-
Notifications
You must be signed in to change notification settings - Fork 11
68 lines (59 loc) · 2.05 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
name: AWS Auth + Welcome Email
on:
push:
branches:
- 'test_userpool_creation'
paths:
'**.json'
env:
AWS_ACCT_ID: ${{ secrets.AWS_ACCT_ID }}
AWS_REGION : 'us-west-2'
IAM_ROLE: ${{ secrets.ROLE_NAME }}
permissions:
id-token: write
contents: read
jobs:
changed_files:
runs-on: ubuntu-latest # windows-latest || macos-latest
name: Test changed-files
outputs:
config-file-name: ${{ steps.config-file-name.outputs.CONFIG_FILE}}
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0 # OR "2" -> To retrieve the preceding commit.
- name: Get changed files
id: get-changed-files
uses: tj-actions/changed-files@v40
# NOTE: `since_last_remote_commit: true` is implied by default and falls back to the previous local commit.
- name: List all changed files
id: config-file-name
run: |
for file in ${{ steps.get-changed-files.outputs.all_changed_files }}; do
if [[ "$file" == *nrel-op.json ]]; then
echo "The name of the config file is: ${file}."
echo "CONFIG_FILE=${file}" >> "$GITHUB_OUTPUT"
fi
done
AssumeRoleAndCallIdentity:
name: AWS Authentication + Sending Welcome Email
needs: changed_files
if: always()
runs-on: ubuntu-latest
steps:
- name: Git clone the repository
uses: actions/checkout@v3
- name: configure aws credentials
uses: aws-actions/[email protected]
with:
role-to-assume: arn:aws:iam::${{ env.AWS_ACCT_ID }}:role/${{ env.IAM_ROLE }}
role-session-name: GitHub_to_AWS_via_FederatedOIDC
aws-region: ${{ env.AWS_REGION }}
# Hello from AWS: WhoAmI
- name: Sts GetCallerIdentity
run: |
aws sts get-caller-identity --debug
- name: Install Boto3
run: pip install boto3
- name: Run email-config.py
run: python email_automation/email-config.py -g ${{ needs.changed_files.outputs.config-file-name }}