Thanks to visit codestin.com
Credit goes to github.com

Skip to content

chore: configure GH Action to build AMI #1184

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Sep 30, 2025
Merged

chore: configure GH Action to build AMI #1184

merged 2 commits into from
Sep 30, 2025

Conversation

@MicBun
Copy link
Member

@MicBun MicBun commented Sep 30, 2025
edited
Loading

resolves: https://github.com/trufnetwork/truf-network/issues/1246

currently testing: https://github.com/trufnetwork/node/actions/runs/18131563160/job/51599311887

Summary by CodeRabbit

  • New Features

    • Added stage-aware AMI pipeline deployments via a STAGE setting (default: prod), enabling environment-specific stacks and outputs.
    • AMI publishing is now conditional: AMIs are made public only in prod.

  • Chores

    • Parameterized stack naming, deployment checks, commands and queries to respect the selected stage.
    • Release notes and workflow messages now include stage and availability (Public for prod, Private otherwise).

@MicBun MicBun self-assigned this Sep 30, 2025
@coderabbitai
Copy link

coderabbitai bot commented Sep 30, 2025
edited
Loading

Walkthrough

Adds a STAGE workflow input (default: prod) to the AMI build GitHub Actions workflow; parameterizes stack names, CDK deploy commands, and CloudFormation queries to use AMI-Pipeline-${{ env.STAGE }}-Stack; conditionally makes the AMI public only for prod; and updates release notes to include stage and availability.

Changes

Cohort / File(s) Summary
Stage-aware AMI pipeline workflow
.github/workflows/ami-build.yml		 Add inputs.stage and STAGE env (default prod); replace hard-coded AMI-Pipeline-default-Stack with AMI-Pipeline-${{ env.STAGE }}-Stack across checks, deploys, and describe/outputs; pass --context stage=${{ env.STAGE }} to CDK; update deployment/log messages to include stage; add conditional step to make AMI public only when prod; update GitHub release step to include Stage and availability (Public for prod, Private otherwise).

Sequence Diagram(s)

sequenceDiagram
  autonumber
  actor GH as GitHub Actions Workflow
  participant CDK as AWS CDK CLI
  participant CFN as CloudFormation
  participant EC2 as EC2 (AMI operations)
  note over GH: Inputs.stage → env.STAGE (default: prod)

  GH->>CDK: cdk deploy AMI-Pipeline-${STAGE}-Stack --context stage=${STAGE}
  CDK->>CFN: Create/Update stack AMI-Pipeline-${STAGE}-Stack
  CFN-->>CDK: Stack status + outputs
  CDK-->>GH: Deployment result & outputs

  GH->>CFN: aws cloudformation describe-stacks --stack-name AMI-Pipeline-${STAGE}-Stack
  CFN-->>GH: Return outputs (AMI ID, etc.)

  alt STAGE == prod
    GH->>EC2: ModifyImageAttribute (make AMI public)
    EC2-->>GH: Permission update + verification
  else STAGE != prod
    GH->>GH: Skip public AMI steps (AMI remains private)
  end

  GH->>GH: Create GitHub release notes (include Stage + availability)
Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Suggested reviewers

  • outerlook

Poem

I twitched my ears at stages new,
Prod or dev — a burrow or two.
Stack names hop with every run,
Public only when the prod-day’s sun.
I baked the AMI, neat and spry — 🥕🐇

Pre-merge checks and finishing touches

✅ Passed checks (5 passed)
Check name Status Explanation
Title Check ✅ Passed The title succinctly captures the primary change, indicating that the GitHub Actions workflow is being configured to build an AMI. It is concise, free of extraneous details, and directly relates to the core purpose of the changeset. A reviewer scanning the history will immediately understand the main update from this title.
Linked Issues Check ✅ Passed The pull request fully addresses issue [#1246] by modifying the GitHub Actions workflow to support AMI building and publication, including the addition of stage inputs, dynamic stack naming, and conditional AMI sharing logic. These changes directly implement the requirement to configure the CI pipeline for AWS AMI creation and publication. All updates align with the objectives outlined in the linked issue.
Out of Scope Changes Check ✅ Passed All modifications are confined to the GitHub Actions workflow and associated release scripting to enable AMI build and publication, matching the scope of issue [#1246]. No unrelated files or functionality outside of CI configuration have been altered. Therefore, there are no out-of-scope changes in this pull request.
Docstring Coverage ✅ Passed No functions found in the changes. Docstring coverage check skipped.
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
✨ Finishing touches
  • 📝 Generate Docstrings
🧪 Generate unit tests
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch githubAction

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share
🧪 Early access (Sonnet 4.5): enabled

We are currently testing the Sonnet 4.5 model, which is expected to improve code review quality. However, this model may lead to increased noise levels in the review comments. Please disable the early access features if the noise level causes any inconvenience.

