Skip to content

Commit

Permalink
update workflows to use new github oidc connection
Browse files Browse the repository at this point in the history
  • Loading branch information
@ppittle
ppittle committed Nov 15, 2024
1 parent 1f96918 commit 899f777
Show file tree
Hide file tree
Showing 23 changed files with 104 additions and 93 deletions.
8 changes: 4 additions & 4 deletions .github/actions/sam-build-and-deploy-containers/action.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,11 +36,11 @@ runs:
- uses: aws-actions/setup-sam@v2
with:
use-installer: true
- uses: aws-actions/configure-aws-credentials@v1
- uses: aws-actions/configure-aws-credentials@v2
with:
aws-access-key-id: ${{ inputs.aws-access-key }}
aws-secret-access-key: ${{ inputs.aws-secret-key }}
aws-region: ${{ inputs.aws-region }}
role-to-assume: ${{ secrets.AWS_SAM_DEPLOYMENT_ROLE }}
role-session-name: GitHub_to_AWS_via_FederatedOIDC
aws-region: ${{ secrets.AWS_REGION }}

# Build and deploy x86
- run: sam build -t ${{ inputs.template-file-path }} --parameter-overrides LambdaArchitecture=${{ inputs.architecture }} --parallel --cached
Expand Down
8 changes: 4 additions & 4 deletions .github/actions/sam-build-and-deploy-native-arm/action.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,11 +37,11 @@ runs:
- uses: aws-actions/setup-sam@v2
with:
use-installer: false # use-installer Currently supports Linux x86-64 runners. https://github.com/aws-actions/setup-sam?tab=readme-ov-file#inputs
- uses: aws-actions/configure-aws-credentials@v1
- uses: aws-actions/configure-aws-credentials@v2
with:
aws-access-key-id: ${{ inputs.aws-access-key }}
aws-secret-access-key: ${{ inputs.aws-secret-key }}
aws-region: ${{ inputs.aws-region }}
role-to-assume: ${{ secrets.AWS_SAM_DEPLOYMENT_ROLE }}
role-session-name: GitHub_to_AWS_via_FederatedOIDC
aws-region: ${{ secrets.AWS_REGION }}

# Build and deploy ARM
# Because native apps are built in a container, and SAM CLI doesn't know how to mount extra things outside the project directory to the container, move this file manually
Expand Down
8 changes: 4 additions & 4 deletions .github/actions/sam-build-and-deploy-native/action.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,11 +36,11 @@ runs:
- uses: aws-actions/setup-sam@v2
with:
use-installer: true
- uses: aws-actions/configure-aws-credentials@v1
- uses: aws-actions/configure-aws-credentials@v2
with:
aws-access-key-id: ${{ inputs.aws-access-key }}
aws-secret-access-key: ${{ inputs.aws-secret-key }}
aws-region: ${{ inputs.aws-region }}
role-to-assume: ${{ secrets.AWS_SAM_DEPLOYMENT_ROLE }}
role-session-name: GitHub_to_AWS_via_FederatedOIDC
aws-region: ${{ secrets.AWS_REGION }}

# Build and deploy x86
# Because native apps are built in a container, and SAM CLI doesn't know how to mount extra things outside the project directory to the container, move this file manually
Expand Down
8 changes: 4 additions & 4 deletions .github/actions/sam-build-and-deploy/action.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,11 +33,11 @@ runs:
- uses: aws-actions/setup-sam@v2
with:
use-installer: true
- uses: aws-actions/configure-aws-credentials@v1
- uses: aws-actions/configure-aws-credentials@v2
with:
aws-access-key-id: ${{ inputs.aws-access-key }}
aws-secret-access-key: ${{ inputs.aws-secret-key }}
aws-region: ${{ inputs.aws-region }}
role-to-assume: ${{ secrets.AWS_SAM_DEPLOYMENT_ROLE }}
role-session-name: GitHub_to_AWS_via_FederatedOIDC
aws-region: ${{ secrets.AWS_REGION }}

# Build and deploy ARM
- run: sam build -t ${{ inputs.template-file-path }} --parameter-overrides LambdaArchitecture=arm64
Expand Down
9 changes: 5 additions & 4 deletions .github/workflows/metrics-lambda-pipeline.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,9 @@
name: Metrics Lambda

permissions:
id-token: write
contents: read

on:
workflow_dispatch:
push:
Expand All @@ -15,10 +19,7 @@ jobs:
- uses: actions/checkout@v2
- name: Build and Deploy
uses: ./.github/actions/sam-build-and-deploy
with:
aws-access-key: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.AWS_REGION }}
with:
dotnet-version: '8.x'
template-file-path: ./metrics/template.yaml
stack-name: metrics-lambda
Expand Down
7 changes: 4 additions & 3 deletions .github/workflows/net-31-otel-pipelinE.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,9 @@
name: NET 31 OTEL

