From 0cfea73966657fdb6d8b218c76dc927eb9e7f1f5 Mon Sep 17 00:00:00 2001 From: "bbera@coveo.com" Date: Mon, 12 Sep 2022 09:15:52 -0400 Subject: [PATCH 1/4] Assume AWS role instead of using creds in secrets --- .github/workflows/pr.yml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index d1722bd..7a843c2 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -20,9 +20,12 @@ jobs: - name: Checkout uses: actions/checkout@v3 + - uses: aws-actions/configure-aws-credentials@v1 + with: + aws-region: us-east-1 + role-to-assume: arn:aws:iam::043612128888:role/nrd-oss-tgf-github-actions-ci + - name: Run tests env: AWS_REGION: us-east-1 - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} run: go test -v ./... From 95cd6a2e2079418b5ec2585f59801eb7cc554a54 Mon Sep 17 00:00:00 2001 From: "bbera@coveo.com" Date: Wed, 21 Sep 2022 13:10:04 -0400 Subject: [PATCH 2/4] Add id-token permission --- .github/workflows/pr.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index 7a843c2..7003cd0 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -6,10 +6,15 @@ on: jobs: build: name: Test - runs-on: ${{ matrix.os }} + + permissions: + id-token: write # required for AWS assume role + strategy: matrix: os: [ubuntu-latest, windows-latest] + + runs-on: ${{ matrix.os }} steps: - name: Setup Go uses: actions/setup-go@v3 From 512141473b31999190a71ccf840384efa954e5ac Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jonathan=20Pich=C3=A9?= Date: Thu, 13 Oct 2022 05:27:29 -0400 Subject: [PATCH 3/4] use fork --- .github/workflows/pr.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index 7003cd0..ad2dcdb 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -25,7 +25,7 @@ jobs: - name: Checkout uses: actions/checkout@v3 - - uses: aws-actions/configure-aws-credentials@v1 + - uses: coveooss/configure-aws-credentials-action@v1.7 with: aws-region: us-east-1 role-to-assume: arn:aws:iam::043612128888:role/nrd-oss-tgf-github-actions-ci From 27c846abea01dab50207e9f0f263d39c9abfee6a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jonathan=20Pich=C3=A9?= Date: Thu, 13 Oct 2022 05:29:20 -0400 Subject: [PATCH 4/4] fix version --- .github/workflows/pr.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index ad2dcdb..7abda40 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -25,7 +25,7 @@ jobs: - name: Checkout uses: actions/checkout@v3 - - uses: coveooss/configure-aws-credentials-action@v1.7 + - uses: coveooss/configure-aws-credentials-action@v1.7.0 with: aws-region: us-east-1 role-to-assume: arn:aws:iam::043612128888:role/nrd-oss-tgf-github-actions-ci