destory log files on stack destroy #32
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy CDK Stack | |
| on: | |
| schedule: | |
| # By scheduling the workflow you get an updated image with the latest virus definitions | |
| - cron: '0 10 * * 1' # Run Every Monday at 10:00 UTC | |
| workflow_dispatch: # Optional: allow manual trigger too | |
| push: | |
| branches: [ "main" ] | |
| paths-ignore: | |
| - '**.png' | |
| - '**.md' | |
| - '**.sh' | |
| - '**dependabot.yml' | |
| permissions: | |
| id-token: write # This is required for requesting the JWT | |
| contents: read # This is required for actions/checkout | |
| concurrency: deploy | |
| jobs: | |
| deploy: | |
| strategy: | |
| matrix: | |
| # Define which environments you want to deploy | |
| # Environments are setup in GutHub | |
| environment: [ stage-us-east, prod-us-east ] | |
| runs-on: ubuntu-latest | |
| environment: ${{ matrix.environment }} | |
| steps: | |
| - name: Checkout Code | |
| uses: actions/checkout@v4 | |
| # Required to build arm64 images on x86 | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| # Required to build arm64 images on x86 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| # Use AWS Java to build | |
| - name: Set up JDK 21 | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: '21' | |
| distribution: 'corretto' | |
| cache: maven | |
| - name: Install the latest AWS CDK | |
| run: | | |
| npm install -g aws-cdk | |
| echo "Node Version: $(node -v)" | |
| echo "CDK Version: $(cdk version)" | |
| - name: Setup AWS Credentials | |
| id: aws-creds | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-region: us-east-1 | |
| # The full role ARN if you are using OIDC | |
| # https://github.com/aws-actions/configure-aws-credentials#oidc | |
| role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }} | |
| # Set up the below secrets if you are not using OIDC and want to use regular keys (best practive is to use just role above with OIDC provider) | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| mask-aws-account-id: true | |
| - name: Add AWS_ACCOUNT_ID to Environment | |
| run: echo "AWS_ACCOUNT_ID=${{ steps.aws-creds.outputs.aws-account-id }}" >> $GITHUB_ENV | |
| - name: Build top level project which will have lambda jar ready for CDK build | |
| run: > | |
| mvn install -DskipTests | |
| --no-transfer-progress --quiet | |
| - name: Construct bucketNames Context adding Validation Bucket for test if defined | |
| id: construct-buckets | |
| run: | | |
| BUCKETS="${{ vars.S3_BUCKET_NAMES }}" | |
| if [ -n "${{ vars.VALIDATION_BUCKET }}" ]; then | |
| BUCKETS="${BUCKETS},${{ vars.VALIDATION_BUCKET }}" | |
| fi | |
| echo "BUCKET_NAMES=$BUCKETS" >> $GITHUB_ENV | |
| echo "Final list of bucket names to deploy against: $BUCKETS" | |
| - name: Ensure CDK is bootstraped and up to date | |
| working-directory: ./cdk | |
| run: cdk bootstrap --ci=true -c accountId=${AWS_ACCOUNT_ID} aws://${AWS_ACCOUNT_ID}/${{ vars.REGION }} | |
| - name: Deploy CDK Stack | |
| working-directory: ./cdk | |
| run: cdk deploy --require-approval=never --ci=true --context bucketNames="${{ env.BUCKET_NAMES }}" | |
| - name: Run Virus Scan Integration Tests (if VALIDATION_BUCKET is set) | |
| if: ${{ vars.VALIDATION_BUCKET != '' }} | |
| working-directory: ./integration-test | |
| env: | |
| VALIDATION_BUCKET: ${{ vars.VALIDATION_BUCKET }} | |
| run: | | |
| echo "Running Virus Scan Validation Tests..." | |
| mvn --batch-mode --no-transfer-progress exec:java |