Skip to content

Commit

Permalink
Update GitHub Actions workflow to configure AWS credentials (#129)
Browse files Browse the repository at this point in the history
* Update GitHub Actions workflow to configure AWS credentials

* Configure AWS credentials in GitHub Actions workflows
  • Loading branch information
andersy005 authored Nov 21, 2024
1 parent c3d5470 commit 95f0ed5
Show file tree
Hide file tree
Showing 3 changed files with 29 additions and 6 deletions.
9 changes: 7 additions & 2 deletions .github/workflows/fly.yml
Original file line number Diff line number Diff line change
Expand Up @@ -20,8 +20,7 @@ concurrency:

env:
FLY_API_TOKEN: ${{ secrets.FLY_API_TOKEN }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: us-west-2
OFFSETS_DB_API_KEY_STAGING: ${{ secrets.OFFSETS_DB_API_KEY_STAGING }}
OFFSETS_DB_API_KEY_PRODUCTION: ${{ secrets.OFFSETS_DB_API_KEY_PRODUCTION }}
PRODUCTION_URL: 'https://offsets-db.fly.dev/docs'
Expand All @@ -39,6 +38,12 @@ jobs:
if: ${{ (contains(github.event.pull_request.labels.*.name, 'api') && github.event_name == 'pull_request') || (github.event_name == 'push' && github.ref == 'refs/heads/main') || github.event_name == 'workflow_dispatch'}}
steps:
- uses: actions/checkout@v4
- name: configure aws credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws:iam::631969445205:role/github-action-role
role-session-name: offsets-db-fly-role-session
aws-region: ${{ env.AWS_DEFAULT_REGION }}
- name: Get Current time in UTC in format YYYY-MM-DD HH:MM
if: always()
id: time
Expand Down
13 changes: 11 additions & 2 deletions .github/workflows/main.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -15,13 +15,15 @@ concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true

permissions:
id-token: write # This is required for requesting the JWT
contents: read # This is required for actions/checkout

env:
OFFSETS_DB_DATABASE_URL: postgres://postgres_user:postgres_password@localhost:5432/postgres_db
OFFSETS_DB_STAGING: true
OFFSETS_DB_API_KEY: cowsay

AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: us-west-2

jobs:
Expand Down Expand Up @@ -53,6 +55,13 @@ jobs:
steps:
- uses: actions/checkout@v4

- name: configure aws credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws:iam::631969445205:role/github-action-role
role-session-name: offsets-db-ci-role-session
aws-region: ${{ env.AWS_DEFAULT_REGION }}

- name: set up conda environment
uses: mamba-org/setup-micromamba@v2
with:
Expand Down
13 changes: 11 additions & 2 deletions .github/workflows/update-db.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -13,8 +13,6 @@ on:
- cron: '45 6 * * *' # 6:45am UTC every day

env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: us-west-2
OFFSETS_DB_API_KEY_STAGING: ${{ secrets.OFFSETS_DB_API_KEY_STAGING }}
OFFSETS_DB_API_KEY_PRODUCTION: ${{ secrets.OFFSETS_DB_API_KEY_PRODUCTION }}
Expand All @@ -23,12 +21,23 @@ concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true

permissions:
id-token: write # This is required for requesting the JWT
contents: read # This is required for actions/checkout

jobs:
seed-db:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4

- name: configure aws credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws:iam::631969445205:role/github-action-role
role-session-name: offsets-db-update-role-session
aws-region: ${{ env.AWS_DEFAULT_REGION }}

- name: Get Current time in UTC in format YYYY-MM-DD HH:MM
if: always()
id: time
Expand Down

0 comments on commit 95f0ed5

Please sign in to comment.