From cf9026a28ad01255b5d3a4657141e502d1bfbada Mon Sep 17 00:00:00 2001 From: Harold Hunt Date: Thu, 25 Apr 2024 16:07:56 -0400 Subject: [PATCH 1/3] Update AWS creds action to v4 --- .github/workflows/ci.yml | 8 ++++---- .github/workflows/pr-closed.yml | 6 +++--- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 10784b06..fb575cd5 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -189,7 +189,7 @@ jobs: run: yarn esbuild:edge-to-origin - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v2 + uses: aws-actions/configure-aws-credentials@v4 with: role-session-name: microapps-ghpublic-build role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/builder-writeRole @@ -466,7 +466,7 @@ jobs: # Change to Child Account Creds - name: Change to Child Account if: ${{ matrix.deployName == 'microapps-core' }} - uses: aws-actions/configure-aws-credentials@v2 + uses: aws-actions/configure-aws-credentials@v4 with: role-session-name: microapps-ghpublic-build role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID_CHILD }}:role/builder-writeRole @@ -496,7 +496,7 @@ jobs: - name: Change Back to Parent AWS Account if: ${{ matrix.deployName == 'microapps-core' }} - uses: aws-actions/configure-aws-credentials@v2 + uses: aws-actions/configure-aws-credentials@v4 with: role-session-name: microapps-ghpublic-build role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/builder-writeRole @@ -513,7 +513,7 @@ jobs: - name: Change Back to Child Account if: ${{ matrix.deployName == 'microapps-core' }} - uses: aws-actions/configure-aws-credentials@v2 + uses: aws-actions/configure-aws-credentials@v4 with: role-session-name: microapps-ghpublic-build role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID_CHILD }}:role/builder-writeRole diff --git a/.github/workflows/pr-closed.yml b/.github/workflows/pr-closed.yml index ee067828..851eb231 100644 --- a/.github/workflows/pr-closed.yml +++ b/.github/workflows/pr-closed.yml @@ -42,7 +42,7 @@ jobs: # - name: Change to Parent Account if: ${{ matrix.deployName == 'microapps-core' }} - uses: aws-actions/configure-aws-credentials@v2 + uses: aws-actions/configure-aws-credentials@v4 with: role-session-name: microapps-ghpublic-build role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/builder-writeRole @@ -59,7 +59,7 @@ jobs: # - name: Change to Child Account if: ${{ matrix.deployName == 'microapps-core' }} - uses: aws-actions/configure-aws-credentials@v2 + uses: aws-actions/configure-aws-credentials@v4 with: role-session-name: microapps-ghpublic-build role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID_CHILD }}:role/builder-writeRole @@ -76,7 +76,7 @@ jobs: # to invoke the Parent Deployer, when applicable # - name: Change to Parent Account - uses: aws-actions/configure-aws-credentials@v2 + uses: aws-actions/configure-aws-credentials@v4 with: role-session-name: microapps-ghpublic-build role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/builder-writeRole From e4141a5deda126055df149e6ba7d23ff4df47b42 Mon Sep 17 00:00:00 2001 From: Harold Hunt Date: Thu, 25 Apr 2024 16:24:06 -0400 Subject: [PATCH 2/3] Add retry of stack cleanup on PR close --- .github/workflows/pr-closed.yml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/.github/workflows/pr-closed.yml b/.github/workflows/pr-closed.yml index 851eb231..69a1e49c 100644 --- a/.github/workflows/pr-closed.yml +++ b/.github/workflows/pr-closed.yml @@ -84,8 +84,22 @@ jobs: - name: Destroy Parent CDK Stack run: | + set +e aws cloudformation delete-stack --stack-name "${{ matrix.deployName }}-ghpublic-${NODE_ENV}-pr-${PR_NUMBER}" aws cloudformation wait stack-delete-complete --output text --stack-name "${{ matrix.deployName }}-ghpublic-${NODE_ENV}-pr-${PR_NUMBER}" + if [ $? -ne 0 ]; then + echo "Stack deletion failed. Checking if it's due to non-empty S3 bucket..." + STACK_STATUS=$(aws cloudformation describe-stacks --stack-name "${{ matrix.deployName }}-ghpublic-${NODE_ENV}-pr-${PR_NUMBER}" --query "Stacks[0].StackStatus" --output text) + if [ "$STACK_STATUS" = "DELETE_FAILED" ]; then + BUCKET_NAME=$(aws cloudformation describe-stack-resource --stack-name "${{ matrix.deployName }}-ghpublic-${NODE_ENV}-pr-${PR_NUMBER}" --logical-resource-id microappss3logsC4FFF4AE --query "StackResourceDetail.PhysicalResourceId" --output