Note:

  • Public repositories are always opted into early access features.
  • You can enable or disable early access features from the CodeRabbit UI or by updating the CodeRabbit configuration file.

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot]
coderabbitai bot reviewed Sep 30, 2025
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

🧹 Nitpick comments (4)
.github/workflows/ami-build.yml (4)

20-20: Consider making STAGE a workflow input parameter.

The current approach requires editing the workflow file to change stages. This is error-prone and doesn't align with best practices for environment management.

Consider moving STAGE to a workflow input parameter:

  workflow_dispatch:
    inputs:
+     stage:
+       description: "Deployment stage (prod or dev)"
+       type: choice
+       options:
+         - prod
+         - dev
+       default: prod
      force_build:
        description: "Force AMI build even if not a release"
        type: boolean
        default: false

Then reference it in the env section:

 env:
   AWS_REGION: us-east-2
-  STAGE: prod  # Change to 'dev' for development AMIs
+  STAGE: ${{ github.event.inputs.stage || 'prod' }}

76-76: Optimize CDK bootstrap call.

The cdk bootstrap command runs unconditionally, which is redundant if the AWS environment is already bootstrapped. This adds unnecessary execution time.

Consider checking bootstrap status before running:

-          cdk bootstrap --require-approval never
+          # Check if already bootstrapped
+          if ! aws cloudformation describe-stacks \
+            --stack-name CDKToolkit \
+            --region "${{ env.AWS_REGION }}" > /dev/null 2>&1; then
+            echo "Bootstrapping CDK environment..."
+            cdk bootstrap --require-approval never
+          else
+            echo "CDK environment already bootstrapped."
+          fi

114-158: LGTM! Consider documenting timeout expectations.

The polling logic and state handling are well-implemented. The 90-minute timeout is reasonable for AMI builds, but consider documenting typical build times in comments to help future maintainers understand if this value needs adjustment.

Consider adding a comment:

       - name: Wait for AMI build completion
-        timeout-minutes: 90
+        timeout-minutes: 90  # Typical AMI builds complete in 20-30 minutes

178-226: Consider including stage information in release notes.

The release update adds AMI details but doesn't indicate which stage (prod/dev) the AMI was built for. This could be confusing if both stages are used.

Consider adding the stage to the release comment:

             const amiId = process.env.AMI_ID;
             const region = process.env.AWS_REGION;
+            const stage = process.env.STAGE;
             const releaseId = process.env.RELEASE_ID;

             const comment = `## 🚀 AMI Build Completed

+            **Stage:** \`${stage}\`
             **AMI ID:** \`${amiId}\`
             **Region:** \`${region}\`
📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between e40b84f and 6d74d61.

📒 Files selected for processing (1)
  • .github/workflows/ami-build.yml (3 hunks)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)
  • GitHub Check: Build TrufNetwork AMI
  • GitHub Check: acceptance-test
🔇 Additional comments (6)
.github/workflows/ami-build.yml (6)

90-94: LGTM!

The logic correctly retrieves the pipeline ARN from the existing stack and makes it available to subsequent steps.

96-112: LGTM!

The validation and error handling for the pipeline ARN is robust, and the ImageBuilder integration is correctly implemented.

160-176: LGTM!

The AMI details summary provides comprehensive information for debugging and verification.

228-249: LGTM!

The notification jobs provide clear feedback on workflow completion status.

48-69: Ensure CDK stack exports AmiPipelineArnOutput
I couldn’t find a CfnOutput named AmiPipelineArnOutput in the CDK code under deployments/infra; please add or confirm this output in the AMI-Pipeline-${{ env.STAGE }}-Stack so the workflow can retrieve the pipeline ARN.

76-79: Confirm CDK app reads and uses stage context
I searched for this.node.tryGetContext('stage') and this.node.getContext('stage') across the CDK code but found no matches. Ensure your CDK app code retrieves this context value (e.g., via this.node.tryGetContext('stage')) and uses it to construct the stage-specific stack name.

@pr-time-tracker
Copy link

pr-time-tracker bot commented Sep 30, 2025
edited
Loading

Time Submission Status

Member Status Time Action Last Update
MicBun ✅ Submitted 4h 30min Update time Sep 30, 2025, 4:20 PM
@outerlook ❌ Missing - ⚠️ Submit time -

@MicBun MicBun requested a review from outerlook September 30, 2025 15:51
@MicBun MicBun merged commit 987eef2 into main Sep 30, 2025
10 of 11 checks passed
@MicBun MicBun deleted the githubAction branch September 30, 2025 16:21
This was referenced Oct 1, 2025
Merged
Merged
Merged
This was referenced Oct 8, 2025
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

@outerlook outerlook outerlook approved these changes

Assignees

@MicBun MicBun

Labels

type: chore

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@MicBun @outerlook