Skip to content
Publish Post Updates

ci: fix role assume #16

Sign in to view logs

ci: fix role assume

ci: fix role assume #16

Workflow file for this run

.github/workflows/publish-posts-updated-gcp.yml at 0600356
name: Publish Post Updates
on:
push:
paths:
- '**/*.mdx'
permissions:
id-token: write
contents: read
jobs:
publish:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Node.js
uses: actions/setup-node@v3
with:
node-version: 18
- name: Install dependencies
run: npm install gray-matter @google-cloud/pubsub
- name: Authenticate to AWS using OIDC
id: aws-auth
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{ secrets.AWS_REGION }}
role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
inline-session-policy: >-
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "SSMReadAccess",
"Effect": "Allow",
"Action": ["ssm:GetParameter"],
"Resource": "arn:aws:ssm:*:${{ secrets.AWS_ACCOUNT_ID }}:parameter/${{ secrets.GCP_TOPIC_PARAMETER_PATH }}/*"
}
]
}
- name: Fetch GCP Topic Name from SSM
id: fetch-topic-name
run: |
GCP_TOPIC_NAME=$(aws ssm get-parameter --name "${{ secrets.GCP_TOPIC_PARAMETER_PATH }}/GCP_TOPIC_NAME" --region ${{ secrets.AWS_REGION }} --query "Parameter.Value" --output text)
echo "GCP_TOPIC_NAME=$GCP_TOPIC_NAME" >> $GITHUB_ENV
- name: Authenticate to Google Cloud using OIDC
id: gcp-auth
uses: google-github-actions/auth@v2
with:
project_id: ${{ secrets.GCP_PROJECT_ID }}
workload_identity_provider: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }}
service_account: ${{ secrets.GCP_SERVICE_ACCOUNT_EMAIL }}
- name: Fetch full history
run: git fetch --prune --unshallow
- name: Set up environment
run: |
CHANGED_FILES=$(git diff --name-only HEAD~1 HEAD | tr '\n' ',')
echo "CHANGED_FILES=$CHANGED_FILES" >> $GITHUB_ENV
- name: Debug CHANGED_FILES
run: echo "Changed files ${{ env.CHANGED_FILES }}"
- name: Publish updates to GCP
env:
GCP_PROJECT_ID: ${{ secrets.GCP_PROJECT_ID }}
GCP_TOPIC_NAME: ${{ env.GCP_TOPIC_NAME }}
CHANGED_FILES: ${{ env.CHANGED_FILES }}
run: node github-actions-scripts/publish-post-update.js