text) + echo "Emptying S3 bucket $BUCKET_NAME..." + aws s3 rm s3://$BUCKET_NAME --recursive + echo "Retrying stack deletion..." + aws cloudformation delete-stack --stack-name "${{ matrix.deployName }}-ghpublic-${NODE_ENV}-pr-${PR_NUMBER}" + aws cloudformation wait stack-delete-complete --output text --stack-name "${{ matrix.deployName }}-ghpublic-${NODE_ENV}-pr-${PR_NUMBER}" + fi + fi + set -e # TODO - Need to get the stack name from the parent stack export # - name: Destroy Parent Edge to Origin Stack From 3e9bb3b6e87619738cbaa28813308fcb6c70612e Mon Sep 17 00:00:00 2001 From: Harold Hunt Date: Thu, 25 Apr 2024 16:45:04 -0400 Subject: [PATCH 3/3] Remove node 12 action for statuses --- .github/workflows/ci.yml | 48 +++++++++++++++++++++++++--------------- 1 file changed, 30 insertions(+), 18 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index fb575cd5..17a95d6c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -320,14 +320,17 @@ jobs: --overwrite - name: Demo App URL - uses: Sibz/github-status-action@v1 + uses: octokit/request-action@v2.x with: - authToken: ${{secrets.GITHUB_TOKEN}} - context: 'Demo App URL on ${{ matrix.deployName }}' - description: 'Passed' - state: 'success' - sha: ${{github.event.pull_request.head.sha || github.sha}} + route: POST /repos/{owner}/{repo}/statuses/${{ github.event.pull_request.head.sha || github.sha }} + owner: ${{ github.repository_owner }} + repo: ${{ github.event.repository.name }} + state: success target_url: https://${{ steps.getCDKExports.outputs.edgeDomain }}${{ steps.getCDKExports.outputs.prefix }}/${{ env.DEMO_APP_NAME }}/?appver=0.0.0 + description: 'Passed' + context: 'Demo App URL on ${{ matrix.deployName }}' + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Test Demo App run: | @@ -375,14 +378,17 @@ jobs: --overwrite - name: Demo App URL - Root App - uses: Sibz/github-status-action@v1 + uses: octokit/request-action@v2.x with: - authToken: ${{secrets.GITHUB_TOKEN}} + route: POST /repos/{owner}/{repo}/statuses/${{ github.event.pull_request.head.sha || github.sha }} + owner: ${{ github.repository_owner }} + repo: ${{ github.event.repository.name }} context: 'Demo App (Root App) URL on ${{ matrix.deployName }}' description: 'Passed' - state: 'success' - sha: ${{github.event.pull_request.head.sha || github.sha}} + state: success target_url: https://${{ steps.getCDKExports.outputs.edgeDomain }}${{ steps.getCDKExports.outputs.prefix }}/?appver=${{ env.PACKAGE_VERSION }} + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Test Demo App - Root App run: | @@ -408,14 +414,17 @@ jobs: --overwrite - name: Nextjs Demo App URL - uses: Sibz/github-status-action@v1 + uses: octokit/request-action@v2.x with: - authToken: ${{secrets.GITHUB_TOKEN}} + route: POST /repos/{owner}/{repo}/statuses/${{ github.event.pull_request.head.sha || github.sha }} + owner: ${{ github.repository_owner }} + repo: ${{ github.event.repository.name }} context: 'Nextjs Demo App URL on ${{ matrix.deployName }}' description: 'Passed' - state: 'success' - sha: ${{github.event.pull_request.head.sha || github.sha}} + state: success target_url: https://${{ steps.getCDKExports.outputs.edgeDomain }}${{ steps.getCDKExports.outputs.prefix }}/${{ env.NEXTJS_DEMO_APP_NAME }}?appver=${{ needs.build.outputs.nextjsDemoAppPackageVersion }} + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Test Nextjs Demo App if: ${{ matrix.deployName != 'microapps-basic-prefix' }} @@ -440,14 +449,17 @@ jobs: --overwrite - name: Release App URL - uses: Sibz/github-status-action@v1 + uses: octokit/request-action@v2.x with: - authToken: ${{secrets.GITHUB_TOKEN}} + route: POST /repos/{owner}/{repo}/statuses/${{ github.event.pull_request.head.sha || github.sha }} + owner: ${{ github.repository_owner }} + repo: ${{ github.event.repository.name }} context: 'Release App URL on ${{ matrix.deployName }}' description: 'Passed' - state: 'success' - sha: ${{github.event.pull_request.head.sha || github.sha}} + state: success target_url: https://${{ steps.getCDKExports.outputs.edgeDomain }}${{ steps.getCDKExports.outputs.prefix }}/${{ env.RELEASE_APP_NAME }}?appver=${{ needs.build.outputs.releaseAppPackageVersion }} + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Test Release App if: ${{ matrix.deployName != 'microapps-basic-prefix' }}