ai-workspace-infra/iac_modules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #126 from svc-design/codex/fix-workflow-for-multi-cloud-pipeline

Browse Source 
Fix multi-cloud landing zone workflow orchestration
This commit is contained in:
shenlan 2025-10-03 19:22:26 +08:00 committed by GitHub
commit caf3afee6f
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 139 additions and 73 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
.github/workflows/iac-pipeline-alicloud-landingzone-baseline.yaml vendored
View File

@ -88,19 +88,10 @@ jobs:
ALICLOUD_REGION: ${{ secrets.ALICLOUD_REGION }}
PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
validation:
name: Validate Alicloud baseline readiness
needs: preview
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Run baseline validation checks
run: scripts/validation/validate-baseline.sh "Alicloud" "${{ env.CONFIG_PATH }}" "iac_modules/pulumi"
apply:
name: Apply to Alicloud production stack
needs: validation
if: github.ref == 'refs/heads/main'
needs: preview
if: github.ref == 'refs/heads/main' || github.event_name == 'workflow_call'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
@ -122,3 +113,21 @@ jobs:
ALICLOUD_SECRET_KEY: ${{ secrets.ALICLOUD_SECRET_KEY }}
ALICLOUD_REGION: ${{ secrets.ALICLOUD_REGION }}
PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
validation:
name: Validate Alicloud baseline readiness
needs: apply
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Run baseline validation checks
run: scripts/validation/validate-baseline.sh "Alicloud" "${{ env.CONFIG_PATH }}" "iac_modules/pulumi"
delivery:
name: Deliver Alicloud baseline rollout notifications
needs: validation
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Notify stakeholders
run: scripts/notifications/notify-baseline-delivery.sh

65
.github/workflows/iac-pipeline-aws-global-landingzone-baseline.yaml vendored
View File

@ -29,10 +29,42 @@ on:
- 'true'
- 'false'
default: 'true'
config_path:
description: "Configuration directory path"
required: false
type: string
default: config/aws-global
workflow_call:
inputs:
deploy_action:
required: false
type: string
default: upgrade
deploy_dry_run:
required: false
type: string
default: 'true'
config_path:
required: false
type: string
default: config/aws-global
secrets:
AWS_ACCESS_KEY_ID:
required: true
AWS_SECRET_ACCESS_KEY:
required: true
AWS_SESSION_TOKEN:
required: false
AWS_REGION:
required: true
PULUMI_ACCESS_TOKEN:
required: true
env:
PULUMI_CI: 'true'
CONFIG_PATH: config/aws-global
CONFIG_PATH: ${{ inputs.config_path || github.event.inputs.config_path || 'config/aws-global' }}
DEPLOY_ACTION: ${{ inputs.deploy_action || github.event.inputs.deploy_action || 'upgrade' }}
DEPLOY_DRY_RUN: ${{ inputs.deploy_dry_run || github.event.inputs.deploy_dry_run || 'true' }}
jobs:
preview:
@ -86,19 +118,10 @@ jobs:
AWS_DEFAULT_REGION: ${{ secrets.AWS_REGION }}
PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
validation:
name: Validate AWS baseline readiness
needs: preview
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Run baseline validation checks
run: scripts/validation/validate-baseline.sh "AWS" "${{ env.CONFIG_PATH }}" "iac_modules/pulumi"
apply:
name: Apply AWS baseline to production
needs: validation
if: github.ref == 'refs/heads/main'
needs: preview
if: github.ref == 'refs/heads/main' || github.event_name == 'workflow_call'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
@ -145,3 +168,21 @@ jobs:
AWS_REGION: ${{ secrets.AWS_REGION }}
AWS_DEFAULT_REGION: ${{ secrets.AWS_REGION }}
PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
validation:
name: Validate AWS baseline readiness
needs: apply
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Run baseline validation checks
run: scripts/validation/validate-baseline.sh "AWS" "${{ env.CONFIG_PATH }}" "iac_modules/pulumi"
delivery:
name: Deliver AWS baseline rollout notifications
needs: validation
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Notify stakeholders
run: scripts/notifications/notify-baseline-delivery.sh

63
.github/workflows/iac-pipeline-multi-cloud-landingzone-baseline.yaml vendored
View File

