From 6c677c17f206dd9533d79831b098f261da754871 Mon Sep 17 00:00:00 2001 From: Ziyi Zhang Date: Mon, 9 Dec 2024 17:16:20 -0800 Subject: [PATCH] Use IAM role and update publish workflow --- .github/workflows/publish.yml | 16 ++++++------ script/deploy-canary-demo | 48 ++--------------------------------- 2 files changed, 10 insertions(+), 54 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 393dd2d122..ca821f058e 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -4,6 +4,9 @@ on: release: types: [published] +permissions: + id-token: write # This is required for requesting the JWT + jobs: publish: runs-on: ubuntu-latest @@ -33,15 +36,12 @@ jobs: NODE_AUTH_TOKEN: ${{ secrets.NPM_AUTH_TOKEN }} deploy_chime_prod_demo: needs: publish - name: Prod - Chime and ChimeSDKMeetings Client - Deploy the Serverless Meeting Demos + name: Deploy Meeting Demos with the latest NPM release runs-on: ubuntu-latest - strategy: - matrix: - name: [ ChimeProd, ChimeSDKMeetingsProdIAD, ChimeSDKMeetingsProdPDX, ChimeSDKMeetingsProdFRA, ChimeSDKMeetingsProdSIN, ChimeSDKMeetingsIAD_ChimeSDKMediaPipelinesProdIAD, Chime_ChimeSDKMediaPipelinesProdIAD ] env: AWS_DEFAULT_REGION: us-east-1 AWS_DEFAULT_OUTPUT: text - NAME: ${{ matrix.name }} + NAME: PROD steps: - name: Verify the npm version is available id: npm_version @@ -72,10 +72,10 @@ jobs: done shell: bash - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v1 + uses: aws-actions/configure-aws-credentials@v4 with: - aws-access-key-id: ${{ secrets.PROD_CANARY_AWS_ACCESS_KEY }} - aws-secret-access-key: ${{ secrets.PROD_CANARY_AWS_SECRET_ACCESS_KEY }} + role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME_CANARY_PROD }} + role-session-name: publish-demo-deployment aws-region: us-east-1 - name: Checkout Package uses: actions/checkout@v2 diff --git a/script/deploy-canary-demo b/script/deploy-canary-demo index 3c7a785104..55f1eba063 100755 --- a/script/deploy-canary-demo +++ b/script/deploy-canary-demo @@ -21,54 +21,10 @@ GAMMA) npm run deploy -- -b chime-sdk-meeting-readiness-checker-media-gamma$canarySuffix -s chime-sdk-meeting-readiness-checker-media-gamma$canarySuffix -a meetingReadinessChecker -m $GAMMA_CHIME_ENDPOINT_US_EAST_1 -t -l ;; -ChimeProd) - echo "Deploying to prod stage for canary that talks to prod Chime client for meetings and prod Chime client for media pipelines" - - # Uses Chime Client +PROD) + echo "Deploying to canary-prod with latest NPM release" npm run deploy -- -b chime-sdk-demo-prod-canary$canarySuffix -o chime-sdk-demo-prod-canary$canarySuffix -s chime-sdk-demo-prod-canary$canarySuffix -i eu-south-1 -t -l -p chime.amazonaws.com npm run deploy -- -b chime-sdk-meeting-readiness-checker-prod-canary$canarySuffix -s chime-sdk-meeting-readiness-checker-prod-canary$canarySuffix -a meetingReadinessChecker -t -l ;; -ChimeSDKMeetingsProdIAD) - echo "Deploying to prod stage for canary that talks to prod IAD ChimeSDKMeetings client for meetings and prod Chime client for media pipelines" - - # Uses ChimeSDKMeetings client - npm run deploy -- -r us-east-1 -b chime-sdk-meetings-demo-prod-canary-us-east-1$canarySuffix -o