Skip to content

Commit

Permalink
pathogen-repo-build: Run aws sts get-caller-identity after acquirin…
Browse files Browse the repository at this point in the history 
…g credentials

Very helpful for troubleshooting when looking at logs.

Note that when using the AWS Batch runtime the credential identity will
only be emitted for the initial job submission, not subsequent wait-N
jobs.  This seems fine.
  • Loading branch information
@tsibley
tsibley committed May 20, 2024
1 parent 009b8d8 commit eb7d4a5
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 0 deletions.
3 changes: 3 additions & 0 deletions .github/workflows/pathogen-repo-build.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -279,6 +279,7 @@ jobs:
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
role-to-assume: ${{ secrets.AWS_ACCESS_KEY_ID == '' && steps.role.outputs.arn || '' }}
role-duration-seconds: 43200 # seconds, or 12 hours
- run: aws sts get-caller-identity
- name: Save runtime AWS credentials to ${{ env.NEXTSTRAIN_RUNTIME_ENVDIR }}
run: |
"$NEXTSTRAIN_GITHUB_DIR"/bin/write-envdir "$NEXTSTRAIN_RUNTIME_ENVDIR" \
Expand All @@ -298,6 +299,8 @@ jobs:
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
role-to-assume: ${{ secrets.AWS_ACCESS_KEY_ID == '' && 'arn:aws:iam::827581582529:role/GitHubActionsRoleNextstrainBatchJobs' || '' }}
role-duration-seconds: 43200 # seconds, or 12 hours
- if: inputs.runtime == 'aws-batch'
run: aws sts get-caller-identity
- name: Setup runtime ${{ inputs.runtime }}
uses: ./.git/nextstrain/.github/actions/setup-nextstrain-cli
with:
Expand Down
3 changes: 3 additions & 0 deletions .github/workflows/pathogen-repo-build.yaml.in
View file
Original file line number Diff line number Diff line change
Expand Up @@ -243,6 +243,7 @@ jobs:
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
role-to-assume: ${{ secrets.AWS_ACCESS_KEY_ID == '' && steps.role.outputs.arn || '' }}
role-duration-seconds: 43200 # seconds, or 12 hours
- run: aws sts get-caller-identity

- name: Save runtime AWS credentials to ${{ env.NEXTSTRAIN_RUNTIME_ENVDIR }}
run: |
Expand All @@ -265,6 +266,8 @@ jobs:
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
role-to-assume: ${{ secrets.AWS_ACCESS_KEY_ID == '' && 'arn:aws:iam::827581582529:role/GitHubActionsRoleNextstrainBatchJobs' || '' }}
role-duration-seconds: 43200 # seconds, or 12 hours
- if: inputs.runtime == 'aws-batch'
run: aws sts get-caller-identity

- &setup-runtime
name: Setup runtime ${{ inputs.runtime }}
Expand Down

0 comments on commit eb7d4a5

Please sign in to comment.