From cd1fe2d76ff7ca1657fc2278d864558511f8e297 Mon Sep 17 00:00:00 2001
From: vudiep411 <vdiep@amazon.com>
Date: Tue, 26 Nov 2024 15:39:15 -0800
Subject: [PATCH 1/4] Improve aws creds workflow

Signed-off-by: vudiep411 <vdiep@amazon.com>
---
 .github/workflows/build-release-packages.yml  | 15 ++++---
 .../call-build-linux-arm-packages.yml         | 39 ++++++++-----------
 .../call-build-linux-x86-packages.yml         | 39 ++++++++-----------
 3 files changed, 41 insertions(+), 52 deletions(-)

diff --git a/.github/workflows/build-release-packages.yml b/.github/workflows/build-release-packages.yml
index 094d82de08..3f8ed95972 100644
--- a/.github/workflows/build-release-packages.yml
+++ b/.github/workflows/build-release-packages.yml
@@ -11,6 +11,7 @@ on:
         required: true
 
 permissions:
+  id-token: write
   contents: read
 
 jobs:
@@ -67,11 +68,10 @@ jobs:
       version: ${{ needs.release-build-get-meta.outputs.version }}
       ref: ${{ inputs.version || github.ref_name }}
       build_matrix: ${{ needs.generate-build-matrix.outputs.x86_64-build-matrix }}
+      region: us-west-2
     secrets:
-      token: ${{ secrets.GITHUB_TOKEN }}
-      bucket: ${{ secrets.AWS_S3_BUCKET }}
-      access_key_id: ${{ secrets.AWS_S3_ACCESS_KEY_ID }}
-      secret_access_key: ${{ secrets.AWS_S3_ACCESS_KEY }}
+      bucket_name: ${{ secrets.AWS_S3_BUCKET }}
+      role_to_assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
 
   release-build-linux-arm-packages:
     needs:
@@ -82,8 +82,7 @@ jobs:
       version: ${{ needs.release-build-get-meta.outputs.version }}
       ref: ${{ inputs.version || github.ref_name }}
       build_matrix: ${{ needs.generate-build-matrix.outputs.arm64-build-matrix }}
+      region: us-west-2
     secrets:
-      token: ${{ secrets.GITHUB_TOKEN }}
-      bucket: ${{ secrets.AWS_S3_BUCKET }}
-      access_key_id: ${{ secrets.AWS_S3_ACCESS_KEY_ID }}
-      secret_access_key: ${{ secrets.AWS_S3_ACCESS_KEY }}
+      bucket_name: ${{ secrets.AWS_S3_BUCKET }}
+      role_to_assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
diff --git a/.github/workflows/call-build-linux-arm-packages.yml b/.github/workflows/call-build-linux-arm-packages.yml
index 2a7bcc533f..65445a83c8 100644
--- a/.github/workflows/call-build-linux-arm-packages.yml
+++ b/.github/workflows/call-build-linux-arm-packages.yml
@@ -15,21 +15,20 @@ on:
         description: The build targets to produce as a JSON matrix.
         type: string
         required: true
+      region:
+        description: The AWS region to push packages into.
+        type: string
+        required: true
     secrets:
-      token:
-        description: The Github token or similar to authenticate with.
+      bucket_name:
+        description: The S3 bucket to push packages into.
+        required: true
+      role_to_assume:
+        description: The role to assume for the S3 bucket.
         required: true
-      bucket:
-        description: The name of the S3 bucket to push packages into.
-        required: false
-      access_key_id:
-        description: The S3 access key id for the bucket.
-        required: false
-      secret_access_key:
-        description: The S3 secret access key for the bucket.
-        required: false
 
 permissions:
+  id-token: write
   contents: read
 
 jobs:
@@ -46,6 +45,12 @@ jobs:
         with:
           ref: ${{ inputs.version }}
 
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-region: ${{ inputs.region }}
+          role-to-assume: ${{ secrets.role_to_assume }}
+
       - name: Make Valkey
         uses: uraimo/run-on-arch-action@v2
         with:
@@ -65,15 +70,5 @@ jobs:
           mkdir -p packages-files
           cp -rfv $TAR_FILE_NAME.tar* packages-files/
 
