Merge pull request #49 from tiki/release/use-sar

fix: update for sar role
tiki-archive · Sep 24, 2023 · b561e2c · b561e2c
2 parents ce06843 + e2fbd8a
commit b561e2c
Show file tree

Hide file tree

Showing 12 changed files with 73 additions and 161 deletions.
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -8,9 +8,6 @@ on:
     branches:
       - main
 
-env:
-  UTILS_VERSION: 0.2.1
-
 concurrency:
   group: ${{ github.ref }}-${{ github.workflow }}
   cancel-in-progress: true
@@ -42,7 +39,7 @@ jobs:
           repository: tiki/core-iceberg-utils
           token: ${{ github.token }}
           path: utils
-          ref: ${{ env.UTILS_VERSION }}
+          ref: ${{ vars.UTILS_VERSION }}
 
       - name: Maven Install Utils
         run: cd utils && mvn clean package install

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -7,11 +7,6 @@ on:
     types:
       - closed
 
-env:
-  SESSION_NAME : "gh_action"
-  AWS_REGION : "us-east-2"
-  UTILS_VERSION: 0.2.1
-
 concurrency:
   group: ${{ github.ref }}-${{ github.workflow }}
   cancel-in-progress: true
@@ -26,8 +21,10 @@ jobs:
       contents: write
     steps:
       - uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
+
+      - name: SetVars
+        run: |
+          sed -i 's/${AWS::AccountId}/${{ secrets.AWS_ACCOUNT_ID }}/' infra/role/template.yml
 
       - name: Set up JDK
         uses: actions/setup-java@v3
@@ -41,7 +38,7 @@ jobs:
           repository: tiki/core-iceberg-utils
           token: ${{ github.token }}
           path: utils
-          ref: ${{ env.UTILS_VERSION }}
+          ref: ${{ vars.UTILS_VERSION }}
 
       - name: Maven Install Utils
         run: cd utils && mvn clean package install
@@ -52,22 +49,22 @@ jobs:
       - name: AWS Credentials
         uses: aws-actions/configure-aws-credentials@v4
         with:
-          role-to-assume: arn:aws:iam::254962200554:role/GitHubDeployBase
-          role-session-name: ${{ env.SESSION_NAME }}
-          aws-region: ${{ env.AWS_REGION }}
+          role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/GitHubDeployBase
+          role-session-name: ${{ vars.SESSION_NAME }}
+          aws-region: ${{ vars.AWS_REGION }}
 
       - name: SAM Deploy GitHub
-        run: cd infra/github && sam build && sam package && sam deploy
+        run: cd infra/role && sam build && sam package && sam deploy
 
       - name: AWS Credentials
         uses: aws-actions/configure-aws-credentials@v4
         with:
-          role-to-assume: arn:aws:iam::254962200554:role/GitHubDeployIcebergMetadata
-          role-session-name: ${{ env.SESSION_NAME }}
-          aws-region: ${{ env.AWS_REGION }}
+          role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/GitHubDeployCoreIcebergMetadata
+          role-session-name: ${{ vars.SESSION_NAME }}
+          aws-region: ${{ vars.AWS_REGION }}
 
       - name: SAM Publish
-        run: cd infra/aws && sam build && sam package --output-template-file packaged.yaml && sam publish --template packaged.yaml
+        run: cd infra/sar && sam build && sam package --output-template-file packaged.yaml && sam publish --template packaged.yaml
 
       - name: Get Version
         id: version

diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
@@ -6,10 +6,6 @@ on:
     branches:
       - main
 
-env:
-  UTILS_VERSION: 0.2.1
-
-# Cancel any active builds when new commits are pushed
 concurrency:
   group: ${{ github.ref }}-${{ github.workflow }}
   cancel-in-progress: true
@@ -37,7 +33,7 @@ jobs:
           repository: tiki/core-iceberg-utils
           token: ${{ github.token }}
           path: utils
-          ref: ${{ env.UTILS_VERSION }}
+          ref: ${{ vars.UTILS_VERSION }}
 
       - name: Maven Install Utils
         run: cd utils && mvn clean package install
@@ -53,13 +49,7 @@ jobs:
           path: target/surefire-reports/**/*.xml
 
       - name: Validate AWS Template
-        run: cd infra/aws && sam validate
+        run: cd infra/sar && sam validate
 
       - name: Build AWS Template
-        run: cd infra/aws && sam build
-
-      - name: Validate GitHub Template
-        run: cd infra/github && sam validate
-
-      - name: Build GitHub Template
-        run: cd infra/github && sam build
+        run: cd infra/sar && sam build
diff --git a/.github/workflows/version.yml b/.github/workflows/version.yml
@@ -43,7 +43,7 @@ jobs:
 
       - name: Update SAR Version
         run: |
-          sed -i 's/SemanticVersion: .*/SemanticVersion: ${{ steps.semver.outputs.nextStrict }}/' infra/aws/template.yaml
+          sed -i 's/SemanticVersion: .*/SemanticVersion: ${{ steps.semver.outputs.nextStrict }}/' infra/sar/template.yml
 
