diff --git a/.github/workflows/update-gold-disk-gf.yml b/.github/workflows/update-gold-disk-gf.yml new file mode 100644 index 000000000..1843722ff --- /dev/null +++ b/.github/workflows/update-gold-disk-gf.yml @@ -0,0 +1,93 @@ +name: Update Gold Disk + +on: + workflow_dispatch: + inputs: + branch: + required: false + type: string + description: "Branch to run this workflow on (defaults to main)" + environment: + required: false + type: choice + options: + - test + - PROD + description: "Deployment environment (defaults to dev on pull request)" + +jobs: + update-gold-disk: + runs-on: codebuild-ab2d-${{github.run_id}}-${{github.run_attempt}} + permissions: + contents: read + id-token: write + steps: + - name: Get AWS params + uses: cmsgov/ab2d-bcda-dpc-platform/actions/aws-params-env-action@main + env: + AWS_REGION: ${{ vars.AWS_REGION }} + with: + params: | + OPS_GITHUB_TOKEN=/ci/github/token + + - name: Determine Branch and Environment + run: | + echo "ENVIRONMENT=${{ github.event.inputs.environment || 'test' }}" >> $GITHUB_ENV + echo "BRANCH=${{ github.event.inputs.branch || 'main' }}" >> $GITHUB_ENV + + + - name: Checkout AB2D-Ops Repository + uses: actions/checkout@v4 + with: + repository: 'cmsgov/ab2d-ops' + token: ${{ env.OPS_GITHUB_TOKEN }} + ref: ${{ env.BRANCH }} + + - name: Fetch all branches + run: git fetch --all + + - name: Set PARENT_ENV + run: | + aws sts get-caller-identity + case "${{ env.ENVIRONMENT }}" in + test) echo "PARENT_ENV=ab2d-east-test" >> $GITHUB_ENV ;; + PROD) echo "PARENT_ENV=ab2d-east-prod" >> $GITHUB_ENV ;; + *) echo "Invalid environment: $ENVIRONMENT" && exit 1 ;; + esac + + - name: Assume role in AB2D account for this environment + uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 + env: + ACCOUNT: ${{ inputs.environment == 'test' && 'non_prod' || inputs.environment }} + with: + aws-region: ${{ vars.AWS_REGION }} + role-to-assume: arn:aws:iam::${{ secrets[format('{0}_ACCOUNT', env.ACCOUNT)] }}:role/delegatedadmin/developer/ab2d-${{ inputs.environment }}-github-actions + + - name: Set AWS_ACCOUNT_NUMBER from current credentials + run: | + ACCOUNT_ID=$(aws sts get-caller-identity --query "Account" --output text) + echo "AWS_ACCOUNT_NUMBER=$ACCOUNT_ID" >> $GITHUB_ENV + + - name: Setup `packer` + uses: hashicorp/setup-packer@main + id: setup + with: + version: 1.10.0 + + - name: Symlink packer to /usr/bin if not already linked + run: | + if [ ! -f /usr/bin/packer ]; then + sudo ln -s "$(which packer)" /usr/bin/packer + else + echo "✅ /usr/bin/packer already exists, skipping symlink." + fi + + + - name: Run Update Gold Disk Script + run: | + chmod +x scripts/deployment/update-gold-disk.sh + scripts/deployment/update-gold-disk-gf.sh --cms_env $PARENT_ENV --cloud_tamer false + env: + AWS_ACCOUNT_NUMBER: ${{ env.AWS_ACCOUNT_NUMBER }} + CLOUD_TAMER: false +