Align AWS global baseline workflow with Pulumi preview

2025-09-30 07:56:40 +08:00 · 2025-09-30 07:56:40 +08:00 · d7897ddf4c
commit d7897ddf4c
parent 3cae65cf93
1 changed files with 36 additions and 8 deletions
--- a/.github/workflows/iac-pipeline-aws-global-landingzone-baseline.yaml
+++ b/.github/workflows/iac-pipeline-aws-global-landingzone-baseline.yaml
@ -42,20 +42,34 @@ jobs:
      - uses: actions/setup-python@v5
        with:
          python-version: '3.10'
+      - uses: pulumi/setup-pulumi@v4
+        with:
+          pulumi-version: '^3'
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: ${{ secrets.AWS_REGION }}
+          aws-session-token: ${{ secrets.AWS_SESSION_TOKEN }}
+          role-session-name: pulumi-preview
+      - name: Ensure Pulumi stack exists
+        env:
+          PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
+        run: |
+          pulumi login
+          pulumi stack select aws/global-baseline-dev --non-interactive || pulumi stack init aws/global-baseline-dev --non-interactive
      - name: Install dependencies
        run: |
          python -m pip install --upgrade pip
          pip install -r requirements.txt
      - name: Pulumi preview
-        uses: pulumi/actions@v4
+        uses: pulumi/actions@v6
        with:
          command: preview
          stack-name: aws/global-baseline-dev
          work-dir: iac_modules/pulumi
        env:
-          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          AWS_SESSION_TOKEN: ${{ secrets.AWS_SESSION_TOKEN }}
          AWS_REGION: ${{ secrets.AWS_REGION }}
          AWS_DEFAULT_REGION: ${{ secrets.AWS_REGION }}
          PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
@ -70,20 +84,34 @@ jobs:
      - uses: actions/setup-python@v5
        with:
          python-version: '3.10'
+      - uses: pulumi/setup-pulumi@v4
+        with:
+          pulumi-version: '^3'
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: ${{ secrets.AWS_REGION }}
+          aws-session-token: ${{ secrets.AWS_SESSION_TOKEN }}
+          role-session-name: pulumi-apply
+      - name: Ensure Pulumi stack exists
+        env:
+          PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
+        run: |
+          pulumi login
+          pulumi stack select aws/global-baseline-prod --non-interactive || pulumi stack init aws/global-baseline-prod --non-interactive
      - name: Install dependencies
        run: |
          python -m pip install --upgrade pip
          pip install -r requirements.txt
      - name: Pulumi up
-        uses: pulumi/actions@v4
+        uses: pulumi/actions@v6
        with:
          command: up
          stack-name: aws/global-baseline-prod
          work-dir: iac_modules/pulumi
        env:
-          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          AWS_SESSION_TOKEN: ${{ secrets.AWS_SESSION_TOKEN }}
          AWS_REGION: ${{ secrets.AWS_REGION }}
          AWS_DEFAULT_REGION: ${{ secrets.AWS_REGION }}
          PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}