ci: fix role assume, ssm parameter

leo-the-nardo · Dec 5, 2024 · d1e43d1 · d1e43d1
1 parent cde0280
commit d1e43d1
Show file tree

Hide file tree

Showing 4 changed files with 32 additions and 7 deletions.
diff --git a/.github/workflows/publish-posts-updated-gcp.yml b/.github/workflows/publish-posts-updated-gcp.yml
@@ -25,8 +25,33 @@ jobs:
       - name: Install dependencies
         run: npm install gray-matter @google-cloud/pubsub
 
-      - name: Authenticate to Google Cloud
-        id: auth
+      - name: Authenticate to AWS using OIDC
+        id: aws-auth
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-region: ${{ secrets.AWS_REGION }}
+          role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
+          # inline-session-policy: >-
+          #   {
+          #     "Version": "2012-10-17",
+          #     "Statement": [
+          #       {
+          #         "Sid": "SSMReadAccess",
+          #         "Effect": "Allow",
+          #         "Action": "ssm:GetParameter",
+          #         "Resource": "arn:aws:ssm:*:${{ secrets.AWS_ACCOUNT_ID }}:parameter/${{ secrets.GCP_TOPIC_PARAMETER_PATH }}"
+          #       }
+          #     ]
+          #   }
+
+      - name: Fetch GCP Topic Name from SSM
+        id: fetch-topic-name
+        run: |
+          GCP_TOPIC_NAME=$(aws ssm get-parameter --name "${{ secrets.GCP_TOPIC_PARAMETER_PATH }}" --region ${{ secrets.AWS_REGION }} --query "Parameter.Value" --output text)
+          echo "GCP_TOPIC_NAME=$GCP_TOPIC_NAME" >> $GITHUB_ENV
+
+      - name: Authenticate to Google Cloud using OIDC
+        id: gcp-auth
         uses: google-github-actions/auth@v2
         with:
           project_id: ${{ secrets.GCP_PROJECT_ID }}
@@ -47,6 +72,6 @@ jobs:
       - name: Publish updates to GCP
         env:
           GCP_PROJECT_ID: ${{ secrets.GCP_PROJECT_ID }}
-          GCP_TOPIC_NAME: ${{ secrets.GCP_TOPIC_NAME }}
+          GCP_TOPIC_NAME: ${{ env.GCP_TOPIC_NAME }}
           CHANGED_FILES: ${{ env.CHANGED_FILES }}
-        run: node github-actions-scripts/publish-post-update.js
+        run: node github-actions-scripts/publish-post-update.js
diff --git a/content/code-blocks.mdx b/content/code-blocks.mdx
@@ -2,7 +2,7 @@
 title: Lets see what we can do with rehype pretty code
 description: Syntax highlighting, line numbers, line highlights, word highlights
 date: 2024-03-04
-tags: ["code", "rehype pretty", "mdx"]
+tags: ["code", "rehype pretty", "mdx", "kubernetes"]
 published: true
 ---
 

diff --git a/content/prop-drilling.mdx b/content/prop-drilling.mdx
@@ -6,7 +6,7 @@ tags: ["code", "react", "props"]
 published: true
 ---
 
-# Prop Drilling: The Horror Movie
+# Prop Drilling: The Horror Movie testing
 
 In the shadowy depths of a complex React application, a horror story unfolds. Components, innocent and unsuspecting, find themselves ensnared in a terrifying ordeal known as prop drilling. This tale of suspense and survival will take you through the darkest corridors of React development.
 

diff --git a/content/react-debug-magic.mdx b/content/react-debug-magic.mdx
@@ -12,7 +12,7 @@ In the mystical land of React, where components render and state changes abound,
 
 ## The Spell for Revealing Hidden Bugs
 
-Hidden bugs are like invisible sprites, causing mischief unseen. Use this spell to reveal them:
+Hidden bugs are testing like invisible sprites, causing mischief unseen. Use this spell to reveal them:
 
 Ingredients: