AJR/TechradarDev
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Updated action to upload to new S3-Bucket authenticating against AWS via OIDC

Browse Source
This commit is contained in:
Fabrizio Branca
2024-03-01 14:48:03 +01:00
parent 1a89da8f11
commit 42bf84f91f
1 changed files with 63 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

100
.github/workflows/main.yml vendored
View File

@@ -7,6 +7,7 @@ on:
- main - main
jobs: jobs:
build: build:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
@@ -22,50 +23,75 @@ jobs:
with: with:
name: build name: build
path: build path: build
deploy:
runs-on: ubuntu-20.04 deploy-test:
if: github.ref == 'refs/heads/main' runs-on: ubuntu-latest
needs: build needs: build
environment: environment:
name: techradar name: techradar
url: https://www.aoe.com/techradar/index.html url: http://techradar-test-aoe.s3-website.eu-central-1.amazonaws.com/techradar/index.html
permissions:
id-token: write
contents: read
steps: steps:
- name: Download Artifact - name: Download Artifact
uses: actions/download-artifact@v3 uses: actions/download-artifact@v3
with: with:
name: build name: build
path: build path: build
- uses: jakejarvis/s3-sync-action@master - name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@master
with: with:
args: --acl public-read aws-region: eu-central-1
env: role-to-assume: arn:aws:iam::511165248623:role/github_techradar
AWS_S3_BUCKET: "techradar.aoe.com" role-session-name: GitHubActions
AWS_ACCESS_KEY_ID: ${{ secrets.ACCESS_KEY }} - run: 'aws s3 sync --delete s3://techradar-test-aoe/techradar/'
AWS_SECRET_ACCESS_KEY: ${{ secrets.ACCESS_SECRET }}
AWS_REGION: "eu-central-1" # deploy:
SOURCE_DIR: "build" # runs-on: ubuntu-20.04
DEST_DIR: "techradar" # if: github.ref == 'refs/heads/main'
deploy-dev: # needs: build
runs-on: ubuntu-20.04 # environment:
if: github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository # name: techradar
needs: build # url: https://www.aoe.com/techradar/index.html
environment: # steps:
name: techradar-next # - name: Download Artifact
url: http://techradar-next.aoe.com.s3.eu-central-1.amazonaws.com/techradar/index.html # uses: actions/download-artifact@v3
steps: # with:
- run: echo "WARNING! THIS DEPLOYS A STAGING ENV, RERUN THIS JOB TO GET YOUR CHANGES DEPLOYED TO STAGING" # name: build
- name: Download Artifact # path: build
uses: actions/download-artifact@v3 # - uses: jakejarvis/s3-sync-action@master
with: # with:
name: build # args: --acl public-read
path: build # env:
- uses: jakejarvis/s3-sync-action@master # AWS_S3_BUCKET: "techradar.aoe.com"
with: # AWS_ACCESS_KEY_ID: ${{ secrets.ACCESS_KEY }}
args: --acl public-read # AWS_SECRET_ACCESS_KEY: ${{ secrets.ACCESS_SECRET }}
env: # AWS_REGION: "eu-central-1"
AWS_S3_BUCKET: "techradar-next.aoe.com" # SOURCE_DIR: "build"
AWS_ACCESS_KEY_ID: ${{ secrets.ACCESS_KEY }} # DEST_DIR: "techradar"
AWS_SECRET_ACCESS_KEY: ${{ secrets.ACCESS_SECRET }} #
AWS_REGION: "eu-central-1" # deploy-dev:
SOURCE_DIR: "build" # runs-on: ubuntu-20.04
DEST_DIR: "techradar" # if: github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository
# needs: build
# environment:
# name: techradar-next
# url: http://techradar-next.aoe.com.s3.eu-central-1.amazonaws.com/techradar/index.html
# steps:
# - run: echo "WARNING! THIS DEPLOYS A STAGING ENV, RERUN THIS JOB TO GET YOUR CHANGES DEPLOYED TO STAGING"
# - name: Download Artifact
# uses: actions/download-artifact@v3
# with:
# name: build
# path: build
# - uses: jakejarvis/s3-sync-action@master
# with:
# args: --acl public-read
# env:
# AWS_S3_BUCKET: "techradar-next.aoe.com"
# AWS_ACCESS_KEY_ID: ${{ secrets.ACCESS_KEY }}
# AWS_SECRET_ACCESS_KEY: ${{ secrets.ACCESS_SECRET }}
# AWS_REGION: "eu-central-1"
# SOURCE_DIR: "build"
# DEST_DIR: "techradar"