From f7c5c5a4f41a177ed17bb848b219490751f165ba Mon Sep 17 00:00:00 2001 From: Matthew McPherrin Date: Fri, 22 Dec 2023 15:02:59 -0500 Subject: [PATCH] Upload artifacts to S3 in the release workflow (#28) This uploads checker.zip and churner.zip to an S3 bucket in the release.yml workflow that is run on tags. The lambdas can then be deployed from S3, instead of requiring the files be copied manually. For some reference material, see https://github.com/aws-actions/configure-aws-credentials --- .github/workflows/release.yml | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index b12e35d..b1807bd 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -7,6 +7,9 @@ on: tags: - v* +permissions: + id-token: write # Needed to request JWT for OIDC + jobs: release: runs-on: ubuntu-latest @@ -16,8 +19,10 @@ jobs: with: go-version: 1.21 - run: ./build-release.sh - - name: upload - uses: actions/upload-artifact@v4 + # Upload to S3: + - uses: aws-actions/configure-aws-credentials@v3 with: - path: "build/*.zip" - if-no-files-found: error + role-to-assume: arn:aws:iam::338276578713:role/crl-monitor-github-action-role + aws-region: us-west-2 + - run: aws s3 cp build/checker.zip s3://crl-monitor-artifacts/${{ github.ref_name }}/ + - run: aws s3 cp build/churner.zip s3://crl-monitor-artifacts/${{ github.ref_name }}/