Merge pull request #363 from pwrdrvr/update-aws-creds-action-to-v4

Update AWS creds action to v4 / retry PR close
pwrdrvr · Apr 25, 2024 · ba35b3c · ba35b3c
2 parents dc7afc9 + 3e9bb3b
commit ba35b3c
Show file tree

Hide file tree

Showing 2 changed files with 51 additions and 25 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -198,7 +198,7 @@ jobs:
         run: yarn esbuild:edge-to-origin
 
       - name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@v2
+        uses: aws-actions/configure-aws-credentials@v4
         with:
           role-session-name: microapps-ghpublic-build
           role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/builder-writeRole
@@ -329,14 +329,17 @@ jobs:
             --overwrite
 
       - name: Demo App URL
-        uses: Sibz/github-status-action@v1
+        uses: octokit/request-action@v2.x
         with:
-          authToken: ${{secrets.GITHUB_TOKEN}}
-          context: 'Demo App URL on ${{ matrix.deployName }}'
-          description: 'Passed'
-          state: 'success'
-          sha: ${{github.event.pull_request.head.sha || github.sha}}
+          route: POST /repos/{owner}/{repo}/statuses/${{ github.event.pull_request.head.sha || github.sha }}
+          owner: ${{ github.repository_owner }}
+          repo: ${{ github.event.repository.name }}
+          state: success
           target_url: https://${{ steps.getCDKExports.outputs.edgeDomain }}${{ steps.getCDKExports.outputs.prefix }}/${{ env.DEMO_APP_NAME }}/?appver=0.0.0
+          description: 'Passed'
+          context: 'Demo App URL on ${{ matrix.deployName }}'
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Test Demo App
         run: |
@@ -384,14 +387,17 @@ jobs:
             --overwrite
 
       - name: Demo App URL - Root App
-        uses: Sibz/github-status-action@v1
+        uses: octokit/request-action@v2.x
         with:
-          authToken: ${{secrets.GITHUB_TOKEN}}
+          route: POST /repos/{owner}/{repo}/statuses/${{ github.event.pull_request.head.sha || github.sha }}
+          owner: ${{ github.repository_owner }}
+          repo: ${{ github.event.repository.name }}
           context: 'Demo App (Root App) URL on ${{ matrix.deployName }}'
           description: 'Passed'
-          state: 'success'
-          sha: ${{github.event.pull_request.head.sha || github.sha}}
+          state: success
           target_url: https://${{ steps.getCDKExports.outputs.edgeDomain }}${{ steps.getCDKExports.outputs.prefix }}/?appver=${{ env.PACKAGE_VERSION }}
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Test Demo App - Root App
         run: |
@@ -417,14 +423,17 @@ jobs:
             --overwrite
 
       - name: Nextjs Demo App URL
-        uses: Sibz/github-status-action@v1
+        uses: octokit/request-action@v2.x
         with:
-          authToken: ${{secrets.GITHUB_TOKEN}}
+          route: POST /repos/{owner}/{repo}/statuses/${{ github.event.pull_request.head.sha || github.sha }}
+          owner: ${{ github.repository_owner }}
+          repo: ${{ github.event.repository.name }}
           context: 'Nextjs Demo App URL on ${{ matrix.deployName }}'
           description: 'Passed'
-          state: 'success'
-          sha: ${{github.event.pull_request.head.sha || github.sha}}
+          state: success
           target_url: https://${{ steps.getCDKExports.outputs.edgeDomain }}${{ steps.getCDKExports.outputs.prefix }}/${{ env.NEXTJS_DEMO_APP_NAME }}?appver=${{ needs.build.outputs.nextjsDemoAppPackageVersion }}
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Test Nextjs Demo App
         if: ${{ matrix.deployName != 'microapps-basic-prefix' }}
@@ -449,14 +458,17 @@ jobs:
             --overwrite
 
       - name: Release App URL
-        uses: Sibz/github-status-action@v1
+        uses: octokit/request-action@v2.x
         with:
-          authToken: ${{secrets.GITHUB_TOKEN}}
+          route: POST /repos/{owner}/{repo}/statuses/${{ github.event.pull_request.head.sha || github.sha }}
+          owner: ${{ github.repository_owner }}
+          repo: ${{ github.event.repository.name }}
           context: 'Release App URL on ${{ matrix.deployName }}'
           description: 'Passed'
-          state: 'success'
-          sha: ${{github.event.pull_request.head.sha || github.sha}}
+          state: success
           target_url: https://${{ steps.getCDKExports.outputs.edgeDomain }}${{ steps.getCDKExports.outputs.prefix }}/${{ env.RELEASE_APP_NAME }}?appver=${{ needs.build.outputs.releaseAppPackageVersion }}
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Test Release App
         if: ${{ matrix.deployName != 'microapps-basic-prefix' }}
@@ -475,7 +487,7 @@ jobs:
       # Change to Child Account Creds
       - name: Change to Child Account
         if: ${{ matrix.deployName == 'microapps-core' }}
-        uses: aws-actions/configure-aws-credentials@v2
+        uses: aws-actions/configure-aws-credentials@v4
         with:
           role-session-name: microapps-ghpublic-build
           role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID_CHILD }}:role/builder-writeRole
@@ -505,7 +517,7 @@ jobs:
 
