Skip to content

Capture check IDs

Capture check IDs #6

Workflow file for this run

name: Deploy hosted zone and checks
on:
workflow_dispatch:
push:
branches:
- main
paths:
- .github/workflows/deploy.yml
- template.yml
- package.json
- yarn.lock
- components/**
concurrency:
group: ${{ github.workflow }}
permissions:
id-token: write
contents: read
jobs:
check-project-std:
uses: ./.github/workflows/check-project-std.yml
deploy-connection-checks:
runs-on: ubuntu-latest
needs: [check-project-std]
strategy:
matrix:
# Regions where FTP servers are running
target-region: [us-east-1, us-west-2]
# Regions where connection checks should be run from
check-region: [us-east-1, us-east-2, us-west-2]
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: "3.10"
- uses: aws-actions/setup-sam@v2
- uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{ matrix.check-region }}
role-to-assume: arn:aws:iam::561178107736:role/PRX-GHA-AccessRole
role-session-name: gha-deploy-prxtransfer-dns-connection-checker
- name: Deploy connection check
working-directory: components/ftp-connection-check
env:
FTP_USER: ${{ secrets.ftp_user }}
FTP_PASSWORD: ${{ secrets.ftp_password }}
# Lookup the Transfer Family NLB hostname for the current matrix target
# region and deploy a connection check to the current check region
# for that server.
run: |
stack_name="ftp-connection-check-targeting-${{ matrix.target-region }}"
nlb_hostname=$(aws cloudformation describe-stacks --region ${{ matrix.target-region }} --stack-name infrastructure-cd-root-production --query "Stacks[0].Outputs[?OutputKey=='ExchangeFtpServerNlbDnsName'].OutputValue" --output text)
sam build && sam deploy \
--region ${{ matrix.check-region }} \
--no-confirm-changeset \
--no-fail-on-empty-changeset \
--stack-name "$stack_name" \
--resolve-s3 \
--no-progressbar \
--s3-prefix prxtransfer-dns \
--capabilities CAPABILITY_IAM \
--role-arn arn:aws:iam::561178107736:role/PRX-GHA-ServiceRoleForCloudFormation \
--parameter-overrides "FtpServerHostname=$nlb_hostname HealthCheckFtpUser=\"$FTP_USER\" HealthCheckFtpPassword=\"$FTP_PASSWORD\""
check_id=$(aws cloudformation describe-stacks --region ${{ matrix.check-region }} --stack-name "$stack_name" --query "Stacks[0].Outputs[?OutputKey=='HealthCheckId'].OutputValue" --output text)
echo "$check_id" > health_check_id
- uses: actions/upload-artifact@v4
with:
name: ${{ matrix.check-region }}-targeting-${{ matrix.target-region }}
path: health_check_id
retention-days: 1
# deploy-hosted-zone:
# runs-on: ubuntu-latest
# needs: [deploy-connection-checks]
# steps:
# - uses: actions/checkout@v4
# - uses: aws-actions/configure-aws-credentials@v4
# with:
# aws-region: us-east-1
# role-to-assume: arn:aws:iam::561178107736:role/PRX-GHA-AccessRole
# role-session-name: gha-deploy-prxtransfer-dns-connection-checker
# - name: Deploy hosted zone stack
# working-directory: components/hosted-zone
# run: |
# ###
# ### Look up NLB hostnames for staging servers
# ###
# stag_use1_nlb_hostname=$(aws cloudformation describe-stacks --stack-name infrastructure-cd-root-staging --query "Stacks[0].Outputs[?OutputKey=='ExchangeFtpServerNlbDnsName'].OutputValue" --output text --region us-east-1)
# stag_usw2_nlb_hostname=$(aws cloudformation describe-stacks --stack-name infrastructure-cd-root-staging --query "Stacks[0].Outputs[?OutputKey=='ExchangeFtpServerNlbDnsName'].OutputValue" --output text --region us-west-2)
# ###
# ### Look up NLB hostnames for production servers
# ###
# prod_use1_nlb_hostname=$(aws cloudformation describe-stacks --stack-name infrastructure-cd-root-production --query "Stacks[0].Outputs[?OutputKey=='ExchangeFtpServerNlbDnsName'].OutputValue" --output text --region us-east-1)
# prod_usw2_nlb_hostname=$(aws cloudformation describe-stacks --stack-name infrastructure-cd-root-production --query "Stacks[0].Outputs[?OutputKey=='ExchangeFtpServerNlbDnsName'].OutputValue" --output text --region us-west-2)
# ###
# ### Search across regions for connection check stacks and fetch the
# ### HealthCheckId for each one. Those IDs get stored in arrays for
# ### each target region.
# ###
# ### TODO This would be much cleaner if the deploy-connection-checks
# ### job could store these values right after it does its work in a
# ### way that could be fetched in this job.
# ###
# us_east_1_check_ids=(); \
# us_west_2_check_ids=(); \
# for region in us-east-1 us-east-2 us-west-2; \
# do; \
# stack_names=$(aws cloudformation list-stacks --region "$region" --profile prx-legacy --query "StackSummaries[?contains(StackName, 'ftp-connection-check-targeting-') == \`true\`].StackName" --output text); \
# for stack_name in $stack_names; \
# do; \
# check_id=$(aws cloudformation describe-stacks --profile prx-legacy --stack-name "$stack_name" --query "Stacks[0].Outputs[?OutputKey=='HealthCheckId'].OutputValue" --output text --region "$region"); \
# if [[ $stack_name == *"targeting-us-east-1"* ]]; \
# then; \
# us_east_1_check_ids+=("$check_id"); \
# elif [[ $stack_name == *"targeting-us-west"* ]]; \
# then; \
# us_west_2_check_ids+=("$check_id"); \
# fi; \
# done; \
# done; \
# us_east_1_check_ids_str=$(IFS=,; echo "${us_east_1_check_ids[*]}"); \
# us_west_2_check_ids_str=$(IFS=,; echo "${us_west_2_check_ids[*]}")
# ###
# ### Deploy the stack using all the values collected
# ###
# aws cloudformation deploy \
# --template-file template.yml \
# --no-fail-on-empty-changeset \
# --region us-east-1 \
# --stack-name dev-hostedzone-prxtransfer-org \
# --role-arn arn:aws:iam::561178107736:role/PRX-GHA-ServiceRoleForCloudFormation \
# --parameter-overrides \
# StagNlbHostnameUSEAST1=$stag_use1_nlb_hostname \
# StagNlbHostnameUSWEST2=$stag_usw2_nlb_hostname \
# ProdNlbHostnameUSEAST1=$prod_use1_nlb_hostname \
# ProdNlbHostnameUSWEST2=$prod_usw2_nlb_hostname \
# ProdHealthCheckIdsTargetingUSEAST1=$us_east_1_check_ids_str