feat: make re-usable for other repos

bifravst · Apr 5, 2024 · b09d200 · b09d200
1 parent 42d4866
commit b09d200
Show file tree

Hide file tree

Showing 5 changed files with 27 additions and 12 deletions.
diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml
@@ -39,8 +39,8 @@ jobs:
           # The role is set up via https://github.com/hello-nrfcloud/ci
           # secrets.AWS_ACCOUNT_ID_CI is an organization secret
           role-to-assume: |
-            arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID_CI }}:role/hello-nrfcloud-ci-${{ github.event.repository.name }}
+            arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID_CI }}:role/${{ github.repository_owner }}-ci-${{ github.event.repository.name }}
           # vars.AWS_REGION_CI is an organization variable
           aws-region: ${{ vars.AWS_REGION_CI }}
 
-      - run: npx cdk deploy --require-approval
+      - run: npx cdk deploy --require-approval never
diff --git a/cdk/ci.ts b/cdk/ci.ts
@@ -9,14 +9,17 @@ const { token } = fromEnv({
 	token: 'GITHUB_TOKEN',
 })(process.env)
 
-const repos = await listRepos(token, await loadRepoList())
+const repos = await listRepos(
+	token,
+	await loadRepoList(process.env.REPOS_LIST ?? './repos.txt'),
+)
 for (const repo of repos) {
 	console.debug(`Setting up permissions for ${repo.name} (${repo.id})...`)
 }
 
 const iam = new IAMClient({})
 
-new CIApp('hello-nrfcloud-ci', {
+new CIApp(process.env.STACK_NAME ?? 'hello-nrfcloud-ci', {
 	gitHubOICDProviderArn: await ensureGitHubOIDCProvider({
 		iam,
 	}),

diff --git a/cdk/loadRepoList.spec.ts b/cdk/loadRepoList.spec.ts
@@ -1,14 +1,22 @@
 import { describe, it } from 'node:test'
 import assert from 'node:assert/strict'
 import { loadRepoList } from './loadRepoList.js'
+import path from 'node:path'
 
 void describe('loadRepoList()', () => {
 	void it('should load the list of repos', async () => {
-		assert.notEqual(
-			(await loadRepoList()).find(
-				(el) => el.name === 'ci' && el.owner === 'hello-nrfcloud',
-			),
-			undefined,
+		assert.deepEqual(
+			await loadRepoList(path.join(process.cwd(), 'cdk', 'test', 'repos.txt')),
+			[
+				{
+					name: 'ci',
+					owner: 'hello-nrfcloud',
+				},
+				{
+					name: 'aws-cdk-ecr-helpers',
+					owner: 'bifravst',
+				},
+			],
 		)
 	})
 })
diff --git a/cdk/loadRepoList.ts b/cdk/loadRepoList.ts
@@ -1,9 +1,10 @@
-import path from 'node:path'
 import { readFile } from 'node:fs/promises'
 import type { Repository } from './listRepos.js'
 
-export const loadRepoList = async (): Promise<Array<Omit<Repository, 'id'>>> =>
-	(await readFile(path.join(process.cwd(), 'repos.txt'), 'utf-8'))
+export const loadRepoList = async (
+	location: string,
+): Promise<Array<Omit<Repository, 'id'>>> =>
+	(await readFile(location, 'utf-8'))
 		.trim()
 		.split('\n')
 		.filter((s) => !s.startsWith('#'))

diff --git a/cdk/test/repos.txt b/cdk/test/repos.txt
@@ -0,0 +1,3 @@
+hello-nrfcloud/ci
+# a comment
+bifravst/aws-cdk-ecr-helpers