aws-dotnet-deploy/.github/workflows/AutoUpdateBootstrap.yml at 8f8ade9e884ff5664b051955794b72bc0b5b2007 · aws/aws-dotnet-deploy · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
name: Auto Update Bootstrap Version Changes

on:
  schedule:
    # Runs at 00:00 UTC every Monday
    - cron: '0 0 * * 1'
  workflow_dispatch:

permissions:
  contents: write
  pull-requests: write
  id-token: write

jobs:
  detect-cdk-bootstrap-changes:
    runs-on: ubuntu-latest
    steps:
    - name: Configure AWS Credentials
      uses: aws-actions/configure-aws-credentials@61815dcd50bd041e203e49132bacad1fd04d2708 #v5.1.1
      with:
        role-to-assume: ${{ secrets.RELEASE_WORKFLOW_ACCESS_TOKEN_ROLE_ARN }}
        aws-region: us-west-2

    - name: Retrieve secret from AWS Secrets Manager
      uses: aws-actions/aws-secretsmanager-get-secrets@a9a7eb4e2f2871d30dc5b892576fde60a2ecc802 #v2.0.10
      with:
        secret-ids: |
          AWS_SECRET, ${{ secrets.RELEASE_WORKFLOW_ACCESS_TOKEN_NAME }}
        parse-json-secrets: true

    - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 #v6.0.1
      with:
        fetch-depth: '0'
        ref: dev
        token: ${{ env.AWS_SECRET_TOKEN }}

    - name: Setup .NET
      uses: actions/setup-dotnet@2016bd2012dba4e32de620c46fe006a3ac9f0602 #v5.0.1
      with:
        dotnet-version: '8.0.x'

    - name: Install AWS CDK
      run: |
        npm install -g aws-cdk

    - name: Create temporary directory
      run: mkdir -p temp_cdk

    - name: Save New CDK Bootstrap Template
      working-directory: temp_cdk
      run: |
        cdk acknowledge 32775
        cdk bootstrap --show-template > newTemplate.yml

    - name: Update Template with Required Policies
      working-directory: temp_cdk
      run: |
        yq eval '.Resources.StagingBucket.UpdateReplacePolicy = "Delete"' -i newTemplate.yml
        yq eval '.Resources.StagingBucket.DeletionPolicy = "Delete"' -i newTemplate.yml

    - name: Check for version changes
      id: check_version
      run: |
        OLD_VERSION=$(yq eval '.Resources.CdkBootstrapVersion.Properties.Value' src/AWS.Deploy.Orchestration/CDK/CDKBootstrapTemplate.yaml)
        NEW_VERSION=$(yq eval '.Resources.CdkBootstrapVersion.Properties.Value' temp_cdk/newTemplate.yml)

        if [ "$OLD_VERSION" != "$NEW_VERSION" ]; then
          echo "Version changed from $OLD_VERSION to $NEW_VERSION"
          echo "version_changed=true" >> $GITHUB_OUTPUT
          echo "new_version=$NEW_VERSION" >> $GITHUB_OUTPUT
        else
          echo "No version change detected"
          echo "version_changed=false" >> $GITHUB_OUTPUT
        fi

    - name: Update CDK Bootstrap Template
      if: steps.check_version.outputs.version_changed == 'true'
      run: |
        cp temp_cdk/newTemplate.yml src/AWS.Deploy.Orchestration/CDK/CDKBootstrapTemplate.yaml

    - name: Generate change file
      if: steps.check_version.outputs.version_changed == 'true'
      env:
        NEW_VERSION: ${{ steps.check_version.outputs.new_version }}
      run: |
        dotnet tool install -g autover --version 0.0.25
        autover change --project-name "AWS.Deploy.CLI" -m "Update CDK Bootstrap template to version $NEW_VERSION"

    - name: Setup Git User
      run: |
        git config --global user.email "github-aws-sdk-dotnet-automation@amazon.com"
        git config --global user.name "aws-sdk-dotnet-automation"

    - name: Delete existing branch if it exists
      if: steps.check_version.outputs.version_changed == 'true'
      env:
        GITHUB_TOKEN: ${{ env.AWS_SECRET_TOKEN }}
      run: |
        # Check if branch exists and delete it if it does
        if git ls-remote --heads origin update-cdk-bootstrap-template | grep -q update-cdk-bootstrap-template; then
          git push origin --delete update-cdk-bootstrap-template || true
        fi

    - name: Create Pull Request
      if: steps.check_version.outputs.version_changed == 'true'
      env:
        GITHUB_TOKEN: ${{ env.AWS_SECRET_TOKEN }}
      run: |
        git checkout -b update-cdk-bootstrap-template
        git add src/AWS.Deploy.Orchestration/CDK/CDKBootstrapTemplate.yaml .autover/
        git commit -m "chore: update CDK bootstrap template to version ${{ steps.check_version.outputs.new_version }}"
        git push origin update-cdk-bootstrap-template
        gh pr create \
          --title "Update CDK Bootstrap Template to Version ${{ steps.check_version.outputs.new_version }}" \
          --base dev \
          --head update-cdk-bootstrap-template \
          --fill