chrisqm-dev
diff --git a/‎.github/workflows/deploy.yml‎
Lines changed: 45 additions & 0 deletions b/‎.github/workflows/deploy.yml‎
Lines changed: 45 additions & 0 deletions
diff --git a/‎.github/workflows/develop.yaml‎
Lines changed: 333 additions & 0 deletions b/‎.github/workflows/develop.yaml‎
Lines changed: 333 additions & 0 deletions
@@ -0,0 +1,45 @@
+name: GitHub CloudFormation Deployment
+run-name: ${{ github.actor }} is testing out GitHub Actions 🚀
+on: [push]
+permissions:
+  id-token: write   # This is required for requesting the JWT
+  contents: read    # This is required for actions/checkout
+jobs:
+  Explore-GitHub-Actions:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out repository code
+        uses: actions/checkout@v3
+      - name: Configure AWS credentials from Test account
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
+          aws-region: us-east-1
+      - name: Deploy
+        uses: aws-actions/aws-cloudformation-github-deploy@master
+        with:
+          name: TestGitHubAction
+          template: stack.yaml
+          parameter-overrides: >-
+            Environment=beta,
+            AList="value1,value2"
+
+  test-long-running:
+    runs-on: ubuntu-latest
+    timeout-minutes: 120
+    steps:
+      - name: Check out repository code
+        uses: actions/checkout@v3
+      - name: Configure AWS credentials from Test account
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
+          aws-region: us-east-1
+          role-duration-seconds: 7200
+      - name: Test long-running stack (70 minutes)
+        uses: aws-actions/aws-cloudformation-github-deploy@master
+        with:
+          name: test-long-running-${{ github.run_number }}
+          template: long-running-stack.yaml
+          capabilities: "CAPABILITY_IAM"
+          timeout-in-minutes: 90
@@ -0,0 +1,333 @@
+name: Test CloudFormation Action v2.0.0-beta
+
+on:
+  workflow_dispatch:
+  push:
+    branches: [main]
+
+permissions:
+  id-token: write   # This is required for requesting the JWT
+  contents: read    # This is required for actions/checkout
+
+jobs:
+  test-create-and-execute:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
+          aws-region: us-east-1
+
+      - name: Test with local template and JSON file
+        id: deploy-file
+        uses: aws-actions/aws-cloudformation-github-deploy@v2.0.0-beta
+        with:
+          name: test-file-${{ github.run_number }}
+          template: stack.yaml
+          parameter-overrides: "file:///${{ github.workspace }}/overrides.json"
+
+      - name: Test with inline parameters
+        id: deploy-inline
+        uses: aws-actions/aws-cloudformation-github-deploy@v2.0.0-beta
+        with:
+          name: test-inline-${{ github.run_number }}
+          template: stack.yaml
+          parameter-overrides: "Environment=gamma,AList=value1,AList=value2"
+
+  test-large-template:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
+          aws-region: us-east-1
+
+      - name: Test with large template (should fail with clean error message)
+        id: deploy-large
+        uses: aws-actions/aws-cloudformation-github-deploy@v2.0.0-beta
+        with:
+          name: test-large-${{ github.run_number }}
+          template: large-template.yaml
+          parameter-overrides: "Environment=test"
+        continue-on-error: true
+
+      - name: Verify large template error message
+        run: |
+          echo "Large template test completed (expected to fail)"
+          echo "This test verifies that oversized templates produce clean error messages"
+
+  test-validation-error:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
+          aws-region: us-east-1
+
+      - name: Test template with validation error (should fail during change set creation)
+        id: deploy-validation-error
+        uses: aws-actions/aws-cloudformation-github-deploy@v2.0.0-beta
+        with:
+          name: test-validation-error-${{ github.run_number }}
+          template: validation-error-template.yaml
+          parameter-overrides: "Environment=test"
+        continue-on-error: true
+
+      - name: Verify validation error handling
+        run: |
+          echo "Validation error test completed (expected to fail during change set creation)"
+          echo "This test verifies that template validation errors produce clean error messages"
+
+  test-execution-error:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
+          aws-region: us-east-1
+
+      - name: Test template with execution error (should fail during change set execution)
+        id: deploy-execution-error