       - name: Change Back to Parent AWS Account
         if: ${{ matrix.deployName == 'microapps-core' }}
-        uses: aws-actions/configure-aws-credentials@v2
+        uses: aws-actions/configure-aws-credentials@v4
         with:
           role-session-name: microapps-ghpublic-build
           role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/builder-writeRole
@@ -522,7 +534,7 @@ jobs:
 
       - name: Change Back to Child Account
         if: ${{ matrix.deployName == 'microapps-core' }}
-        uses: aws-actions/configure-aws-credentials@v2
+        uses: aws-actions/configure-aws-credentials@v4
         with:
           role-session-name: microapps-ghpublic-build
           role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID_CHILD }}:role/builder-writeRole

diff --git a/.github/workflows/pr-closed.yml b/.github/workflows/pr-closed.yml
@@ -42,7 +42,7 @@ jobs:
       #
       - name: Change to Parent Account
         if: ${{ matrix.deployName == 'microapps-core' }}
-        uses: aws-actions/configure-aws-credentials@v2
+        uses: aws-actions/configure-aws-credentials@v4
         with:
           role-session-name: microapps-ghpublic-build
           role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/builder-writeRole
@@ -59,7 +59,7 @@ jobs:
       #
       - name: Change to Child Account
         if: ${{ matrix.deployName == 'microapps-core' }}
-        uses: aws-actions/configure-aws-credentials@v2
+        uses: aws-actions/configure-aws-credentials@v4
         with:
           role-session-name: microapps-ghpublic-build
           role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID_CHILD }}:role/builder-writeRole
@@ -76,16 +76,30 @@ jobs:
       # to invoke the Parent Deployer, when applicable
       #
       - name: Change to Parent Account
-        uses: aws-actions/configure-aws-credentials@v2
+        uses: aws-actions/configure-aws-credentials@v4
         with:
           role-session-name: microapps-ghpublic-build
           role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/builder-writeRole
           aws-region: ${{ env.AWS_REGION }}
 
       - name: Destroy Parent CDK Stack
         run: |
+          set +e
           aws cloudformation delete-stack --stack-name "${{ matrix.deployName }}-ghpublic-${NODE_ENV}-pr-${PR_NUMBER}"
           aws cloudformation wait stack-delete-complete  --output text --stack-name "${{ matrix.deployName }}-ghpublic-${NODE_ENV}-pr-${PR_NUMBER}"
+          if [ $? -ne 0 ]; then
+            echo "Stack deletion failed. Checking if it's due to non-empty S3 bucket..."
+            STACK_STATUS=$(aws cloudformation describe-stacks --stack-name "${{ matrix.deployName }}-ghpublic-${NODE_ENV}-pr-${PR_NUMBER}" --query "Stacks[0].StackStatus" --output text)
+            if [ "$STACK_STATUS" = "DELETE_FAILED" ]; then
+              BUCKET_NAME=$(aws cloudformation describe-stack-resource --stack-name "${{ matrix.deployName }}-ghpublic-${NODE_ENV}-pr-${PR_NUMBER}" --logical-resource-id microappss3logsC4FFF4AE --query "StackResourceDetail.PhysicalResourceId" --output text)
+              echo "Emptying S3 bucket $BUCKET_NAME..."
+              aws s3 rm s3://$BUCKET_NAME --recursive
+              echo "Retrying stack deletion..."
+              aws cloudformation delete-stack --stack-name "${{ matrix.deployName }}-ghpublic-${NODE_ENV}-pr-${PR_NUMBER}"
+              aws cloudformation wait stack-delete-complete --output text --stack-name "${{ matrix.deployName }}-ghpublic-${NODE_ENV}-pr-${PR_NUMBER}"
+            fi
+          fi
+          set -e
 
       # TODO - Need to get the stack name from the parent stack export
       # - name: Destroy Parent Edge to Origin Stack