AWS-CDK GitHub Actions allow you to run cdk deploy
and cdk diff
(among other cdk subcommands) on your pull requests to help you review.
- TypeScript
- JavaScript
- Python
- Golang
on: [push]
jobs:
aws_cdk:
runs-on: ubuntu-latest
steps:
- name: cdk diff
uses: youyo/aws-cdk-github-actions@v2
with:
cdk_subcommand: 'diff'
actions_comment: true
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: 'ap-northeast-1'
- name: cdk deploy
uses: youyo/aws-cdk-github-actions@v2
with:
cdk_subcommand: 'deploy'
cdk_stack: 'stack1'
cdk_args: '--require-approval never'
actions_comment: false
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: 'ap-northeast-1'
- name: cdk synth
uses: youyo/aws-cdk-github-actions@v2
with:
cdk_subcommand: 'synth'
cdk_version: '1.16.2'
working_dir: 'src'
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: 'ap-northeast-1'
If you use assume-role, we recommend using awscredswrap.
See: https://github.com/marketplace/actions/aws-assume-role-github-actions#use-as-github-actions
on: [push]
jobs:
aws_cdk:
runs-on: ubuntu-latest
steps:
- name: Assume Role
uses: youyo/awscredswrap@master
with:
role_arn: ${{ secrets.ROLE_ARN }}
duration_seconds: 3600
role_session_name: 'awscredswrap@GitHubActions'
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: 'ap-northeast-1'
- name: cdk diff
uses: youyo/aws-cdk-github-actions@v2
with:
cdk_subcommand: 'diff'
cdk_subcommand
Required AWS CDK subcommand to execute ('deploy', 'diff', etc.)cdk_version
AWS CDK version to install. (default: 'latest')cdk_stack
AWS CDK stack name to execute. (default: '*')working_dir
AWS CDK working directory. (default: '.')actions_comment
Whether or not to comment on pull requests. (default: true)debug_log
Enable debug-log. (default: false)
status_code
Returned status code.
AWS_ACCESS_KEY_ID
RequiredAWS_SECRET_ACCESS_KEY
RequiredGITHUB_TOKEN
Required foractions_comment=true
Recommended to get AWS_ACCESS_KEY_ID
and AWS_SECRET_ACCESS_KEY
from secrets. The github token is automatically made available as a secret as GITHUB_TOKEN
.