+        uses: aws-actions/aws-cloudformation-github-deploy@v2.0.0-beta
+        with:
+          name: test-execution-error-${{ github.run_number }}
+          template: execution-error-template.yaml
+          parameter-overrides: "Environment=test"
+        continue-on-error: true
+
+      - name: Verify execution error handling
+        run: |
+          echo "Execution error test completed (expected to fail during change set execution)"
+          echo "This test verifies that execution errors produce detailed failure information"
+
+  test-empty-changeset:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
+          aws-region: us-east-1
+
+      - name: Deploy stack first time
+        id: deploy-first
+        uses: aws-actions/aws-cloudformation-github-deploy@v2.0.0-beta
+        with:
+          name: test-empty-changeset-${{ github.run_number }}
+          template: stack.yaml
+          parameter-overrides: "Environment=beta,AList=value1,AList=value2"
+
+      - name: Deploy same stack again with default behavior (should succeed on empty changeset)
+        id: deploy-second-default
+        uses: aws-actions/aws-cloudformation-github-deploy@v2.0.0-beta
+        with:
+          name: test-empty-changeset-${{ github.run_number }}
+          template: stack.yaml
+          parameter-overrides: "Environment=beta,AList=value1,AList=value2"
+
+      - name: Deploy same stack again with fail-on-empty-changeset=1 (should fail on empty changeset)
+        id: deploy-second-fail
+        uses: aws-actions/aws-cloudformation-github-deploy@v2.0.0-beta
+        with:
+          name: test-empty-changeset-${{ github.run_number }}
+          template: stack.yaml
+          parameter-overrides: "Environment=beta,AList=value1,AList=value2"
+          fail-on-empty-changeset: "1"
+        continue-on-error: true
+
+      - name: Verify empty changeset behavior
+        run: |
+          echo "Empty changeset test completed"
+          echo "First deployment: ${{ steps.deploy-first.outputs.stack-id }}"
+          echo "Second deployment (default): ${{ steps.deploy-second-default.outputs.stack-id }}"
+          echo "Third deployment (fail flag): Expected to fail"
+          echo "This verifies v2 behavior: empty changesets succeed by default, fail when flag is set"
+
+  test-create-only-then-execute:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
+          aws-region: us-east-1
+
+      - name: Create change set for review
+        id: create-cs
+        uses: aws-actions/aws-cloudformation-github-deploy@v2.0.0-beta
+        with:
+          mode: "create-only"
+          name: test-two-step-${{ github.run_number }}
+          template: stack.yaml
+          parameter-overrides: "Environment=prod,AList=prod1,AList=prod2"
+
+      - name: Review change set outputs
+        run: |
+          echo "Change Set ID: ${{ steps.create-cs.outputs.change-set-id }}"
+          echo "Has Changes: ${{ steps.create-cs.outputs.has-changes }}"
+          echo "Changes Count: ${{ steps.create-cs.outputs.changes-count }}"
+          echo "Changes Summary: ${{ steps.create-cs.outputs.changes-summary }}"
+
+      - name: Execute change set
+        if: steps.create-cs.outputs.has-changes == 'true'
+        uses: aws-actions/aws-cloudformation-github-deploy@v2.0.0-beta
+        with:
+          mode: "execute-only"
+          name: test-two-step-${{ github.run_number }}
+          execute-change-set-id: ${{ steps.create-cs.outputs.change-set-id }}
+
+  test-drift-detection:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
+          aws-region: us-east-1
+
+      - name: Deploy initial stack for drift testing
+        uses: aws-actions/aws-cloudformation-github-deploy@v2.0.0-beta
+        with:
+          name: test-drift-${{ github.run_number }}
+          template: drift-test.yaml
+          parameter-overrides: "RunNumber=${{ github.run_number }}"
+
+      - name: Introduce drift by manually changing parameter
+        run: |
+          # Debug: Check if parameter exists
+          echo "Checking if parameter exists..."
+          aws ssm describe-parameters --parameter-filters "Key=Name,Values=/test/drift-${{ github.run_number }}" || echo "Parameter not found"
+          
+          # Debug: List all parameters with our prefix
+          echo "Listing parameters with /test/drift prefix..."
+          aws ssm describe-parameters --parameter-filters "Key=Name,Option=BeginsWith,Values=/test/drift" || echo "No parameters found"
+          
+          # Add a tag outside of CloudFormation to create drift
+          echo "Adding tags to parameter..."
