Populate generated secrets with more metadata #46
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Deploy CDK | |
on: | |
push: | |
branches: | |
- main | |
permissions: | |
id-token: write | |
contents: read | |
jobs: | |
deploy: | |
runs-on: ubuntu-latest | |
environment: dev | |
concurrency: | |
group: dev_env | |
cancel-in-progress: false | |
steps: | |
- name: Checkout the repository | |
uses: actions/checkout@v4 | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
role-to-assume: ${{ vars.AWS_CDK_DEPLOY_ROLE_ARN }} | |
aws-region: ${{ vars.AWS_REGION }} | |
role-session-name: GitHubActionsCDKDeploy | |
role-duration-seconds: 900 # Adjust as necessary | |
- name: Setup Node.js | |
uses: actions/setup-node@v4 | |
with: | |
node-version: 18 # Use the node version matching your project | |
cache: 'npm' | |
- name: Install dependencies | |
run: | | |
npm install -g aws-cdk | |
npm ci # Install project dependencies from package-lock.json | |
- name: Deploy CDK to dev environment | |
run: | | |
cdk deploy --require-approval never --outputs-file outputs.json | |
env: | |
AWS_ACCOUNT_ID: ${{ vars.AWS_ACCOUNT_ID }} | |
AWS_REGION: ${{ vars.AWS_REGION }} | |
HOSTNAME: ${{ vars.HOSTNAME }} | |
KEYCLOAK_VERSION: ${{ vars.KEYCLOAK_VERSION }} | |
SSL_CERTIFICATE_ARN: ${{ vars.SSL_CERTIFICATE_ARN }} | |
STAGE: ${{ vars.STAGE }} | |
# Imported Identity Provider secrets | |
IDP_SECRET_ARN_GH: ${{ vars.IDP_SECRET_ARN_GH }} | |
IDP_SECRET_ARN_CILOGON: ${{ vars.IDP_SECRET_ARN_CILOGON }} | |
- name: Get ConfigLambdaArn from CloudFormation | |
id: get-lambda-arn | |
run: | | |
echo "CONFIG_LAMBDA_ARN=$(jq -r '."VedaKeycloakStack-${{ vars.STAGE }}".ConfigLambdaArn' outputs.json)" >> $GITHUB_ENV | |
- name: Run Apply Config | |
run: npm run apply-config $CONFIG_LAMBDA_ARN |