From 42bf84f91fbe918b10cbb5568e29827bb33ea788 Mon Sep 17 00:00:00 2001 From: Fabrizio Branca Date: Fri, 1 Mar 2024 14:48:03 +0100 Subject: [PATCH] Updated action to upload to new S3-Bucket authenticating against AWS via OIDC --- .github/workflows/main.yml | 100 +++++++++++++++++++++++-------------- 1 file changed, 63 insertions(+), 37 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 4dcfc5c..288fb07 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -7,6 +7,7 @@ on: - main jobs: + build: runs-on: ubuntu-latest steps: @@ -22,50 +23,75 @@ jobs: with: name: build path: build - deploy: - runs-on: ubuntu-20.04 - if: github.ref == 'refs/heads/main' + + deploy-test: + runs-on: ubuntu-latest needs: build environment: name: techradar - url: https://www.aoe.com/techradar/index.html + url: http://techradar-test-aoe.s3-website.eu-central-1.amazonaws.com/techradar/index.html + permissions: + id-token: write + contents: read steps: - name: Download Artifact uses: actions/download-artifact@v3 with: name: build path: build - - uses: jakejarvis/s3-sync-action@master + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@master with: - args: --acl public-read - env: - AWS_S3_BUCKET: "techradar.aoe.com" - AWS_ACCESS_KEY_ID: ${{ secrets.ACCESS_KEY }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.ACCESS_SECRET }} - AWS_REGION: "eu-central-1" - SOURCE_DIR: "build" - DEST_DIR: "techradar" - deploy-dev: - runs-on: ubuntu-20.04 - if: github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository - needs: build - environment: - name: techradar-next - url: http://techradar-next.aoe.com.s3.eu-central-1.amazonaws.com/techradar/index.html - steps: - - run: echo "WARNING! THIS DEPLOYS A STAGING ENV, RERUN THIS JOB TO GET YOUR CHANGES DEPLOYED TO STAGING" - - name: Download Artifact - uses: actions/download-artifact@v3 - with: - name: build - path: build - - uses: jakejarvis/s3-sync-action@master - with: - args: --acl public-read - env: - AWS_S3_BUCKET: "techradar-next.aoe.com" - AWS_ACCESS_KEY_ID: ${{ secrets.ACCESS_KEY }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.ACCESS_SECRET }} - AWS_REGION: "eu-central-1" - SOURCE_DIR: "build" - DEST_DIR: "techradar" + aws-region: eu-central-1 + role-to-assume: arn:aws:iam::511165248623:role/github_techradar + role-session-name: GitHubActions + - run: 'aws s3 sync --delete s3://techradar-test-aoe/techradar/' + +# deploy: +# runs-on: ubuntu-20.04 +# if: github.ref == 'refs/heads/main' +# needs: build +# environment: +# name: techradar +# url: https://www.aoe.com/techradar/index.html +# steps: +# - name: Download Artifact +# uses: actions/download-artifact@v3 +# with: +# name: build +# path: build +# - uses: jakejarvis/s3-sync-action@master +# with: +# args: --acl public-read +# env: +# AWS_S3_BUCKET: "techradar.aoe.com" +# AWS_ACCESS_KEY_ID: ${{ secrets.ACCESS_KEY }} +# AWS_SECRET_ACCESS_KEY: ${{ secrets.ACCESS_SECRET }} +# AWS_REGION: "eu-central-1" +# SOURCE_DIR: "build" +# DEST_DIR: "techradar" +# +# deploy-dev: +# runs-on: ubuntu-20.04 +# if: github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository +# needs: build +# environment: +# name: techradar-next +# url: http://techradar-next.aoe.com.s3.eu-central-1.amazonaws.com/techradar/index.html +# steps: +# - run: echo "WARNING! THIS DEPLOYS A STAGING ENV, RERUN THIS JOB TO GET YOUR CHANGES DEPLOYED TO STAGING" +# - name: Download Artifact +# uses: actions/download-artifact@v3 +# with: +# name: build +# path: build +# - uses: jakejarvis/s3-sync-action@master +# with: +# args: --acl public-read +# env: +# AWS_S3_BUCKET: "techradar-next.aoe.com" +# AWS_ACCESS_KEY_ID: ${{ secrets.ACCESS_KEY }} +# AWS_SECRET_ACCESS_KEY: ${{ secrets.ACCESS_SECRET }} +# AWS_REGION: "eu-central-1" +# SOURCE_DIR: "build" +# DEST_DIR: "techradar"