chime-sdk-meetings-iad-demo-prod-canary$canarySuffix -s chime-sdk-meetings-demo-prod-canary-us-east-1$canarySuffix -t -l -p chime.amazonaws.com - ;; - -ChimeSDKMeetingsIAD_ChimeSDKMediaPipelinesProdIAD) - echo "Deploying to prod stage for canary that talks to prod IAD ChimeSDKMeetings client for meetings and prod IAD ChimeSDKMediaPipelines client for media pipelines" - - # Uses ChimeSDKMeetings client - npm run deploy -- -r us-east-1 -b chime-sdk-meetings-$chimeSDKMediaPipelinesStackId-demo-prod-canary-us-east-1$canarySuffix -o chime-sdk-meetings-$chimeSDKMediaPipelinesStackId-iad-demo-prod-canary$canarySuffix -s chime-sdk-meetings-$chimeSDKMediaPipelinesStackId-demo-prod-canary-us-east-1$canarySuffix -t -l - ;; - -Chime_ChimeSDKMediaPipelinesProdIAD) - echo "Deploying to prod stage for canary that talks to prod Chime client for meetings and prod IAD ChimeSDKMediaPipelines client for media pipelines" - - # Uses ChimeSDKMeetings client - npm run deploy -- -r us-east-1 -b chime-sdk-$chimeSDKMediaPipelinesStackId-demo-prod-canary-us-east-1$canarySuffix -o chime-sdk-$chimeSDKMediaPipelinesStackId-iad-demo-prod-canary$canarySuffix -s chime-sdk-$chimeSDKMediaPipelinesStackId-demo-prod-canary-us-east-1$canarySuffix -t -l - ;; - -ChimeSDKMeetingsProdPDX) - echo "Deploying to prod stage for canary that talks to prod PDX ChimeSDKMeetings client and prod PDX ChimeSDKMediaPipelines client" - - # Uses ChimeSDKMeetings client - npm run deploy -- -r us-west-2 -b chime-sdk-meetings-demo-prod-canary-us-west-2$canarySuffix -o chime-sdk-meetings-$chimeSDKMediaPipelinesStackId-pdx-demo-prod-canary$canarySuffix -s chime-sdk-meetings-$chimeSDKMediaPipelinesStackId-demo-prod-canary-us-west-2$canarySuffix -t -l --chime-sdk-media-pipelines-region us-west-2 --chime-sdk-media-pipelines-endpoint https://media-pipelines-chime.us-west-2.amazonaws.com - ;; - -ChimeSDKMeetingsProdFRA) - echo "Deploying to prod stage for canary that talks to prod FRA ChimeSDKMeetings client and prod FRA ChimeSDKMediaPipelines client" - - # Uses ChimeSDKMeetings client - npm run deploy -- -r eu-central-1 -b chime-sdk-meetings-demo-prod-canary-eu-central-1$canarySuffix -o chime-sdk-meetings-$chimeSDKMediaPipelinesStackId-fra-demo-prod-canary$canarySuffix -s chime-sdk-meetings-$chimeSDKMediaPipelinesStackId-demo-prod-canary-eu-central-1$canarySuffix -t -l --chime-sdk-media-pipelines-region eu-central-1 --chime-sdk-media-pipelines-endpoint https://media-pipelines-chime.eu-central-1.amazonaws.com - ;; - -ChimeSDKMeetingsProdSIN) - echo "Deploying to prod stage for canary that talks to prod SIN ChimeSDKMeetings client and prod SIN ChimeSDKMediaPipelines client" - - # Uses ChimeSDKMeetings client - npm run deploy -- -r ap-southeast-1 -b chime-sdk-meetings-demo-prod-canary-ap-southeast-1$canarySuffix -o chime-sdk-meetings-$chimeSDKMediaPipelinesStackId-sin-demo-prod-canary$canarySuffix -s chime-sdk-meetings-$chimeSDKMediaPipelinesStackId-demo-prod-canary-ap-southeast-1$canarySuffix -t -l --chime-sdk-media-pipelines-region ap-southeast-1 --chime-sdk-media-pipelines-endpoint https://media-pipelines-chime.ap-southeast-1.amazonaws.com - ;; - esac