+          aws ssm add-tags-to-resource \
+            --resource-type Parameter \
+            --resource-id /test/drift-${{ github.run_number }} \
+            --tags Key=ManualTag,Value=added-outside-cfn
+          
+          # Change the parameter value to create more drift
+          echo "Updating parameter value..."
+          aws ssm put-parameter \
+            --name /test/drift-${{ github.run_number }} \
+            --value "manually-changed-value" \
+            --overwrite
+
+      - name: Create drift-reverting change set
+        id: drift-cs
+        uses: aws-actions/aws-cloudformation-github-deploy@v2.0.0-beta
+        with:
+          mode: "create-only"
+          name: test-drift-${{ github.run_number }}
+          template: drift-test.yaml
+          parameter-overrides: "RunNumber=${{ github.run_number }}"
+          deployment-mode: "REVERT_DRIFT"
+
+      - name: Review drift change set
+        run: |
+          echo "Drift Change Set ID: ${{ steps.drift-cs.outputs.change-set-id }}"
+          echo "Has Changes: ${{ steps.drift-cs.outputs.has-changes }}"
+          echo "Changes Count: ${{ steps.drift-cs.outputs.changes-count }}"
+          echo "Changes Summary: ${{ steps.drift-cs.outputs.changes-summary }}"
+
+      - name: Execute drift-reverting change set
+        uses: aws-actions/aws-cloudformation-github-deploy@v2.0.0-beta
+        with:
+          mode: "execute-only"
+          name: test-drift-${{ github.run_number }}
+          execute-change-set-id: ${{ steps.drift-cs.outputs.change-set-id }}
+
+  test-long-running:
+    runs-on: ubuntu-latest
+    timeout-minutes: 120
+    steps:
+      - uses: actions/checkout@v4
+      
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
+          aws-region: us-east-1
+          role-duration-seconds: 7200
+
+      - name: Test long-running stack (70 minutes)
+        uses: aws-actions/aws-cloudformation-github-deploy@v2.0.0-beta
+        with:
+          name: test-long-running-${{ github.run_number }}
+          template: long-running-stack.yaml
+          capabilities: "CAPABILITY_IAM"
+          timeout-in-minutes: 90
+
+  cleanup:
+    runs-on: ubuntu-latest
+    needs: [test-create-and-execute, test-large-template, test-validation-error, test-execution-error, test-create-only-then-execute, test-drift-detection, test-long-running]
+    if: always()
+    steps:
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
+          aws-region: us-east-1
+
+      - name: Cleanup test stacks
+        run: |
+          # Find all test stacks for this run
+          stacks=$(aws cloudformation list-stacks \
+            --query "StackSummaries[?contains(StackName, 'test-') && contains(StackName, '${{ github.run_number }}') && StackStatus != 'DELETE_COMPLETE'].StackName" \
+            --output text)
+          
+          if [ ! -z "$stacks" ]; then
+            echo "Found stacks to delete: $stacks"
+            echo "$stacks" | tr '\t' '\n' | while read stack; do
+              if [ ! -z "$stack" ]; then
+                echo "Deleting stack: $stack"
+                aws cloudformation delete-stack --stack-name "$stack"
+              fi
+            done
+            
+            # Wait for all deletions to complete
+            echo "Waiting for stack deletions to complete..."
+            echo "$stacks" | tr '\t' '\n' | while read stack; do
+              if [ ! -z "$stack" ]; then
+                echo "Waiting for $stack to delete..."
+                aws cloudformation wait stack-delete-complete --stack-name "$stack" || echo "Stack $stack deletion failed or timed out"
+              fi
+            done
+          else
+            echo "No stacks found to delete"
+          fi
+
+      - name: Cleanup SSM parameters
+        run: |
+          # Clean up all test parameters for this run
+          echo "Cleaning up SSM parameters..."
+          aws ssm describe-parameters \
+            --parameter-filters "Key=Name,Option=BeginsWith,Values=/test/" \
+            --query "Parameters[?contains(Name, '${{ github.run_number }}')].Name" \
+            --output text | tr '\t' '\n' | while read param; do
+            if [ ! -z "$param" ]; then
+              echo "Deleting parameter: $param"
+              aws ssm delete-parameter --name "$param" || echo "Parameter $param already deleted"
+            fi
+          done