From 1511eae7d535b39e269be56d778f6da705587340 Mon Sep 17 00:00:00 2001 From: Camille TJHOA Date: Wed, 27 Dec 2023 14:16:41 +0100 Subject: [PATCH] ci: use new aws role --- .github/workflows/deploy-staging.yml | 3 +-- .github/workflows/deploy-test.yml | 3 +-- .../workflows/test-build-and-deploy-to-s3.yml | 20 ++++++++----------- 3 files changed, 10 insertions(+), 16 deletions(-) diff --git a/.github/workflows/deploy-staging.yml b/.github/workflows/deploy-staging.yml index b92de89f030..83b39536492 100644 --- a/.github/workflows/deploy-staging.yml +++ b/.github/workflows/deploy-staging.yml @@ -25,8 +25,7 @@ jobs: configuration: staging secrets: aws-region: ${{ secrets.AWS_REGION }} - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-access-role-arn: ${{ secrets.AWS_ROLE_ARN }} s3-bucket-name: ${{ secrets.S3_BUCKET_NAME }} cloudflare-zone: ${{ secrets.CLOUDFLARE_ZONE }} cloudflare-token: ${{ secrets.CLOUDFLARE_TOKEN }} diff --git a/.github/workflows/deploy-test.yml b/.github/workflows/deploy-test.yml index 8137361a232..9429b12ebfa 100644 --- a/.github/workflows/deploy-test.yml +++ b/.github/workflows/deploy-test.yml @@ -12,8 +12,7 @@ jobs: configuration: staging secrets: aws-region: ${{ secrets.AWS_REGION }} - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-access-role-arn: ${{ secrets.AWS_ROLE_ARN }} s3-bucket-name: ${{ secrets.S3_BUCKET_NAME }} cloudflare-zone: ${{ secrets.CLOUDFLARE_ZONE }} cloudflare-token: ${{ secrets.CLOUDFLARE_TOKEN }} diff --git a/.github/workflows/test-build-and-deploy-to-s3.yml b/.github/workflows/test-build-and-deploy-to-s3.yml index 78fd91ad815..c4ac2e6575d 100644 --- a/.github/workflows/test-build-and-deploy-to-s3.yml +++ b/.github/workflows/test-build-and-deploy-to-s3.yml @@ -12,9 +12,7 @@ on: secrets: aws-region: required: true - aws-access-key-id: - required: true - aws-secret-access-key: + aws-role-arn: required: true s3-bucket-name: required: true @@ -85,16 +83,14 @@ jobs: with: name: dist-and-coverage-artifacts path: dist/ - #- name: Configure AWS credentials - # uses: aws-actions/configure-aws-credentials@v4 - # with: - # role-to-assume: arn:aws:iam::1234567890:role/example-role - # role-session-name: samplerolesession - # aws-region: ${{ secrets.aws-region }} - # Upload a file to AWS s3 + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ secrets.aws-role-arn }} + aws-region: ${{ secrets.aws-region }} - name: Copy assets to S3 run: | - AWS_REGION=${{ secrets.aws-region }} AWS_ACCESS_KEY_ID=${{ secrets.aws-access-key-id }} AWS_SECRET_ACCESS_KEY=${{ secrets.aws-secret-access-key }} aws s3 cp ./dist/dist/apps/console/ s3://${{ secrets.s3-bucket-name }}/ --recursive --exclude "index.html" + aws s3 cp ./dist/dist/apps/console/ s3://${{ secrets.s3-bucket-name }}/ --recursive --exclude "index.html" - name: Copy index.html to S3 last run: | - AWS_REGION=${{ secrets.aws-region }} AWS_ACCESS_KEY_ID=${{ secrets.aws-access-key-id }} AWS_SECRET_ACCESS_KEY=${{ secrets.aws-secret-access-key }} aws s3 cp ./dist/dist/apps/console/index.html s3://${{ secrets.s3-bucket-name }}/ + aws s3 cp ./dist/dist/apps/console/index.html s3://${{ secrets.s3-bucket-name }}/