - name: unzip artefact
        run: unzip cdk.out.zip
      - name: CDK Deploy Layer
        run: npx cdk deploy --app cdk.out --context region=${{ matrix.region }} --parameters HasARM64Support=${{ matrix.has_arm64_support }} 'LayerV2Stack' --require-approval never --verbose --outputs-file cdk-outputs.json
      - name: Store latest Layer ARN
        if: ${{ inputs.stage == 'PROD' }}
        run: |
          mkdir cdk-layer-stack
          jq -r -c '.LayerV2Stack.LatestLayerArn' cdk-outputs.json > cdk-layer-stack/${{ matrix.region }}-layer-version.txt
          jq -r -c '.LayerV2Stack.LatestLayerArm64Arn' cdk-outputs.json >> cdk-layer-stack/${{ matrix.region }}-layer-version.txt
          cat cdk-layer-stack/${{ matrix.region }}-layer-version.txt
      - name: Save Layer ARN artifact
        if: ${{ inputs.stage == 'PROD' }}
        uses: actions/upload-artifact@v3
        with:
          name: cdk-layer-stack
          path: ./layer/cdk-layer-stack/* # NOTE: upload-artifact does not inherit working-directory setting.
          if-no-files-found: error
          retention-days: 1
      - name: CDK Deploy Canary
        run: npx cdk deploy --app cdk.out --context region=${{ matrix.region }} --parameters DeployStage="${{ inputs.stage }}" --parameters HasARM64Support=${{ matrix.has_arm64_support }} 'CanaryV2Stack' --require-approval never --verbose

  update_v2_layer_arn_docs:
    needs: deploy-cdk-stack
    if: ${{ inputs.stage == 'PROD' }}
    uses: ./.github/workflows/reusable_update_v2_layer_arn_docs.yml
    with:
      latest_published_version: ${{ inputs.latest_published_version }}