Skip to content

Commit

Permalink
chore: change user based to role based
Browse files Browse the repository at this point in the history
  • Loading branch information
@jbamlee
jbamlee committed Aug 30, 2024
1 parent 732766f commit 1c40d56
Show file tree
Hide file tree
Showing 2 changed files with 35 additions and 26 deletions.
29 changes: 17 additions & 12 deletions .github/workflows/api.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,10 @@ env:
CUBE_TASK_DEFINITION: cube-dezswap-api
CUBE_CONTAINER_NAME: cube-dezswap-api

permissions:
id-token: write
contents: read

jobs:
check_paths:
runs-on: ubuntu-latest
Expand Down Expand Up @@ -63,15 +67,15 @@ jobs:
uses: actions/checkout@v3

- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1.7.0
uses: aws-actions/configure-aws-credentials@v3
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
role-session-name: terraswap-service-deploy
aws-region: ${{ env.AWS_REGION }}

- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1.5.1
uses: aws-actions/amazon-ecr-login@v2

- name: Test, build, tag, and push image to Amazon ECR
id: build-image
Expand Down Expand Up @@ -107,15 +111,16 @@ jobs:
environment: production
steps:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1.7.0
uses: aws-actions/configure-aws-credentials@v3
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
role-session-name: terraswap-service-deploy
aws-region: ${{ env.AWS_REGION }}


- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1.5.1
uses: aws-actions/amazon-ecr-login@v2

- name: Download Task Definition
id: download-task-definition
Expand Down Expand Up @@ -146,15 +151,15 @@ jobs:
environment: production
steps:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1.7.0
uses: aws-actions/configure-aws-credentials@v3
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
role-session-name: terraswap-service-deploy
aws-region: ${{ env.AWS_REGION }}

- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1.5.1
uses: aws-actions/amazon-ecr-login@v2

- name: Download Task Definition
id: download-task-definition
Expand Down
32 changes: 18 additions & 14 deletions .github/workflows/indexer.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,10 @@ env:
CUBE_TASK_DEFINITION: cube-dezswap-api-indexer
CUBE_CONTAINER_NAME: cube-dezswap-api-indexer

permissions:
id-token: write
contents: read

jobs:
check_paths:
runs-on: ubuntu-latest
Expand Down Expand Up @@ -63,15 +67,15 @@ jobs:
uses: actions/checkout@v3

- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1.7.0
uses: aws-actions/configure-aws-credentials@v3
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
role-session-name: terraswap-service-deploy
aws-region: ${{ env.AWS_REGION }}

- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1.5.1
uses: aws-actions/amazon-ecr-login@v2

- name: Test, build, tag, and push image to Amazon ECR
id: build-image
Expand Down Expand Up @@ -107,15 +111,15 @@ jobs:
environment: production
steps:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1.7.0
uses: aws-actions/configure-aws-credentials@v3
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
role-session-name: terraswap-service-deploy
aws-region: ${{ env.AWS_REGION }}

- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1.5.1
uses: aws-actions/amazon-ecr-login@v2

- name: Download Task Definition
id: download-task-definition
Expand All @@ -125,14 +129,14 @@ jobs:
- name: Fill in the new image ID in the Amazon ECS task definition
id: task-def
uses: aws-actions/amazon-ecs-render-task-definition@v1.1.3
uses: aws-actions/amazon-ecs-render-task-definition@v1.5.1
with:
task-definition: ./${{ env.DIMENSION_TASK_DEFINITION }}.json
container-name: ${{ env.DIMENSION_CONTAINER_NAME }}
image: ${{ steps.login-ecr.outputs.registry }}/${{ env.ECR_REPOSITORY}}:${{ needs.build.outputs.dimension-tag }}

- name: Deploy Amazon ECS task definition
uses: aws-actions/amazon-ecs-deploy-task-definition@v1.4.11
uses: aws-actions/amazon-ecs-deploy-task-definition@v2
with:
task-definition: ${{ steps.task-def.outputs.task-definition }}
service: ${{ env.DIMENSION_ECS_SERVICE }}
Expand All @@ -146,15 +150,15 @@ jobs:
environment: production
steps:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1.7.0
uses: aws-actions/configure-aws-credentials@v3
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
role-session-name: terraswap-service-deploy
aws-region: ${{ env.AWS_REGION }}

- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1.5.1
uses: aws-actions/amazon-ecr-login@v2

- name: Download Task Definition
id: download-task-definition
Expand Down

0 comments on commit 1c40d56

Please sign in to comment.