permissions:
id-token: write
contents: read

on:
workflow_dispatch:
push:
Expand All @@ -16,9 +20,6 @@ jobs:
- name: Build and Deploy
uses: ./.github/actions/sam-build-and-deploy
with:
aws-access-key: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.AWS_REGION }}
dotnet-version: '3.1.x'
template-file-path: ./src/NET31-OTel/template.yaml
stack-name: net-31-otel
Expand Down
7 changes: 4 additions & 3 deletions .github/workflows/net-31-pipeline.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,9 @@
name: NET 31

permissions:
id-token: write
contents: read

on:
workflow_dispatch:
push:
Expand All @@ -16,9 +20,6 @@ jobs:
- name: Build and Deploy
uses: ./.github/actions/sam-build-and-deploy
with:
aws-access-key: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.AWS_REGION }}
dotnet-version: '3.1.x'
template-file-path: ./src/NET31/template.yaml
stack-name: net-31-base
Expand Down
9 changes: 5 additions & 4 deletions .github/workflows/net-6-containers-pipeline.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,9 @@
name: NET 6 Containers

permissions:
id-token: write
contents: read

on:
workflow_dispatch:
push:
Expand All @@ -16,10 +20,7 @@ jobs:
- uses: actions/checkout@v2
- name: Build and Deploy
uses: ./.github/actions/sam-build-and-deploy-containers
with:
aws-access-key: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.AWS_REGION }}
with:
dotnet-version: '6.x'
template-file-path: ./src/NET6Containers/template.yaml
stack-name: net-6-containers-x86-64
Expand Down
9 changes: 5 additions & 4 deletions .github/workflows/net-6-custumRuntime-pipeline-canary.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,9 @@
name: NET 6 Custom Runtime Canary

permissions:
id-token: write
contents: read

on:
workflow_dispatch:
schedule:
Expand All @@ -14,10 +18,7 @@ jobs:
- uses: actions/checkout@v2
- name: Build and Deploy
uses: ./.github/actions/sam-build-and-deploy-native
with:
aws-access-key: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.AWS_REGION }}
with:
dotnet-version: '6.x'
template-file-path: ./src/NET6CustomRuntime/template.yaml
project-directory: ./src/NET6CustomRuntime/
Expand Down
9 changes: 5 additions & 4 deletions .github/workflows/net-6-minimal-api.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,9 @@
name: NET 6 Mimimal

permissions:
id-token: write
contents: read

on:
workflow_dispatch:
push:
Expand All @@ -15,10 +19,7 @@ jobs:
- uses: actions/checkout@v2
- name: Build and Deploy
uses: ./.github/actions/sam-build-and-deploy
with:
aws-access-key: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.AWS_REGION }}
with:
dotnet-version: '6.x'
template-file-path: ./src/MinimalAPI/template.yaml
stack-name: net-6-minimal
Expand Down
9 changes: 5 additions & 4 deletions .github/workflows/net-6-pipeline-canary.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,9 @@
name: NET 6 Canary

permissions:
id-token: write
contents: read

on:
workflow_dispatch:
schedule:
Expand All @@ -14,10 +18,7 @@ jobs:
- uses: actions/checkout@v2
- name: Build and Deploy
uses: ./.github/actions/sam-build-and-deploy
with:
aws-access-key: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.AWS_REGION }}
with:
dotnet-version: '6.x'
template-file-path: ./src/NET6/template.yaml
stack-name: net-6-base
Expand Down
17 changes: 9 additions & 8 deletions .github/workflows/net-6-pipeline.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,9 @@
name: NET 6

