From 23cdf4a622cd7c4f35f350c68bc4e8d0cdb46995 Mon Sep 17 00:00:00 2001 From: Al Berez Date: Thu, 4 Apr 2024 00:37:32 -0700 Subject: [PATCH] Switch from repo secrets to vars - cleanup --- .../workflows/release-build-sign-upload.yml | 20 ++++++------- .github/workflows/release-update-repos.yml | 28 ++++++++----------- 2 files changed, 20 insertions(+), 28 deletions(-) diff --git a/.github/workflows/release-build-sign-upload.yml b/.github/workflows/release-build-sign-upload.yml index 911a1348a32..2fab1812f64 100644 --- a/.github/workflows/release-build-sign-upload.yml +++ b/.github/workflows/release-build-sign-upload.yml @@ -52,7 +52,7 @@ jobs: runs-on: ubuntu-latest outputs: - aws-s3-bucket: "v${{ steps.parse-semver.outputs.version-major }}-cf-cli-releases" + aws-s3-bucket: "v${{ steps.parse-semver.outputs.version-major }}-cf-cli-releases" version-build: ${{ steps.parse-semver.outputs.version-build }} version-major: ${{ steps.parse-semver.outputs.version-major }} @@ -730,8 +730,8 @@ jobs: actions: read contents: read env: - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_REGION: ${{ secrets.AWS_REGION }} + AWS_ACCESS_KEY_ID: ${{ vars.AWS_ACCESS_KEY_ID }} + AWS_REGION: ${{ vars.AWS_REGION }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} AWS_S3_BUCKET: ${{ needs.setup.outputs.aws-s3-bucket }} VERSION_BUILD: ${{ needs.setup.outputs.version-build }} @@ -836,17 +836,13 @@ jobs: - name: Setup aws to upload installers to CLAW S3 bucket uses: aws-actions/configure-aws-credentials@v4 - env: - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - AWS_S3_ROLE_ARN: ${{ secrets.AWS_S3_ROLE_ARN }} with: - aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }} - aws-region: us-west-1 - role-to-assume: ${{ env.AWS_S3_ROLE_ARN }} + aws-access-key-id: ${{ vars.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: ${{ vars.AWS_REGION }} + role-to-assume: ${{ vars.AWS_S3_ROLE_ARN }} role-skip-session-tagging: true - role-duration-seconds: 1200 + role-duration-seconds: 1200 - name: Upload installers to CLAW S3 bucket run: aws s3 sync upload "s3://v${VERSION_MAJOR}-cf-cli-releases/releases/v${VERSION_BUILD}/" diff --git a/.github/workflows/release-update-repos.yml b/.github/workflows/release-update-repos.yml index 40db98ec335..e6ca40c2e24 100644 --- a/.github/workflows/release-update-repos.yml +++ b/.github/workflows/release-update-repos.yml @@ -290,13 +290,13 @@ jobs: - name: Update Debian Repository env: - DEBIAN_FRONTEND: noninteractive - SIGNING_KEY_GPG_ID: ${{ secrets.SIGNING_KEY_GPG_ID }} - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_BUCKET_NAME: cf-cli-debian-repo - AWS_DEFAULT_REGION: us-west-2 + DEBIAN_FRONTEND: noninteractive + SIGNING_KEY_GPG_ID: ${{ secrets.SIGNING_KEY_GPG_ID }} + AWS_ACCESS_KEY_ID: ${{ vars.AWS_ACCESS_KEY_ID }} + AWS_BUCKET_NAME: cf-cli-debian-repo + AWS_DEFAULT_REGION: us-west-2 AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - AWS_S3_ROLE_ARN: ${{ secrets.AWS_S3_ROLE_ARN }} + AWS_S3_ROLE_ARN: ${{ vars.AWS_S3_ROLE_ARN }} run: | export $(printf "AWS_ACCESS_KEY_ID=%s AWS_SECRET_ACCESS_KEY=%s AWS_SESSION_TOKEN=%s" $(aws sts assume-role --role-arn ${AWS_S3_ROLE_ARN} --role-session-name foobar --output text --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]")) deb-s3 upload installers/*.deb \ @@ -359,7 +359,7 @@ jobs: # TODO: fix backup # - name: Download current RPM repodata # env: - # AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} + # AWS_ACCESS_KEY_ID: ${{ vars.AWS_ACCESS_KEY_ID }} # AWS_DEFAULT_REGION: us-east-1 # AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} # uses: docker://amazon/aws-cli:latest @@ -393,17 +393,13 @@ jobs: - name: Setup aws to upload installers to CLAW S3 bucket uses: aws-actions/configure-aws-credentials@v4 - env: - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - AWS_S3_ROLE_ARN: ${{ secrets.AWS_S3_ROLE_ARN }} with: - aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }} - aws-region: us-west-1 - role-to-assume: ${{ env.AWS_S3_ROLE_ARN }} + aws-access-key-id: ${{ vars.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: ${{ vars.AWS_REGION }} + role-to-assume: ${{ vars.AWS_S3_ROLE_ARN }} role-skip-session-tagging: true - role-duration-seconds: 1200 + role-duration-seconds: 1200 - name: Download V8 RPMs run: aws s3 sync --exclude "*" --include "releases/*/*installer*.rpm" s3://v8-cf-cli-releases .