diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index c3ae532537..eabadfbf19 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -33,6 +33,11 @@ jobs: target: aarch64-unknown-linux-gnu runner: linux-arm64-c-2xlarge + # requirement for vault-action + permissions: + contents: read + id-token: write + steps: - name: Checkout repository uses: actions/checkout@v4 @@ -90,3 +95,27 @@ jobs: with: name: nox-${{ matrix.arch }} path: target/${{ matrix.target }}/${{ steps.profile.outputs.profile }}/nox + + - name: Import secrets + uses: hashicorp/vault-action@v3.0.0 + with: + url: https://vault.fluence.dev + path: jwt/github + role: ci + method: jwt + jwtGithubAudience: "https://github.com/fluencelabs" + jwtTtl: 300 + secrets: | + kv/ci/fluence-artifacts id | AWS_ACCESS_KEY_ID ; + kv/ci/fluence-artifacts secret | AWS_SECRET_ACCESS_KEY + + - name: Rename nox binary + run: | + mkdir -p s3 + cp target/${{ matrix.target }}/${{ steps.profile.outputs.profile }}/nox s3/nox-${{ matrix.arch }} + + - name: Upload nox snapshot to s3 + env: + AWS_REGION: eu-west-1 + BRANCH: ${{ github.head_ref }} + run: aws s3 cp s3/nox-${{ matrix.arch }} s3://fluence-artifacts/nox/snapshots/${{ env.BRANCH }}/ --acl public-read diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 0868554905..6f161de064 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -121,10 +121,7 @@ jobs: ./docker/nox_SHA256_SUMS tag_name: ${{ inputs.tag }} - - name: Upload nox binary to s3 - uses: osiegmar/s3-publisher-action@v1 - with: - bucket: fluence-artifacts - dir: ./docker - prefix: nox/${{ inputs.version }} - include: nox-* + - name: Upload nox binaries to s3 + env: + AWS_REGION: eu-west-1 + run: aws s3 sync docker/ s3://fluence-artifacts/nox/${{ inputs.version }}/ --acl public-read --exact-timestamps --delete --include "nox*"