-      - name: Install AWS cli.
-        run: |
-          sudo apt-get install -y awscli
-
-      - name: Configure AWS credentials
-        run: |
-          aws configure set region us-west-2
-          aws configure set aws_access_key_id ${{ secrets.access_key_id }}
-          aws configure set aws_secret_access_key ${{ secrets.secret_access_key }}
-
       - name: Sync to S3
-        run: aws s3 sync packages-files s3://${{secrets.bucket}}/releases/
+        run: aws s3 sync packages-files s3://${{ secrets.bucket_name }}/releases/
diff --git a/.github/workflows/call-build-linux-x86-packages.yml b/.github/workflows/call-build-linux-x86-packages.yml
index 9e438fa61a..a603c53c13 100644
--- a/.github/workflows/call-build-linux-x86-packages.yml
+++ b/.github/workflows/call-build-linux-x86-packages.yml
@@ -15,21 +15,20 @@ on:
         description: The build targets to produce as a JSON matrix.
         type: string
         required: true
+      region:
+        description: The AWS region to upload the packages to.
+        type: string
+        required: true
     secrets:
-      token:
-        description: The Github token or similar to authenticate with.
+      bucket_name:
+        description: The name of the S3 bucket to upload the packages to.
+        required: true
+      role_to_assume:
+        description: The role to assume for the S3 bucket.
         required: true
-      bucket:
-        description: The name of the S3 bucket to push packages into.
-        required: false
-      access_key_id:
-        description: The S3 access key id for the bucket.
-        required: false
-      secret_access_key:
-        description: The S3 secret access key for the bucket.
-        required: false
 
 permissions:
+  id-token: write
   contents: read
 
 jobs:
@@ -46,6 +45,12 @@ jobs:
         with:
           ref: ${{ inputs.version }}
 
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-region: ${{ inputs.region }}
+          role-to-assume: ${{ secrets.role_to_assume }}
+
       - name: Install dependencies
         run: sudo apt-get update && sudo apt-get install -y build-essential libssl-dev libsystemd-dev
 
@@ -63,15 +68,5 @@ jobs:
           mkdir -p packages-files
           cp -rfv $TAR_FILE_NAME.tar* packages-files/
 
-      - name: Install AWS cli.
-        run: |
-          sudo apt-get install -y awscli
-
-      - name: Configure AWS credentials
-        run: |
-          aws configure set region us-west-2
-          aws configure set aws_access_key_id ${{ secrets.access_key_id }}
-          aws configure set aws_secret_access_key ${{ secrets.secret_access_key }}
-
       - name: Sync to S3
-        run: aws s3 sync packages-files s3://${{secrets.bucket}}/releases/
+        run: aws s3 sync packages-files s3://${{ secrets.bucket_name }}/releases/

From f250577ed85f7da800475a870d569b7ea39e93ec Mon Sep 17 00:00:00 2001
From: vudiep411 <vudiep411@gmail.com>
Date: Sun, 1 Dec 2024 17:21:56 -0800
Subject: [PATCH 2/4] test

Signed-off-by: vudiep411 <vudiep411@gmail.com>
---
 .../workflows/trigger-valkey-container.yml    | 24 +++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 .github/workflows/trigger-valkey-container.yml

diff --git a/.github/workflows/trigger-valkey-container.yml b/.github/workflows/trigger-valkey-container.yml
new file mode 100644
index 0000000000..780b668e06
--- /dev/null
+++ b/.github/workflows/trigger-valkey-container.yml
@@ -0,0 +1,24 @@
+name: Trigger Docker build
+
+on:
+  workflow_call: 
+    inputs:
+      version:
+        description: The version of Valkey to create.
+        type: string
+        required: true
+    secrets:
+      token:
+        description: The Github token or similar to authenticate with.
+        required: true
+jobs:
+  trigger:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Trigger build
+        uses: peter-evans/repository-dispatch@v3
+        with:
+          token: ${{ secrets.token }}
+          repository: Autxmaton/valkey-container
+          event-type: build-release
+          client-payload: '{"version": "${{ inputs.version }}"}'

From c1610039380b49e6ce3094597a523681cbc863df Mon Sep 17 00:00:00 2001
From: vudiep411 <vudiep411@gmail.com>
Date: Sun, 1 Dec 2024 17:22:34 -0800
Subject: [PATCH 3/4] test

Signed-off-by: vudiep411 <vudiep411@gmail.com>
---
 .github/workflows/build-release-packages.yml | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/.github/workflows/build-release-packages.yml b/.github/workflows/build-release-packages.yml
index 094d82de08..4139b27396 100644
--- a/.github/workflows/build-release-packages.yml
+++ b/.github/workflows/build-release-packages.yml
@@ -87,3 +87,13 @@ jobs:
       bucket: ${{ secrets.AWS_S3_BUCKET }}
       access_key_id: ${{ secrets.AWS_S3_ACCESS_KEY_ID }}
       secret_access_key: ${{ secrets.AWS_S3_ACCESS_KEY }}
+
+  trigger-docker-build:
+    needs:
+      - release-build-get-meta
+    uses: ./.github/workflows/trigger-valkey-container.yml
+    with:
+      version: ${{ needs.release-build-get-meta.outputs.version }}
+    secrets:
+      token: ${{ secrets.PAT_TOKEN }}
+    

