mirror of
https://github.com/Instadapp/trustwallet-assets.git
synced 2024-07-29 22:37:31 +00:00
Update s3_upload.yml (#18962)
assume deployment role instead of aws creds
This commit is contained in:
parent
150f52ef2c
commit
6c81b96f3b
74
.github/workflows/s3_upload.yml
vendored
74
.github/workflows/s3_upload.yml
vendored
|
@ -1,44 +1,52 @@
|
||||||
name: Upload S3
|
name: Upload S3
|
||||||
on:
|
on:
|
||||||
push:
|
push:
|
||||||
branches: [ master ]
|
branches:
|
||||||
|
- master
|
||||||
|
|
||||||
workflow_dispatch:
|
workflow_dispatch:
|
||||||
|
|
||||||
|
permissions:
|
||||||
|
id-token: write
|
||||||
|
|
||||||
|
env:
|
||||||
|
AWS_REGION: us-east-1
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
upload-s3:
|
upload-s3:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v2
|
- uses: actions/checkout@v2
|
||||||
|
|
||||||
- name: Upload (from main repo only)
|
|
||||||
if: github.repository_owner == 'trustwallet'
|
|
||||||
uses: jakejarvis/s3-sync-action@master
|
|
||||||
with:
|
|
||||||
args: --follow-symlinks --delete --exclude '*' --include 'dapps/*' --include 'blockchains/*' --include 'history/*' --size-only
|
|
||||||
env:
|
|
||||||
AWS_S3_BUCKET: ${{ secrets.AWS_S3_BUCKET }}
|
|
||||||
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
|
|
||||||
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
|
|
||||||
AWS_REGION: 'us-east-1'
|
|
||||||
|
|
||||||
- name: Get changed files
|
- name: Confiugre AWS credentials
|
||||||
uses: jitterbit/get-changed-files@v1
|
uses: aws-actions/configure-aws-credentials@v1
|
||||||
if: github.event_name == 'push'
|
with:
|
||||||
id: files
|
role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
|
||||||
|
aws-region: ${{ env.AWS_REGION }}
|
||||||
|
|
||||||
|
- name: Deploy to S3
|
||||||
|
if: github.repository_owner == 'trustwallet'
|
||||||
|
shell: bash
|
||||||
|
run: aws s3 sync . s3://$AWS_S3_BUCKET --follow-symlinks --delete --exclude '*' --include 'dapps/*' --include 'blockchains/*' --size-only
|
||||||
|
env:
|
||||||
|
AWS_S3_BUCKET: ${{ secrets.AWS_S3_BUCKET }}
|
||||||
|
|
||||||
|
- name: Get changed files
|
||||||
|
uses: jitterbit/get-changed-files@v1
|
||||||
|
if: github.event_name == 'push'
|
||||||
|
id: files
|
||||||
|
|
||||||
|
- name: Filter files to invalidate
|
||||||
|
run: |
|
||||||
|
echo "::set-output name=paths::$(echo ${{ steps.files.outputs.added_modified }} | tr ' ' '\n' | grep -E 'blockchains/|dapps/' | awk '{print "/"$1}' | tr '\n' ' ')"
|
||||||
|
if: github.event_name == 'push'
|
||||||
|
id: filter
|
||||||
|
|
||||||
|
- name: Invalidate CloudFront
|
||||||
|
if: github.repository_owner == 'trustwallet' && github.event_name == 'push' && steps.filter.outputs.paths != ''
|
||||||
|
uses: chetan/invalidate-cloudfront-action@v2
|
||||||
|
env:
|
||||||
|
PATHS: ${{ steps.filter.outputs.paths }}
|
||||||
|
DISTRIBUTION: ${{ secrets.AWS_DISTRIBUTION }}
|
||||||
|
|
||||||
- name: Filter files to invalidate
|
|
||||||
run: |
|
|
||||||
echo "::set-output name=paths::$(echo ${{ steps.files.outputs.added_modified }} | tr ' ' '\n' | grep -E 'blockchains/|dapps/' | awk '{print "/"$1}' | tr '\n' ' ')"
|
|
||||||
if: github.event_name == 'push'
|
|
||||||
id: filter
|
|
||||||
|
|
||||||
- name: Invalidate CloudFront
|
|
||||||
if: github.repository_owner == 'trustwallet' && github.event_name == 'push' && steps.filter.outputs.paths != ''
|
|
||||||
uses: chetan/invalidate-cloudfront-action@v2
|
|
||||||
env:
|
|
||||||
PATHS: ${{ steps.filter.outputs.paths }}
|
|
||||||
DISTRIBUTION: ${{ secrets.AWS_DISTRIBUTION }}
|
|
||||||
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
|
|
||||||
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
|
|
||||||
AWS_REGION: "us-east-1"
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user