Skip to content

Commit

Permalink
pathogen-repo-build: Rename the two aws-actions/configure-aws-credent…
Browse files Browse the repository at this point in the history 
…ials steps

So they are more easily differentiated/recognized in the job logs.  I
found myself easily mixing them up when trying to find the right one.
  • Loading branch information
@tsibley
tsibley committed May 20, 2024
1 parent eb7d4a5 commit cf5c523
Show file tree
Hide file tree
Showing 2 changed files with 19 additions and 4 deletions.
13 changes: 11 additions & 2 deletions .github/workflows/pathogen-repo-build.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -272,14 +272,16 @@ jobs:
REPO_FULL_NAME: ${{ github.repository }}
run: |
echo "arn=arn:aws:iam::827581582529:role/GitHubActionsRoleNextstrainRepo@${REPO_FULL_NAME#*/}" | tee -a "$GITHUB_OUTPUT"
- uses: aws-actions/configure-aws-credentials@v4
- name: Configure credentials for runtime access to AWS
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: us-east-1
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
role-to-assume: ${{ secrets.AWS_ACCESS_KEY_ID == '' && steps.role.outputs.arn || '' }}
role-duration-seconds: 43200 # seconds, or 12 hours
- run: aws sts get-caller-identity
- name: Report identity of runtime access to AWS
run: aws sts get-caller-identity
- name: Save runtime AWS credentials to ${{ env.NEXTSTRAIN_RUNTIME_ENVDIR }}
run: |
"$NEXTSTRAIN_GITHUB_DIR"/bin/write-envdir "$NEXTSTRAIN_RUNTIME_ENVDIR" \
Expand All @@ -292,6 +294,7 @@ jobs:
# Comment only applies to this first use of the `&setup-aws-batch-credentials`, so
# outdenting comments to not repeat it with expanded YAML
- if: inputs.runtime == 'aws-batch'
name: Configure credentials for GitHub Actions job access to AWS Batch
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: us-east-1
Expand All @@ -300,6 +303,7 @@ jobs:
role-to-assume: ${{ secrets.AWS_ACCESS_KEY_ID == '' && 'arn:aws:iam::827581582529:role/GitHubActionsRoleNextstrainBatchJobs' || '' }}
role-duration-seconds: 43200 # seconds, or 12 hours
- if: inputs.runtime == 'aws-batch'
name: Report identity of GitHub Actions job access to AWS Batch
run: aws sts get-caller-identity
- name: Setup runtime ${{ inputs.runtime }}
uses: ./.git/nextstrain/.github/actions/setup-nextstrain-cli
Expand Down Expand Up @@ -370,6 +374,7 @@ jobs:
ref: ${{ needs.workflow-context.outputs.sha }}
path: ${{ env.NEXTSTRAIN_GITHUB_DIR }}
- if: inputs.runtime == 'aws-batch'
name: Configure credentials for GitHub Actions job access to AWS Batch
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: us-east-1
Expand Down Expand Up @@ -427,6 +432,7 @@ jobs:
ref: ${{ needs.workflow-context.outputs.sha }}
path: ${{ env.NEXTSTRAIN_GITHUB_DIR }}
- if: inputs.runtime == 'aws-batch'
name: Configure credentials for GitHub Actions job access to AWS Batch
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: us-east-1
Expand Down Expand Up @@ -485,6 +491,7 @@ jobs:
ref: ${{ needs.workflow-context.outputs.sha }}
path: ${{ env.NEXTSTRAIN_GITHUB_DIR }}
- if: inputs.runtime == 'aws-batch'
name: Configure credentials for GitHub Actions job access to AWS Batch
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: us-east-1
Expand Down Expand Up @@ -543,6 +550,7 @@ jobs:
ref: ${{ needs.workflow-context.outputs.sha }}
path: ${{ env.NEXTSTRAIN_GITHUB_DIR }}
- if: inputs.runtime == 'aws-batch'
name: Configure credentials for GitHub Actions job access to AWS Batch
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: us-east-1
Expand Down Expand Up @@ -624,6 +632,7 @@ jobs:
ref: ${{ needs.workflow-context.outputs.sha }}
path: ${{ env.NEXTSTRAIN_GITHUB_DIR }}
- if: inputs.runtime == 'aws-batch'
name: Configure credentials for GitHub Actions job access to AWS Batch
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: us-east-1
Expand Down
10 changes: 8 additions & 2 deletions .github/workflows/pathogen-repo-build.yaml.in
View file
Original file line number Diff line number Diff line change
Expand Up @@ -236,14 +236,17 @@ jobs:
run: |
echo "arn=arn:aws:iam::827581582529:role/GitHubActionsRoleNextstrainRepo@${REPO_FULL_NAME#*/}" | tee -a "$GITHUB_OUTPUT"

- uses: aws-actions/configure-aws-credentials@v4
- name: Configure credentials for runtime access to AWS
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: us-east-1
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
role-to-assume: ${{ secrets.AWS_ACCESS_KEY_ID == '' && steps.role.outputs.arn || '' }}
role-duration-seconds: 43200 # seconds, or 12 hours
- run: aws sts get-caller-identity

- name: Report identity of runtime access to AWS
run: aws sts get-caller-identity

- name: Save runtime AWS credentials to ${{ env.NEXTSTRAIN_RUNTIME_ENVDIR }}
run: |
Expand All @@ -259,14 +262,17 @@ jobs:
# outdenting comments to not repeat it with expanded YAML
- &setup-aws-batch-credentials
if: inputs.runtime == 'aws-batch'
name: Configure credentials for GitHub Actions job access to AWS Batch
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: us-east-1
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
role-to-assume: ${{ secrets.AWS_ACCESS_KEY_ID == '' && 'arn:aws:iam::827581582529:role/GitHubActionsRoleNextstrainBatchJobs' || '' }}
role-duration-seconds: 43200 # seconds, or 12 hours

- if: inputs.runtime == 'aws-batch'
name: Report identity of GitHub Actions job access to AWS Batch
run: aws sts get-caller-identity

- &setup-runtime
Expand Down

0 comments on commit cf5c523

Please sign in to comment.