From bf002dc8c1b48c4dc75c454f378c62e31d75f0a4 Mon Sep 17 00:00:00 2001
From: vudiep411 <vudiep411@gmail.com>
Date: Sun, 1 Dec 2024 17:37:29 -0800
Subject: [PATCH 4/4] Only run trigger docker job

Signed-off-by: vudiep411 <vudiep411@gmail.com>
---
 .github/workflows/build-release-packages.yml | 56 ++++++++++----------
 1 file changed, 28 insertions(+), 28 deletions(-)

diff --git a/.github/workflows/build-release-packages.yml b/.github/workflows/build-release-packages.yml
index 4139b27396..67b5c697a0 100644
--- a/.github/workflows/build-release-packages.yml
+++ b/.github/workflows/build-release-packages.yml
@@ -58,35 +58,35 @@ jobs:
         with:
           ref: ${{ inputs.version || github.ref_name }}
 
-  release-build-linux-x86-packages:
-    needs:
-      - release-build-get-meta
-      - generate-build-matrix
-    uses: ./.github/workflows/call-build-linux-x86-packages.yml
-    with:
-      version: ${{ needs.release-build-get-meta.outputs.version }}
-      ref: ${{ inputs.version || github.ref_name }}
-      build_matrix: ${{ needs.generate-build-matrix.outputs.x86_64-build-matrix }}
-    secrets:
-      token: ${{ secrets.GITHUB_TOKEN }}
-      bucket: ${{ secrets.AWS_S3_BUCKET }}
-      access_key_id: ${{ secrets.AWS_S3_ACCESS_KEY_ID }}
-      secret_access_key: ${{ secrets.AWS_S3_ACCESS_KEY }}
+  # release-build-linux-x86-packages:
+  #   needs:
+  #     - release-build-get-meta
+  #     - generate-build-matrix
+  #   uses: ./.github/workflows/call-build-linux-x86-packages.yml
+  #   with:
+  #     version: ${{ needs.release-build-get-meta.outputs.version }}
+  #     ref: ${{ inputs.version || github.ref_name }}
+  #     build_matrix: ${{ needs.generate-build-matrix.outputs.x86_64-build-matrix }}
+  #   secrets:
+  #     token: ${{ secrets.GITHUB_TOKEN }}
+  #     bucket: ${{ secrets.AWS_S3_BUCKET }}
+  #     access_key_id: ${{ secrets.AWS_S3_ACCESS_KEY_ID }}
+  #     secret_access_key: ${{ secrets.AWS_S3_ACCESS_KEY }}
 
-  release-build-linux-arm-packages:
-    needs:
-      - release-build-get-meta
-      - generate-build-matrix
-    uses: ./.github/workflows/call-build-linux-arm-packages.yml
-    with:
-      version: ${{ needs.release-build-get-meta.outputs.version }}
-      ref: ${{ inputs.version || github.ref_name }}
-      build_matrix: ${{ needs.generate-build-matrix.outputs.arm64-build-matrix }}
-    secrets:
-      token: ${{ secrets.GITHUB_TOKEN }}
-      bucket: ${{ secrets.AWS_S3_BUCKET }}
-      access_key_id: ${{ secrets.AWS_S3_ACCESS_KEY_ID }}
-      secret_access_key: ${{ secrets.AWS_S3_ACCESS_KEY }}
+  # release-build-linux-arm-packages:
+  #   needs:
+  #     - release-build-get-meta
+  #     - generate-build-matrix
+  #   uses: ./.github/workflows/call-build-linux-arm-packages.yml
+  #   with:
+  #     version: ${{ needs.release-build-get-meta.outputs.version }}
+  #     ref: ${{ inputs.version || github.ref_name }}
+  #     build_matrix: ${{ needs.generate-build-matrix.outputs.arm64-build-matrix }}
+  #   secrets:
+  #     token: ${{ secrets.GITHUB_TOKEN }}
+  #     bucket: ${{ secrets.AWS_S3_BUCKET }}
+  #     access_key_id: ${{ secrets.AWS_S3_ACCESS_KEY_ID }}
+  #     secret_access_key: ${{ secrets.AWS_S3_ACCESS_KEY }}
 
   trigger-docker-build:
     needs: