aws-actions/configure-aws-credentials
1
0
Fork 0
mirror of synced 2026-06-05 12:58:19 +00:00
Code Issues Projects Releases Packages Wiki Activity

chore: update workflows

Browse source
This commit is contained in:
peterwoodworth 2023-08-18 17:12:47 -07:00
commit 4403e8d882
No known key found for this signature in database
GPG key ID: 01931412FD685922
7 changed files with 34 additions and 274 deletions
Download patch file Download diff file Expand all files Collapse all files

74
.github/workflows/build.yml vendored
View file

@ -1,74 +0,0 @@
name: build
on:
pull_request: {}
workflow_dispatch: {}
jobs:
build:
runs-on: ubuntu-latest
permissions:
contents: write
outputs:
self_mutation_happened: ${{ steps.self_mutation.outputs.self_mutation_happened }}
env:
CI: "true"
steps:
- name: Checkout
uses: actions/checkout@v3
with:
ref: ${{ github.event.pull_request.head.ref }}
repository: ${{ github.event.pull_request.head.repo.full_name }}
- name: Setup Node.js
uses: actions/setup-node@v3
with:
node-version: 14.0.0
- name: Install dependencies
run: npm install
- name: build
run: scripts/run-task build
- name: Find mutations
id: self_mutation
run: |-
git add .
git diff --staged --patch --exit-code > .repo.patch || echo "::set-output name=self_mutation_happened::true"
- name: Upload patch
if: steps.self_mutation.outputs.self_mutation_happened
uses: actions/upload-artifact@v2
with:
name: .repo.patch
path: .repo.patch
- name: Fail build on mutation
if: steps.self_mutation.outputs.self_mutation_happened
run: |-
echo "::error::Files were changed during build (see build log). If this was triggered from a fork, you will need to update your branch."
cat .repo.patch
exit 1
self-mutation:
needs: build
runs-on: ubuntu-latest
permissions:
contents: write
if: always() && needs.build.outputs.self_mutation_happened && !(github.event.pull_request.head.repo.full_name != github.repository)
steps:
- name: Checkout
uses: actions/checkout@v3
with:
token: ${{ secrets.PROJEN_GITHUB_TOKEN }}
ref: ${{ github.event.pull_request.head.ref }}
repository: ${{ github.event.pull_request.head.repo.full_name }}
- name: Download patch
uses: actions/download-artifact@v3
with:
name: .repo.patch
path: ${{ runner.temp }}
- name: Apply patch
run: '[ -s ${{ runner.temp }}/.repo.patch ] && git apply ${{ runner.temp }}/.repo.patch || echo "Empty patch. Skipping."'
- name: Set git identity
run: |-
git config user.name "github-actions"
git config user.email "github-actions@github.com"
- name: Push changes
run: |2-
git add .
git commit -s -m "chore: self mutation"
git push origin HEAD:${{ github.event.pull_request.head.ref }}

27
.github/workflows/codeql-analysis.yml vendored
View file

@ -1,27 +0,0 @@
name: "CodeQL"
on:
push:
branches: [main]
pull_request:
branches: [main]
schedule:
- cron: '0 0 * * 2'
jobs:
analyze:
name: Analyze
runs-on: ubuntu-latest
permissions:
security-events: write
strategy:
fail-fast: false
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Initalize CodeQL
uses: github/codeql-actions/init@v2
- name: Autobuild
uses: github/codeql-action/autobuild@v2
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2

37
.github/workflows/package.yml vendored
View file

@ -1,10 +1,9 @@
name: Update dist files on target branch
name: Update dist files on main branch
on:
push:
branches:
- main
- v1-node16
paths-ignore:
- 'dist/**'
@ -16,8 +15,19 @@ jobs:
id-token: write
contents: read
steps:
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0
ref: ${{ github.ref_name }}
persist-credentials: false
- name: Package
run: |
npm ci
npm test
npm run package
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1-node16
uses: aws-actions/configure-aws-credentials@v3
with:
aws-region: us-west-2
role-to-assume: ${{ secrets.SECRETS_AWS_ROLE_TO_ASSUME }}
@ -29,21 +39,12 @@ jobs:
parse-json-secrets: true
secret-ids: |
OSDS,arn:aws:secretsmanager:us-west-2:294535624312:secret:github-aws-sdk-osds-automation-ZHNalp
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0
ref: ${{ github.ref_name }}
token: ${{ env.OSDS_ACCESS_TOKEN }}
- name: Package
run: |
npm ci
npm test
npm run package
- name: Commit
run: |
echo "::add-mask::${{ env.OSDS_ACCESS_TOKEN }}}"
git config --global user.name "GitHub Actions"
git add dist/
echo "::add-mask::${{ env.OSDS_ACCESS_TOKEN }}"
git config user.name "GitHub Actions"
git config user.email "github-aws-sdk-osds-automation@amazon.com"
git remote set-url origin https://${{ env.OSDS_ACCESS_TOKEN }}@github.com/aws-actions/configure-aws-credentials.git
git add dist
git commit -m "chore: Update dist" || echo "No changes to commit"
git push https://${{ env.OSDS_ACCESS_TOKEN }}@github.com/aws-actions/configure-aws-credentials.git
git push origin

