.github/workflows/oidc-sync.yml #6
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| on: | |
| workflow_dispatch: | |
| jobs: | |
| deploy: | |
| name: Upload to Amazon S3 | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write | |
| contents: read | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v2 | |
| - name: get role name | |
| env: | |
| ROLE_NAME: ${GITHUB_REPOSITORY#*/}-repo | |
| run: | | |
| echo ROLE_NAME=${ROLE_NAME} | |
| - name: Install modules | |
| run: npm install | |
| # TODO - cache the install? | |
| - name: check out role ARN | |
| run: | | |
| ARN=arn:aws:iam::510094580976:role/${ROLE_NAME} | |
| echo ARN=${ARN} | |
| - name: Configure web-sync AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v3 | |
| with: | |
| audience: sts.amazonaws.com.cn | |
| role-to-assume: arn:aws:iam::510094580976:role/${ROLE_NAME} | |
| aws-region: us-west-2 | |
| - name: get context | |
| run: | | |
| echo ROLE_NAME=${ROLE_NAME} | |
| DISTRIBUTION_ID=$(aws iam list-role-tags --role-name $ROLE_NAME --query "Tags[?Key=='$distributionID'].Value" --output text) | |
| BUCKET_NAME=$(aws iam list-role-tags --role-name $ROLE_NAME --query "Tags[?Key=='$bucketName'].Value" --output text) | |
| echo ROLE_NAME=${ROLE_NAME} | |
| echo DISTRIBUTION_ID=${DISTRIBUTION_ID} | |
| echo BUCKET_NAME=${BUCKET_NAME} | |
| # - name: Build content | |
| # run: npm run build | |
| # - name: Copy docs dir to S3 bucket with the AWS CLI | |
| # run: aws s3 sync docs/ s3://${BUCKET_NAME}/ | |
| # - name: Invalidate CloudFront cache | |
| # run: aws cloudfront create-invalidation --distribution-id ${DISTRIBUTION_ID} --paths "/*" |