GHA: Debug akamai setup script
This commit is contained in:
4
.github/scripts/akamai-aws-cli-env.sh
vendored
4
.github/scripts/akamai-aws-cli-env.sh
vendored
@@ -1,6 +1,8 @@
|
||||
# Akamai supports assumeRole for Cloudgate S3 access
|
||||
# The script asks for temp credentials to be able to upload to Akamai S3 origin bucket
|
||||
# The AWS CLI environment variables are then updated with temp credentials values
|
||||
set -e
|
||||
|
||||
session_name=$1
|
||||
duration_seconds=900
|
||||
if [ ! -z "$2" ]; then
|
||||
@@ -9,7 +11,7 @@ fi
|
||||
|
||||
export $(printf "AWS_ACCESS_KEY_ID=%s AWS_SECRET_ACCESS_KEY=%s AWS_SESSION_TOKEN=%s" \
|
||||
$(aws sts assume-role \
|
||||
--role-arn "arn:aws:iam::${TOOLS_CLOUDGATE_ACCOUNT_ID}:role/${TOOLS_CLOUDGATE_USER}" \
|
||||
--role-arn arn:aws:iam::$TOOLS_CLOUDGATE_ACCOUNT_ID:role/$TOOLS_CLOUDGATE_USER \
|
||||
--role-session-name $session_name \
|
||||
--duration-seconds $duration_seconds \
|
||||
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
|
||||
|
||||
32
.github/workflows/akamai-test.yml
vendored
32
.github/workflows/akamai-test.yml
vendored
@@ -25,6 +25,37 @@ jobs:
|
||||
echo "AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID" >> $GITHUB_ENV
|
||||
echo "AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY" >> $GITHUB_ENV
|
||||
echo "AWS_SESSION_TOKEN=$AWS_SESSION_TOKEN" >> $GITHUB_ENV
|
||||
echo "AWS_DEFAULT_REGION=$AWS_DEFAULT_REGION" >> $GITHUB_ENV
|
||||
- name: Test Environment
|
||||
env:
|
||||
AWS_DEFAULT_REGION: us-east-1
|
||||
run: |
|
||||
file="upload-test.txt"
|
||||
echo 'Upload test file' > $file
|
||||
cat $file
|
||||
echo $AWS_SESSION_TOKEN
|
||||
aws s3 mv ./$file s3://tools-spring-io/test-akamai/$file
|
||||
aws s3 rm s3://tools-spring-io/test-akamai/$file
|
||||
|
||||
|
||||
akamai-upload-via-script:
|
||||
name: Upload to Akamai via Script
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Akamai Setup
|
||||
id: akamai-setup
|
||||
env:
|
||||
AWS_ACCESS_KEY_ID: ${{ secrets.TOOLS_CLOUDGATE_ACCESS_KEY }}
|
||||
AWS_SECRET_ACCESS_KEY: ${{ secrets.TOOLS_CLOUDGATE_SECRET_KEY }}
|
||||
TOOLS_CLOUDGATE_ACCOUNT_ID: ${{ secrets.TOOLS_CLOUDGATE_ACCOUNT_ID }}
|
||||
TOOLS_CLOUDGATE_USER: ${{ secrets.TOOLS_CLOUDGATE_USER }}
|
||||
AWS_DEFAULT_REGION: us-east-1
|
||||
run: |
|
||||
${{ github.workspace }}/.github/scripts/akamai-aws-cli-env.sh ${{ github.run }}
|
||||
echo "AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID" >> $GITHUB_ENV
|
||||
echo "AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY" >> $GITHUB_ENV
|
||||
echo "AWS_SESSION_TOKEN=$AWS_SESSION_TOKEN" >> $GITHUB_ENV
|
||||
echo "AWS_DEFAULT_REGION=$AWS_DEFAULT_REGION" >> $GITHUB_ENV
|
||||
- name: Test Environment
|
||||
env:
|
||||
AWS_DEFAULT_REGION: us-east-1
|
||||
@@ -37,4 +68,3 @@ jobs:
|
||||
aws s3 rm s3://tools-spring-io/test-akamai/$file
|
||||
|
||||
|
||||
|
||||
|
||||
@@ -70,7 +70,12 @@ jobs:
|
||||
TOOLS_CLOUDGATE_USER: ${{ secrets.TOOLS_CLOUDGATE_USER }}
|
||||
AWS_DEFAULT_REGION: us-east-1
|
||||
run: |
|
||||
${{ github.workspace }}/.github/scripts/akamai-aws-cli-env.sh ${{ github.run }}
|
||||
export $(printf "AWS_ACCESS_KEY_ID=%s AWS_SECRET_ACCESS_KEY=%s AWS_SESSION_TOKEN=%s" \
|
||||
$(aws sts assume-role \
|
||||
--role-arn arn:aws:iam::${{ secrets.TOOLS_CLOUDGATE_ACCOUNT_ID }}:role/${{ secrets.TOOLS_CLOUDGATE_USER }} \
|
||||
--role-session-name gha-upload \
|
||||
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
|
||||
--output text))
|
||||
echo "AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID" >> $GITHUB_ENV
|
||||
echo "AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY" >> $GITHUB_ENV
|
||||
echo "AWS_SESSION_TOKEN=$AWS_SESSION_TOKEN" >> $GITHUB_ENV
|
||||
|
||||
Reference in New Issue
Block a user