Update s3_upload.yml (#18962)

assume deployment role instead of aws creds
This commit is contained in:
Dmytro 2022-03-14 19:14:41 +02:00 committed by GitHub
parent 150f52ef2c
commit 6c81b96f3b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -1,44 +1,52 @@
name: Upload S3
on:
push:
branches: [ master ]
branches:
- master
workflow_dispatch:
permissions:
id-token: write
env:
AWS_REGION: us-east-1
jobs:
upload-s3:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Upload (from main repo only)
if: github.repository_owner == 'trustwallet'
uses: jakejarvis/s3-sync-action@master
with:
args: --follow-symlinks --delete --exclude '*' --include 'dapps/*' --include 'blockchains/*' --include 'history/*' --size-only
env:
AWS_S3_BUCKET: ${{ secrets.AWS_S3_BUCKET }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_REGION: 'us-east-1'
- uses: actions/checkout@v2
- name: Get changed files
uses: jitterbit/get-changed-files@v1
if: github.event_name == 'push'
id: files
- name: Confiugre AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
aws-region: ${{ env.AWS_REGION }}
- name: Deploy to S3
if: github.repository_owner == 'trustwallet'
shell: bash
run: aws s3 sync . s3://$AWS_S3_BUCKET --follow-symlinks --delete --exclude '*' --include 'dapps/*' --include 'blockchains/*' --size-only
env:
AWS_S3_BUCKET: ${{ secrets.AWS_S3_BUCKET }}
- name: Get changed files
uses: jitterbit/get-changed-files@v1
if: github.event_name == 'push'
id: files
- name: Filter files to invalidate
run: |
echo "::set-output name=paths::$(echo ${{ steps.files.outputs.added_modified }} | tr ' ' '\n' | grep -E 'blockchains/|dapps/' | awk '{print "/"$1}' | tr '\n' ' ')"
if: github.event_name == 'push'
id: filter
- name: Invalidate CloudFront
if: github.repository_owner == 'trustwallet' && github.event_name == 'push' && steps.filter.outputs.paths != ''
uses: chetan/invalidate-cloudfront-action@v2
env:
PATHS: ${{ steps.filter.outputs.paths }}
DISTRIBUTION: ${{ secrets.AWS_DISTRIBUTION }}
- name: Filter files to invalidate
run: |
echo "::set-output name=paths::$(echo ${{ steps.files.outputs.added_modified }} | tr ' ' '\n' | grep -E 'blockchains/|dapps/' | awk '{print "/"$1}' | tr '\n' ' ')"
if: github.event_name == 'push'
id: filter
- name: Invalidate CloudFront
if: github.repository_owner == 'trustwallet' && github.event_name == 'push' && steps.filter.outputs.paths != ''
uses: chetan/invalidate-cloudfront-action@v2
env:
PATHS: ${{ steps.filter.outputs.paths }}
DISTRIBUTION: ${{ secrets.AWS_DISTRIBUTION }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_REGION: "us-east-1"