apunkt/omnigraph
1
0
Fork 0
mirror of https://github.com/ModernRelay/omnigraph.git synced 2026-06-09 01:35:18 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #34 from ModernRelay/fix/package-workflow-use-secrets

Browse source 
package workflow: read AWS config from secrets, not variables
This commit is contained in:
Andrew Altshuler 2026-04-18 21:45:47 +03:00 committed by GitHub
commit eeb890a4f5
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 12 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

22
.github/workflows/package.yml vendored
View file

@ -5,8 +5,10 @@ name: Package
# main pushes today.
#
# Prerequisites:
# - Repo vars AWS_REGION, AWS_ROLE_TO_ASSUME, AWS_CODEBUILD_PACKAGE_PROJECT,
# AWS_ARTIFACT_BUCKET are set.
# - Repo secrets AWS_REGION, AWS_ROLE_TO_ASSUME, AWS_CODEBUILD_PACKAGE_PROJECT,
# AWS_ARTIFACT_BUCKET are set. Stored as secrets (not variables) so the
# AWS account ID embedded in the role ARN and bucket name stays masked in
# public workflow logs.
# - The shared workflow at ModernRelay/.github supports the `features` and
# `image_tag_suffix` inputs (ModernRelay/.github PR #2 or later).
#
@ -34,10 +36,10 @@ jobs:
with:
repository: ${{ github.repository }}
source_ref: ${{ inputs.source_ref != '' && inputs.source_ref || github.sha }}
aws_region: ${{ vars.AWS_REGION }}
aws_role_to_assume: ${{ vars.AWS_ROLE_TO_ASSUME }}
aws_codebuild_package_project: ${{ vars.AWS_CODEBUILD_PACKAGE_PROJECT }}
aws_artifact_bucket: ${{ vars.AWS_ARTIFACT_BUCKET }}
aws_region: ${{ secrets.AWS_REGION }}
aws_role_to_assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
aws_codebuild_package_project: ${{ secrets.AWS_CODEBUILD_PACKAGE_PROJECT }}
aws_artifact_bucket: ${{ secrets.AWS_ARTIFACT_BUCKET }}
package_aws:
name: Package aws-feature build
@ -49,9 +51,9 @@ jobs:
with:
repository: ${{ github.repository }}
source_ref: ${{ inputs.source_ref != '' && inputs.source_ref || github.sha }}
aws_region: ${{ vars.AWS_REGION }}
aws_role_to_assume: ${{ vars.AWS_ROLE_TO_ASSUME }}
aws_codebuild_package_project: ${{ vars.AWS_CODEBUILD_PACKAGE_PROJECT }}
aws_artifact_bucket: ${{ vars.AWS_ARTIFACT_BUCKET }}
aws_region: ${{ secrets.AWS_REGION }}
aws_role_to_assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
aws_codebuild_package_project: ${{ secrets.AWS_CODEBUILD_PACKAGE_PROJECT }}
aws_artifact_bucket: ${{ secrets.AWS_ARTIFACT_BUCKET }}
features: aws
image_tag_suffix: "-aws"