@ -35,7 +35,7 @@ jobs:
action: output
- provider: AWS
config: config/aws-global/
workflow: iac-pipeline-aws-landingzone-baseline.yaml
workflow: iac-pipeline-aws-global-landingzone-baseline.yaml
action: output
- provider: Vultr
config: config/vultr/
@ -43,14 +43,42 @@ jobs:
action: output
uses: ./.github/workflows/${{ matrix.workflow }}
with:
deploy_action: ${{ matrix.action || inputs.deploy_action }}
deploy_action: ${{ matrix.action != '' && matrix.action || inputs.deploy_action }}
deploy_dry_run: ${{ inputs.deploy_dry_run }}
config_path: ${{ matrix.config }}
secrets: inherit
apply:
name: Apply baseline via Pulumi (${{ matrix.provider }})
needs: preview
runs-on: ubuntu-latest
strategy:
matrix:
include:
- provider: AWS
stack: svc-design/aws-lz-us-east-1-dev
region: us-east-1
- provider: Alicloud
stack: svc-design/alicloud-lz-cn-hangzhou-dev
region: cn-hangzhou
- provider: Vultr
stack: svc-design/vultr-lz-global-dev
region: global
steps:
- name: Apply baseline via Pulumi
run: pulumi up --stack ${{ matrix.stack }} --yes
env:
PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_SESSION_TOKEN: ${{ secrets.AWS_SESSION_TOKEN }}
ALICLOUD_ACCESS_KEY: ${{ secrets.ALICLOUD_ACCESS_KEY }}
ALICLOUD_SECRET_KEY: ${{ secrets.ALICLOUD_SECRET_KEY }}
VULTR_API_KEY: ${{ secrets.VULTR_API_KEY }}
validation:
name: Validate baseline readiness (${{ matrix.provider }})
needs: preview
needs: apply
runs-on: ubuntu-latest
strategy:
matrix:
@ -70,36 +98,9 @@ jobs:
- name: Run baseline validation checks
run: scripts/validation/validate-baseline.sh "${{ matrix.provider }}" "${{ matrix.config }}" "${{ matrix.pulumi_dir }}"
apply:
name: Apply baseline via Pulumi (${{ matrix.provider }})
needs: validation
runs-on: ubuntu-latest
strategy:
matrix:
include:
- provider: AWS
stack: svc-design/aws-lz-us-east-1-dev
region: us-east-1
- provider: Alicloud
stack: svc-design/alicloud-lz-cn-hangzhou-dev
region: cn-hangzhou
- provider: Vultr
stack: svc-design/vultr-lz-global-dev
region: global
steps:
- name: Apply baseline via Pulumi
run: pulumi up --stack ${{ matrix.stack }} --yes
env:
PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_AK }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SK }}
ALICLOUD_ACCESS_KEY: ${{ secrets.ALICLOUD_AK }}
ALICLOUD_SECRET_KEY: ${{ secrets.ALICLOUD_SK }}
VULTR_API_KEY: ${{ secrets.VULTR_API_KEY }}
delivery:
name: Deliver baseline rollout notifications
needs: apply
needs: validation
runs-on: ubuntu-latest
steps:
- name: Checkout repository

53
.github/workflows/iac-pipeline-vultr-landingzone-baseline.yaml vendored
View File

@ -118,27 +118,9 @@ jobs:
VULTR_API_KEY: ${{ secrets.VULTR_API_KEY }}
PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
validation:
name: Validate Vultr baseline readiness
needs: preview
if: >-
${{
(github.event_name == 'workflow_dispatch' && github.event.inputs.deploy_action != 'init') ||
(github.event_name == 'workflow_call' && inputs.deploy_action != 'init') ||
(github.event_name != 'workflow_dispatch' && github.event_name != 'workflow_call')
}}
runs-on: ubuntu-latest
env:
PULUMI_CI: 'true'
CONFIG_PATH: ${{ inputs.config_path || github.event.inputs.config_path || 'config/vultr' }}
steps:
- uses: actions/checkout@v4
- name: Run baseline validation checks
run: scripts/validation/validate-baseline.sh "Vultr" "${{ env.CONFIG_PATH }}" "iac_modules/pulumi"
apply:
name: Apply to production stack
needs: validation
needs: preview
if: >-
${{
(github.event_name == 'workflow_dispatch' && github.event.inputs.deploy_action != 'init') ||
@ -175,3 +157,36 @@ jobs:
env:
VULTR_API_KEY: ${{ secrets.VULTR_API_KEY }}
PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
validation:
name: Validate Vultr baseline readiness
needs: apply
if: >-
${{
(github.event_name == 'workflow_dispatch' && github.event.inputs.deploy_action != 'init') ||
(github.event_name == 'workflow_call' && inputs.deploy_action != 'init') ||
(github.event_name != 'workflow_dispatch' && github.event_name != 'workflow_call')
}}
runs-on: ubuntu-latest
env:
PULUMI_CI: 'true'
CONFIG_PATH: ${{ inputs.config_path || github.event.inputs.config_path || 'config/vultr' }}
steps:
- uses: actions/checkout@v4
- name: Run baseline validation checks
run: scripts/validation/validate-baseline.sh "Vultr" "${{ env.CONFIG_PATH }}" "iac_modules/pulumi"
delivery:
name: Deliver Vultr baseline rollout notifications
needs: validation
if: >-
${{
(github.event_name == 'workflow_dispatch' && github.event.inputs.deploy_action != 'init') ||
(github.event_name == 'workflow_call' && inputs.deploy_action != 'init') ||
(github.event_name != 'workflow_dispatch' && github.event_name != 'workflow_call')
}}
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Notify stakeholders
run: scripts/notifications/notify-baseline-delivery.sh