Skip to content

Commit

Permalink
update configure-aws-credentials steps on actions job
Browse files Browse the repository at this point in the history
  • Loading branch information
YannMjl committed Apr 12, 2024
1 parent a1ece5a commit cf4783d
Show file tree
Hide file tree
Showing 2 changed files with 45 additions and 16 deletions.
35 changes: 27 additions & 8 deletions .github/workflows/deploy_to_aws_ecr.yml
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,17 @@ on:
branches: [ main ]
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
inputs:
region:
description: 'Project AWS Region'
required: true
default: 'us-east-1'
aws_account_id:
description: 'Project AWS Account ID'
required: true
role:
description: 'Github Integration IAM role'
required: true

# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
Expand All @@ -19,7 +30,7 @@ jobs:
runs-on: ubuntu-latest
strategy:
matrix:
node-version: [18.x]
node-version: [14.x, 18.x]

# Steps represent a sequence of tasks that will be executed as part of the job
steps:
Expand Down Expand Up @@ -48,26 +59,34 @@ jobs:
# run this job only if the app build and test successfully
needs: [build_test]

# Add "id-token" with the intended permissions.
permissions:
id-token: write
contents: read

steps:
- name: Checkout
uses: actions/checkout@v2

- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
- name: Configure AWS Credentials
id: creds
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-1
role-to-assume: arn:aws:iam::${{ github.event.inputs.aws_account_id }}:role/${{ github.event.inputs.role }}
# this is usefull when doing audit or reviewing
# all the sessions/accesses of this role
role-session-name: deployImagetoECR
aws-region: ${{ github.event.inputs.region}}

- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1
uses: aws-actions/amazon-ecr-login@v2

- name: Build, tag, and push the image to Amazon ECR
id: build-image
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
ECR_REPOSITORY: ${{ secrets.AWS_REPO_NAME }}
ECR_REPOSITORY: nodejs-demo
IMAGE_TAG: latest
run: |
docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
Expand Down
26 changes: 18 additions & 8 deletions .github/workflows/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -86,7 +86,7 @@ jobs:
run: |
echo "runing the docker image"
echo "Testing the nodejs app endpoints"
echo ${{ steps.docker_build.outputs.digest }}
deploy_to_heroku:
name: Deploy to Heroku
runs-on: ubuntu-latest
Expand All @@ -112,21 +112,31 @@ jobs:
runs-on: ubuntu-latest
# only deploy to GPC if and after deploying to Heroku successed
needs: [deploy_to_heroku]

# Add "id-token" with the intended permissions.
permissions:
contents: 'read'
id-token: 'write'

steps:
- name: checkout repo
uses: actions/checkout@v2

# Setup gcloud CLI
- name: setup gcloud CLI
uses: google-github-actions/setup-gcloud@master
uses: google-github-actions/auth@v2
with:
project_id: ${{ secrets.GCP_PROJECT }}
# this is the json key of the service account created on the project
service_account_key: ${{ secrets.GCP_CREDENTIALS }}
export_default_credentials: true

# makes sure you configure these and replace with the right value
workload_identity_provider: 'projects/123456789/locations/global/workloadIdentityPools/my-pool/providers/my-provider'
service_account: 'my-service-account@my-project.iam.gserviceaccount.com'

- name: Set up Cloud SDK
uses: google-github-actions/setup-gcloud@v2
with:
version: '>= 363.0.0'

# Deploy the app using kubernetes (deploy.yml)
- name: Deploy
- name: Use gcloud CLI to Deploy
# To run kubectl commands against a cluster created in Cloud Console,
# from another computer, or by another member of the project,
# you need to generate a kubeconfig entry in your environment.
Expand Down

0 comments on commit cf4783d

Please sign in to comment.