NASA-IMPACT · anayeaye · Mar 5, 2024 · Mar 4, 2024 · Mar 4, 2024 · Mar 4, 2024
diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml
@@ -9,7 +9,6 @@ on:
     branches:
       - main
       - dev
-      - production
 
 jobs:
   define-environment:
@@ -21,18 +20,17 @@ jobs:
         run: |
           if [ "${{ github.ref }}" = "refs/heads/main" ]; then
             echo "env_name=staging" >> $GITHUB_OUTPUT
-            echo "secret_name=veda-auth-staging" >> $GITHUB_OUTPUT
+            echo "secret_name=veda-auth-uah-env" >> $GITHUB_OUTPUT
           elif [ "${{ github.ref }}" = "refs/heads/dev" ]; then
             echo "env_name=development" >> $GITHUB_OUTPUT
-            echo "secret_name=veda-auth-dev" >> $GITHUB_OUTPUT
-          elif [ "${{ github.ref }}" = "refs/heads/production" ]; then
-            echo "env_name=production" >> $GITHUB_OUTPUT
+            echo "secret_name=veda-auth-dev-env" >> $GITHUB_OUTPUT
           fi
       - name: Print the environment
         run: echo "The environment is ${{ steps.define_environment.outputs.env_name }}"
 
     outputs:
       env_name: ${{ steps.define_environment.outputs.env_name }}
+      secret_name: ${{ steps.define_environment.outputs.secret_name }}
 
   deploy:
     name: Deploy to ${{ needs.define-environment.outputs.env_name }} 🚀
@@ -43,20 +41,46 @@ jobs:
     concurrency: ${{ needs.define-environment.outputs.env_name }}
 
     steps:
-      - name: Checkout
-        uses: actions/checkout@v3
+      - uses: actions/checkout@v3
+      - name: Set up Python
+        uses: actions/setup-python@v4
         with:
-          lfs: "true"
-          submodules: "recursive"
-
+          python-version: '3.9'
+
+      - name: Setup Node
+        uses: actions/setup-node@v3
+        with:
+          node-version: 17
+
       - name: Configure awscli
         uses: aws-actions/configure-aws-credentials@v3
         with:
-          role-to-assume: ${{ secrets.DEPLOYMENT_ROLE_ARN }}
-          role-session-name: "veda-auth-github-${{ needs.define-environment.outputs.env_name }}-deployment"
-          aws-region: "us-west-2"
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: us-west-2
+
+      - uses: actions/cache@v3
+        with:
+          path: ~/.npm
+          key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('**/package-lock.json') }}
 
-      - name: Run deployment
-        uses: "./.github/actions/cdk-deploy"
+      - name: Install CDK
+        run: npm install -g aws-cdk@2
+
+      - uses: actions/cache@v3
         with:
-          env_aws_secret_name: ${{ secrets.ENV_AWS_SECRET_NAME }}
+          path: ${{ env.pythonLocation }}
+          key:  ${{ env.pythonLocation }}-${{ hashFiles('setup.py') }}
+
+      - name: Install python dependencies
+        run: |
+          pip install -r requirements.txt
+
+      - name: Get environment configuration for target branch
+        run: |
+          ./scripts/get-env.sh ${{ needs.define-environment.outputs.secret_name }}
+
+      - name: Deploy
+        run: |
+          echo $STAGE
+          cdk deploy --require-approval never --outputs-file ${HOME}/cdk-outputs.json
diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml
@@ -3,7 +3,31 @@ name: Pull Request - Preview CDK Diff
 on: [pull_request]
 
 jobs:
+  define-environment:
+    name: Set ✨ environment ✨ based on the branch 🌳
+    runs-on: ubuntu-latest
+    steps:
+      - name: Set the environment
+        id: define_environment
+        run: |
+          if [ "${{ github.ref }}" = "refs/heads/main" ]; then
+            echo "env_name=staging" >> $GITHUB_OUTPUT
+            echo "secret_name=veda-auth-uah-env" >> $GITHUB_OUTPUT
+          elif [ "${{ github.ref }}" = "refs/heads/dev" ]; then
+            echo "env_name=development" >> $GITHUB_OUTPUT
+            echo "secret_name=veda-auth-dev-env" >> $GITHUB_OUTPUT
+          fi
+      - name: Print the environment
+        run: echo "The environment is ${{ steps.define_environment.outputs.env_name }}"
+
+    outputs:
+      env_name: ${{ steps.define_environment.outputs.env_name }}
+      secret_name: ${{ steps.define_environment.outputs.secret_name }}
+
+
   predeploy:
+    name: Pre-deploy cdk diff for ${{ needs.define-environment.outputs.env_name }} 🚀
+    needs: [define-environment]
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
@@ -43,7 +67,8 @@ jobs:
 
       - name: Get environment configuration for target branch
         run: |
-          ./scripts/get-env.sh "veda-auth-uah-env"
+          ./scripts/get-env.sh ${{ needs.define-environment.outputs.secret_name }}
+
       - name: Pre deployment CDK diff
         run: |
           echo $STAGE

diff --git a/cdk.json b/cdk.json
@@ -1,3 +1,6 @@
 {
-  "app": "python3 app.py"
+  "app": "python3 app.py",
+  "context": {
+    "@aws-cdk/customresources:installLatestAwsSdkDefault": false
+  }
 }
diff --git a/infra/stack.py b/infra/stack.py
@@ -59,7 +59,7 @@ def __init__(
                 )
             else:
                 auth_provider_client = self.add_programmatic_client(
-                    "cognito-identity-pool-auth-provider",
+                    f"{stack_name}-identity-provider",
                     name="Identity Pool Authentication Provider",
                 )
                 if app_settings.data_managers_role_arn:
@@ -330,13 +330,6 @@ def add_programmatic_client(
                 "veda_userpool_id": self.userpool.user_pool_id,
             },
         )
-        stack_name = Stack.of(self).stack_name
-        CfnOutput(
-            self,
-            f"cognito-sdk-{service_id}-secret",
-            export_name=f"{stack_name}-cognito-sdk-secret",
-            value=cognito_sdk_secret.secret_name,
-        )
 
         return client
 
@@ -360,29 +353,6 @@ def add_service_client(
             user_pool_client_name=f"{service_id} Service Access",
             disable_o_auth=False,
         )
-        # temp: we are going provide client id, secret, and user pool id values twice in the secret (once with veda_ prefix)
-        service_client_secret = self._get_client_secret(client)
-        cognito_app_secret = self._create_secret(
-            service_id,
-            {
-                "flow": "client_credentials",
-                "cognito_domain": self.domain.base_url(),
-                "client_id": client.user_pool_client_id,
-                "client_secret": service_client_secret,
-                "userpool_id": self.userpool.user_pool_id,
-                "veda_client_id": client.user_pool_client_id,
-                "veda_client_secret": service_client_secret,
-                "veda_userpool_id": self.userpool.user_pool_id,
-                "scope": " ".join(scope.scope_name for scope in scopes),
-            },
-        )
-        stack_name = Stack.of(self).stack_name
-        CfnOutput(
-            self,
-            f"cognito-app-{service_id}-secret",
-            export_name=f"{stack_name}-cognito-app-secret",
-            value=cognito_app_secret.secret_name,
-        )
 
         return client