       - name: Commit Changes
         continue-on-error: true
@@ -53,6 +53,7 @@ jobs:
           git config --global user.email "[email protected]"
           git config --global user.name "GH Action"
           git add pom.xml
+          git add infra/sar/template.yml
           git commit -m 'version bump'
           git push
 

diff --git a/infra/github/policy.yml b/infra/github/policy.yml
diff --git a/infra/github/role.yml b/infra/github/role.yml
diff --git a/infra/github/template.yml b/infra/github/template.yml
diff --git a/infra/github/samconfig.toml → infra/role/samconfig.toml b/infra/github/samconfig.toml → infra/role/samconfig.toml
@@ -1,9 +1,9 @@
 version = 0.1
 
 [default.global.parameters]
-stack_name = "core-iceberg-metadata-github"
+stack_name = "core-iceberg-metadata-role"
 s3_bucket = "mytiki-sam-deploy"
-s3_prefix = "core/iceberg/metadata/github"
+s3_prefix = "core/iceberg/metadata/role"
 region = "us-east-2"
 
 [default.deploy.parameters]

diff --git a/infra/role/template.yml b/infra/role/template.yml
@@ -0,0 +1,46 @@
+AWSTemplateFormatVersion: '2010-09-09'
+Transform: AWS::Serverless-2016-10-31
+Description: Core Iceberg Metadata Role
+
+Parameters:
+  RoleName:
+    Description: Name of the IAM Role for the deployment
+    Type: String
+    Default: "GitHubDeployCoreIcebergMetadata"
+
+Resources:
+  Role:
+    Type: AWS::Serverless::Application
+    Properties:
+      Location:
+        ApplicationId: arn:aws:serverlessrepo:us-east-2:${AWS::AccountId}:applications/core-aws-github-role
+        SemanticVersion: 0.0.3
+      Parameters:
+        GitHubOrg: tiki
+        RepositoryName: core-iceberg-metadata
+        RoleName: !Ref RoleName
+
+  Policy:
+    Type: AWS::IAM::RolePolicy
+    DependsOn: Role
+    Properties:
+      RoleName: !Ref RoleName
+      PolicyName: DeploymentPolicy
+      PolicyDocument:
+        Version: '2012-10-17'
+        Statement:
+          - Effect: Allow
+            Action:
+              - serverlessrepo:ListApplications
+              - serverlessrepo:CreateApplication
+              - serverlessrepo:SearchApplications
+            Resource: "*"
+          - Effect: Allow
+            Action:
+              - serverlessrepo:*
+            Resource: !Sub arn:aws:serverlessrepo:${AWS::Region}:${AWS::AccountId}:applications/core-iceberg-metadata
+          - Effect: Allow
+            Action:
+              - s3:PutObject
+              - s3:GetObject
+            Resource: !Sub arn:aws:s3:::mytiki-sam-deploy/*
diff --git a/infra/aws/samconfig.toml → infra/sar/samconfig.toml b/infra/aws/samconfig.toml → infra/sar/samconfig.toml
@@ -1,9 +1,9 @@
 version = 0.1
 
 [default.global.parameters]
-stack_name = "core-iceberg-metadata-aws"
+stack_name = "core-iceberg-metadata-sar"
 s3_bucket = "mytiki-sam-deploy"
-s3_prefix = "core/iceberg/metadata/aws"
+s3_prefix = "core/iceberg/metadata/sar"
 region = "us-east-2"
 
 [default.deploy.parameters]

diff --git a/infra/aws/template.yml → infra/sar/template.yml b/infra/aws/template.yml → infra/sar/template.yml
@@ -1,6 +1,6 @@
 AWSTemplateFormatVersion: '2010-09-09'
 Transform: AWS::Serverless-2016-10-31
-Description: Iceberg Metadata
+Description: Core Iceberg Metadata SAR
 
 Parameters:
   QueueName:
@@ -30,7 +30,7 @@ Metadata:
     ReadmeUrl: ../../README.md
     Labels: ['iceberg']
     HomePageUrl: https://github.com/tiki/core-iceberg-metadata
-    SemanticVersion: 0.1.2
+    SemanticVersion: 0.1.4
     SourceCodeUrl: https://github.com/tiki/core-iceberg-metadata
 
 Resources:

diff --git a/pom.xml b/pom.xml
@@ -5,24 +5,21 @@
   -->
 <project xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://maven.apache.org/POM/4.0.0" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
   <modelVersion>4.0.0</modelVersion>
-
   <groupId>com.mytiki</groupId>
   <artifactId>core-iceberg-metadata</artifactId>
-  <version>0.1.2</version>
+  <version>0.1.4</version>
   <packaging>jar</packaging>
   <name>Iceberg Metadata</name>
-
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
     <maven.compiler.source>17</maven.compiler.source>
     <maven.compiler.target>17</maven.compiler.target>
   </properties>
-
   <dependencies>
     <dependency>
       <groupId>com.mytiki</groupId>
       <artifactId>core-iceberg-utils</artifactId>
-      <version>0.2.1</version>
+      <version>0.2.2</version>
       <scope>provided</scope>
     </dependency>
     <dependency>
@@ -38,7 +35,6 @@
       <scope>test</scope>
     </dependency>
   </dependencies>
-
   <build>
     <plugins>
       <plugin>