mirror of
https://github.com/Instadapp/trustwallet-assets.git
synced 2024-07-29 22:37:31 +00:00
Update s3_upload.yml (#18962)
assume deployment role instead of aws creds
This commit is contained in:
parent
150f52ef2c
commit
6c81b96f3b
74
.github/workflows/s3_upload.yml
vendored
74
.github/workflows/s3_upload.yml
vendored
|
@ -1,44 +1,52 @@
|
|||
name: Upload S3
|
||||
on:
|
||||
push:
|
||||
branches: [ master ]
|
||||
|
||||
branches:
|
||||
- master
|
||||
|
||||
workflow_dispatch:
|
||||
|
||||
permissions:
|
||||
id-token: write
|
||||
|
||||
env:
|
||||
AWS_REGION: us-east-1
|
||||
|
||||
jobs:
|
||||
upload-s3:
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
|
||||
- name: Upload (from main repo only)
|
||||
if: github.repository_owner == 'trustwallet'
|
||||
uses: jakejarvis/s3-sync-action@master
|
||||
with:
|
||||
args: --follow-symlinks --delete --exclude '*' --include 'dapps/*' --include 'blockchains/*' --include 'history/*' --size-only
|
||||
env:
|
||||
AWS_S3_BUCKET: ${{ secrets.AWS_S3_BUCKET }}
|
||||
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
|
||||
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
|
||||
AWS_REGION: 'us-east-1'
|
||||
- uses: actions/checkout@v2
|
||||
|
||||
- name: Get changed files
|
||||
uses: jitterbit/get-changed-files@v1
|
||||
if: github.event_name == 'push'
|
||||
id: files
|
||||
- name: Confiugre AWS credentials
|
||||
uses: aws-actions/configure-aws-credentials@v1
|
||||
with:
|
||||
role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
|
||||
aws-region: ${{ env.AWS_REGION }}
|
||||
|
||||
- name: Deploy to S3
|
||||
if: github.repository_owner == 'trustwallet'
|
||||
shell: bash
|
||||
run: aws s3 sync . s3://$AWS_S3_BUCKET --follow-symlinks --delete --exclude '*' --include 'dapps/*' --include 'blockchains/*' --size-only
|
||||
env:
|
||||
AWS_S3_BUCKET: ${{ secrets.AWS_S3_BUCKET }}
|
||||
|
||||
- name: Get changed files
|
||||
uses: jitterbit/get-changed-files@v1
|
||||
if: github.event_name == 'push'
|
||||
id: files
|
||||
|
||||
- name: Filter files to invalidate
|
||||
run: |
|
||||
echo "::set-output name=paths::$(echo ${{ steps.files.outputs.added_modified }} | tr ' ' '\n' | grep -E 'blockchains/|dapps/' | awk '{print "/"$1}' | tr '\n' ' ')"
|
||||
if: github.event_name == 'push'
|
||||
id: filter
|
||||
|
||||
- name: Invalidate CloudFront
|
||||
if: github.repository_owner == 'trustwallet' && github.event_name == 'push' && steps.filter.outputs.paths != ''
|
||||
uses: chetan/invalidate-cloudfront-action@v2
|
||||
env:
|
||||
PATHS: ${{ steps.filter.outputs.paths }}
|
||||
DISTRIBUTION: ${{ secrets.AWS_DISTRIBUTION }}
|
||||
|
||||
- name: Filter files to invalidate
|
||||
run: |
|
||||
echo "::set-output name=paths::$(echo ${{ steps.files.outputs.added_modified }} | tr ' ' '\n' | grep -E 'blockchains/|dapps/' | awk '{print "/"$1}' | tr '\n' ' ')"
|
||||
if: github.event_name == 'push'
|
||||
id: filter
|
||||
|
||||
- name: Invalidate CloudFront
|
||||
if: github.repository_owner == 'trustwallet' && github.event_name == 'push' && steps.filter.outputs.paths != ''
|
||||
uses: chetan/invalidate-cloudfront-action@v2
|
||||
env:
|
||||
PATHS: ${{ steps.filter.outputs.paths }}
|
||||
DISTRIBUTION: ${{ secrets.AWS_DISTRIBUTION }}
|
||||
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
|
||||
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
|
||||
AWS_REGION: "us-east-1"
|
||||
|
|
Loading…
Reference in New Issue
Block a user