From bcf99311002b8e64637b809c9ae074ad9ae6bfb7 Mon Sep 17 00:00:00 2001 From: bendsouza Date: Sat, 18 Jan 2025 11:38:26 +0000 Subject: [PATCH 1/3] parse aws region --- .github/workflows/deploy_backend.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/deploy_backend.yml b/.github/workflows/deploy_backend.yml index 2bbcdca..8b28b98 100644 --- a/.github/workflows/deploy_backend.yml +++ b/.github/workflows/deploy_backend.yml @@ -22,8 +22,8 @@ jobs: - name: Configure AWS credentials uses: aws-actions/configure-aws-credentials@v2 with: - role-to-assume: arn:aws:iam::$AWS_ACCOUNT_ID:role/$AWS_ROLE_NAME - aws-region: $AWS_REGION + role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ secrets.AWS_ROLE_NAME }} + aws-region: ${{ env.AWS_REGION }} - name: Get runner public IP address id: ip From 341337703b654fcdf36baee9dea9e7d8edff0800 Mon Sep 17 00:00:00 2001 From: bendsouza Date: Sun, 19 Jan 2025 19:18:52 +0000 Subject: [PATCH 2/3] specifiy oicd token --- .github/workflows/deploy_backend.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/deploy_backend.yml b/.github/workflows/deploy_backend.yml index 8b28b98..e2b3849 100644 --- a/.github/workflows/deploy_backend.yml +++ b/.github/workflows/deploy_backend.yml @@ -11,6 +11,9 @@ on: jobs: deploy: name: Deploy to EC2 + permissions: + id-token: write + contents: read runs-on: ubuntu-latest env: AWS_INSTANCE_SG_ID: ${{ secrets.AWS_INSTANCE_SG_ID }} @@ -24,6 +27,8 @@ jobs: with: role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ secrets.AWS_ROLE_NAME }} aws-region: ${{ env.AWS_REGION }} + role-session-name: GHActionsBackendDeployment + web-identity-token-file: ${{ env.ACTIONS_ID_TOKEN_REQUEST_TOKEN }} - name: Get runner public IP address id: ip From beb7287c6d926d527c2822d118131ab94a87391b Mon Sep 17 00:00:00 2001 From: bendsouza Date: Sun, 19 Jan 2025 19:45:11 +0000 Subject: [PATCH 3/3] run script with sudo --- .github/workflows/deploy_backend.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy_backend.yml b/.github/workflows/deploy_backend.yml index e2b3849..870570b 100644 --- a/.github/workflows/deploy_backend.yml +++ b/.github/workflows/deploy_backend.yml @@ -51,7 +51,7 @@ jobs: key: ${{ secrets.EC2_SSH_KEY }} script: | cd ~/yt_translator - app/post_update.sh + sudo app/post_update.sh - name: Revoke GitHub Actions runner IP address run: |