permissions:
id-token: write
contents: read

on:
workflow_dispatch:
push:
Expand All @@ -21,10 +25,7 @@ jobs:
uses: actions/checkout@v2
- name: Build and Deploy
uses: ./.github/actions/sam-build-and-deploy
with:
aws-access-key: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.AWS_REGION }}
with:
dotnet-version: '6.x'
template-file-path: ./src/NET6/template.yaml
stack-name: net-6-base
Expand All @@ -37,7 +38,7 @@ jobs:
- name: configure aws credentials
uses: aws-actions/configure-aws-credentials@v2
with:
role-to-assume: ${{ secrets.AWS_ROLE }}
role-to-assume: ${{ secrets.AWS_LOAD_TEST_RUNNER_ROLE }}
role-session-name: GitHub_to_AWS_via_FederatedOIDC
aws-region: ${{ secrets.AWS_REGION }}
- name: checkoutRepo
Expand All @@ -54,7 +55,7 @@ jobs:
- name: configure aws credentials
uses: aws-actions/configure-aws-credentials@v2
with:
role-to-assume: ${{ secrets.AWS_ROLE }}
role-to-assume: ${{ secrets.AWS_LOAD_TEST_RUNNER_ROLE }}
role-session-name: GitHub_to_AWS_via_FederatedOIDC
aws-region: ${{ secrets.AWS_REGION }}
- name: checkoutRepo
Expand All @@ -71,7 +72,7 @@ jobs:
- name: configure aws credentials
uses: aws-actions/configure-aws-credentials@v2
with:
role-to-assume: ${{ secrets.AWS_ROLE }}
role-to-assume: ${{ secrets.AWS_LOAD_TEST_RUNNER_ROLE }}
role-session-name: GitHub_to_AWS_via_FederatedOIDC
aws-region: ${{ secrets.AWS_REGION }}
- name: checkoutRepo
Expand All @@ -89,7 +90,7 @@ jobs:
- name: configure aws credentials
uses: aws-actions/configure-aws-credentials@v2
with:
role-to-assume: ${{ secrets.AWS_ROLE }}
role-to-assume: ${{ secrets.AWS_LOAD_TEST_RUNNER_ROLE }}
role-session-name: GitHub_to_AWS_via_FederatedOIDC
aws-region: ${{ secrets.AWS_REGION }}
- name: checkoutRepo
Expand Down
5 changes: 1 addition & 4 deletions .github/workflows/net-6-top-level-statements.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,10 +15,7 @@ jobs:
- uses: actions/checkout@v2
- name: Build and Deploy
uses: ./.github/actions/sam-build-and-deploy
with:
aws-access-key: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.AWS_REGION }}
with:
dotnet-version: '6.x'
template-file-path: ./src/NET6TopLevelStatements/template.yaml
stack-name: net-6-top-level
Expand Down
9 changes: 5 additions & 4 deletions .github/workflows/net-6-with-power-tools.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,9 @@
name: NET 6 with PowerTools

permissions:
id-token: write
contents: read

on:
workflow_dispatch:
push:
Expand All @@ -15,10 +19,7 @@ jobs:
- uses: actions/checkout@v2
- name: Build and Deploy
uses: ./.github/actions/sam-build-and-deploy
with:
aws-access-key: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.AWS_REGION }}
with:
dotnet-version: '6.x'
template-file-path: ./src/NET6WithPowerTools/template.yaml
stack-name: net-6-power-tools
Expand Down
7 changes: 4 additions & 3 deletions .github/workflows/net-7-native-aot-canary.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,9 @@
name: NET 7 NativeAOT Canary

permissions:
id-token: write
contents: read

on:
workflow_dispatch:
schedule:
Expand All @@ -15,9 +19,6 @@ jobs:
- name: Build and Deploy
uses: ./.github/actions/sam-build-and-deploy-native
with:
aws-access-key: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.AWS_REGION }}
dotnet-version: '7.x'
template-file-path: ./src/NET7Native/template.yaml
project-directory: ./src/NET7Native/
Expand Down
7 changes: 4 additions & 3 deletions .github/workflows/net-7-native-aot-pipeline.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,9 @@
name: NET 7 NativeAOT

permissions:
id-token: write
contents: read

on:
workflow_dispatch:
push:
Expand All @@ -16,9 +20,6 @@ jobs:
- name: Build and Deploy
uses: ./.github/actions/sam-build-and-deploy-native
with:
aws-access-key: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.AWS_REGION }}
dotnet-version: '7.x'
template-file-path: ./src/NET7Native/template.yaml
project-directory: ./src/NET7Native/
Expand Down
7 changes: 4 additions & 3 deletions .github/workflows/net-7-pipeline-canary.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,9 @@
name: NET 7 Canary

permissions:
id-token: write
contents: read

on:
workflow_dispatch:
schedule:
Expand All @@ -15,9 +19,6 @@ jobs:
- name: Build and Deploy
uses: ./.github/actions/sam-build-and-deploy-native
with:
aws-access-key: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.AWS_REGION }}
dotnet-version: '7.x'
template-file-path: ./src/NET7/template.yaml
project-directory: ./src/NET7/
Expand Down
7 changes: 4 additions & 3 deletions .github/workflows/net-7-pipeline.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,9 @@
name: NET 7

permissions:
id-token: write
contents: read

on:
workflow_dispatch:
push:
Expand All @@ -16,9 +20,6 @@ jobs:
- name: Build and Deploy
uses: ./.github/actions/sam-build-and-deploy-native
with:
aws-access-key: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.AWS_REGION }}
dotnet-version: '7.x'
template-file-path: ./src/NET7/template.yaml
project-directory: ./src/NET7/
Expand Down
Loading

0 comments on commit 899f777

Please sign in to comment.