81
.github/workflows/release.yml vendored
View file

@ -1,81 +0,0 @@
name: Update release tags
on:
workflow_dispatch:
inputs:
v1:
description: 'Update v1 release tag to the tip of the selected branch'
required: false
type: boolean
v1-versioned:
description: 'Push a new release semantic versioned tag to the selected branch'
required: false
type: boolean
jobs:
v1:
name: Update v1 release tag
if: ${{ v1 }}
timeout-minutes: 15
steps:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1-node16
with:
aws-region: us-west-2
role-to-assume: ${{ secrets.SECRETS_AWS_ROLE_TO_ASSUME }}
role-session-name: SecretsManagerFetch
role-duration-seconds: 900
- name: Get bot user token
uses: aws-actions/aws-secretsmanager-get-secrets@v1
with:
parse-json-secrets: true
secret-ids: |
OSDS,arn:aws:secretsmanager:us-west-2:294535624312:secret:github-aws-sdk-osds-automation-ZHNalp
- name: Checkout repository
uses: actions/checkout@v3
with:
fetch-depth: 0
ref: ${{ github.ref_name }}
token: ${{ env.OSDS_ACCESS_TOKEN }}
- name: Push tag
run: |
echo "::add-mask::${{ env.OSDS_ACCESS_TOKEN }}"
git config --global user.name "GitHub Actions"
git tag -f -a v1 -m "Update v1 to ${{ github.sha }}"
git push https://${{ env.OSDS_ACCESS_TOKEN }}@github.com/aws-actions/configure-aws-credentials.git -f --tags
v1-versioned:
description: 'Push a new semantic version tag'
if: ${{ v1-versioned }}
timeout-minutes: 15
steps:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1-node16
with:
aws-region: us-west-2
role-to-assume: ${{ secrets.SECRETS_AWS_ROLE_TO_ASSUME }}
role-session-name: SecretsManagerFetch
role-duration-seconds: 900
- name: Get bot user token
uses: aws-actions/aws-secretsmanager-get-secrets@v1
with:
parse-json-secrets: true
secret-ids: |
OSDS,arn:aws:secretsmanager:us-west-2:294535624312:secret:github-aws-sdk-osds-automation-ZHNalp
- name: Checkout repository
uses: actions/checkout@v3
with:
fetch-depth: 0
ref: ${{ github.ref_name }}
token: ${{ env.OSDS_ACCESS_TOKEN }}
- name: Get new semantic version
id: semver
uses: paulhatch/semantic-version@v4.0.2
with:
tag_prefix: 'v'
major_pattern: '!'
- name: Push semantic tag
run: |
echo "::add-mask::${{ env.OSDS_ACCESS_TOKEN }}"
git config --global user.name "GitHub Actions"
git tag -f -a ${{ steps.semver.version_tag }} -m "New ${{ steps.semver.version_tag }} release"
git push https://${{ env.OSDS_ACCESS_TOKEN }}@github.com/aws-actions/configure-aws-credentials.git -f --tags

35
.github/workflows/development.yml → .github/workflows/tests-integ.yml vendored
View file

@ -66,38 +66,3 @@ jobs:
aws-region: us-west-2
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
lint:
name: Ensure code standards
runs-on: ubuntu-latest
timeout-minutes: 5
steps:
- name: "Checkout repostiory"
uses: actions/checkout@v3
- name: "Setup node"
uses: actions/setup-node@v3
with:
node-version: 16
- name: "Install dependencies"
uses: bahmutov/npm-install@v1
- name: "Lint code"
run: npm run lint --if-present
unit-test:
strategy:
fail-fast: false
matrix:
os: [windows-latest, ubuntu-latest, macos-latest]
node: [14, 16, 18]
name: Run unit tests
runs-on: ${{ matrix.os }}
timeout-minutes: 5
steps:
- name: "Checkout repository"
uses: actions/checkout@v3
- name: "Setup node"
uses: actions/setup-node@v3
with:
node-version: ${{ matrix.node }}
- name: "Install dependencies"
uses: bahmutov/npm-install@v1
- name: "Run tests"
run: npm run test --if-present

15
.github/workflows/unit-tests.yml → .github/workflows/tests-unit.yml vendored
View file

@ -24,3 +24,18 @@ jobs:
uses: bahmutov/npm-install@v1
- name: "Run tests"
run: npm run test --if-present
lint:
name: Ensure code standards
runs-on: ubuntu-latest
timeout-minutes: 5
steps:
- name: "Checkout repostiory"
uses: actions/checkout@v3
- name: "Setup node"
uses: actions/setup-node@v3
with:
node-version: 16
- name: "Install dependencies"
uses: bahmutov/npm-install@v1
- name: "Lint code"
run: npm run lint --if-present

39
.github/workflows/v1-node16.yml vendored
View file

@ -1,39 +0,0 @@
on:
push:
branches:
- main
paths-ignore:
- 'dist/**'
name: Update v1-node16 branch with changes from main
jobs:
v1-node16-update:
name: Update v1-node16
runs-on: ubuntu-latest
steps:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1-node16
with:
aws-region: us-west-2
role-to-assume: ${{ secrets.SECRETS_AWS_ROLE_TO_ASSUME }}
role-duration-seconds: 900
role-session-name: SecretsManagerFetch
- name: Get bot user token
uses: aws-actions/aws-secretsmanager-get-secrets@v1
with:
parse-json-secrets: true
secret-ids: |
OSDS,arn:aws:secretsmanager:us-west-2:294535624312:secret:github-aws-sdk-osds-automation-ZHNalp
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0
ref: ${{ github.ref_name }}
token: ${{ env.OSDS_ACCESS_TOKEN }}
- name: Merge commit and push
run: |
echo "::add-mask::${{ env.OSDS_ACCESS_TOKEN }}}"
git config --global user.name "GitHub Actions"
git merge --no-ff -m "Merge branch main into v1-node16"
git push https://${{ env.OSDS_ACCESS_TOKEN }}@github.com/aws-actions/configure-aws-credentials.git