Instadapp/trustwallet-assets
1
0
Fork 0
mirror of https://github.com/Instadapp/trustwallet-assets.git synced 2024-07-29 22:37:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update s3_upload.yml (#18962)

Browse Source 
assume deployment role instead of aws creds
This commit is contained in:
Dmytro 2022-03-14 19:14:41 +02:00 committed by GitHub
parent 150f52ef2c
commit 6c81b96f3b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 41 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

68
.github/workflows/s3_upload.yml vendored
View File

@ -1,44 +1,52 @@
name: Upload S3 name: Upload S3
on: on:
push: push:
branches: [ master ] branches:
- master
workflow_dispatch: workflow_dispatch:
permissions:
id-token: write
env:
AWS_REGION: us-east-1
jobs: jobs:
upload-s3: upload-s3:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v2 - uses: actions/checkout@v2
- name: Upload (from main repo only) - name: Confiugre AWS credentials
if: github.repository_owner == 'trustwallet' uses: aws-actions/configure-aws-credentials@v1
uses: jakejarvis/s3-sync-action@master with:
with: role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
args: --follow-symlinks --delete --exclude '*' --include 'dapps/*' --include 'blockchains/*' --include 'history/*' --size-only aws-region: ${{ env.AWS_REGION }}
env:
AWS_S3_BUCKET: ${{ secrets.AWS_S3_BUCKET }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_REGION: 'us-east-1'
- name: Get changed files - name: Deploy to S3
uses: jitterbit/get-changed-files@v1 if: github.repository_owner == 'trustwallet'
if: github.event_name == 'push' shell: bash
id: files run: aws s3 sync . s3://$AWS_S3_BUCKET --follow-symlinks --delete --exclude '*' --include 'dapps/*' --include 'blockchains/*' --size-only
env:
AWS_S3_BUCKET: ${{ secrets.AWS_S3_BUCKET }}
- name: Filter files to invalidate - name: Get changed files
run: | uses: jitterbit/get-changed-files@v1
echo "::set-output name=paths::$(echo ${{ steps.files.outputs.added_modified }} | tr ' ' '\n' | grep -E 'blockchains/|dapps/' | awk '{print "/"$1}' | tr '\n' ' ')" if: github.event_name == 'push'
if: github.event_name == 'push' id: files
id: filter
- name: Filter files to invalidate
run: |
echo "::set-output name=paths::$(echo ${{ steps.files.outputs.added_modified }} | tr ' ' '\n' | grep -E 'blockchains/|dapps/' | awk '{print "/"$1}' | tr '\n' ' ')"
if: github.event_name == 'push'
id: filter
- name: Invalidate CloudFront
if: github.repository_owner == 'trustwallet' && github.event_name == 'push' && steps.filter.outputs.paths != ''
uses: chetan/invalidate-cloudfront-action@v2
env:
PATHS: ${{ steps.filter.outputs.paths }}
DISTRIBUTION: ${{ secrets.AWS_DISTRIBUTION }}
- name: Invalidate CloudFront
if: github.repository_owner == 'trustwallet' && github.event_name == 'push' && steps.filter.outputs.paths != ''
uses: chetan/invalidate-cloudfront-action@v2
env:
PATHS: ${{ steps.filter.outputs.paths }}
DISTRIBUTION: ${{ secrets.AWS_DISTRIBUTION }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_REGION: "us-east-1"