GHA: Debug akamai setup script

This commit is contained in:
aboyko
2023-11-08 19:45:28 -05:00
parent 27fa449db1
commit dfeeaa2c21
3 changed files with 40 additions and 3 deletions

View File

@@ -1,6 +1,8 @@
# Akamai supports assumeRole for Cloudgate S3 access
# The script asks for temp credentials to be able to upload to Akamai S3 origin bucket
# The AWS CLI environment variables are then updated with temp credentials values
set -e
session_name=$1
duration_seconds=900
if [ ! -z "$2" ]; then
@@ -9,7 +11,7 @@ fi
export $(printf "AWS_ACCESS_KEY_ID=%s AWS_SECRET_ACCESS_KEY=%s AWS_SESSION_TOKEN=%s" \
$(aws sts assume-role \
--role-arn "arn:aws:iam::${TOOLS_CLOUDGATE_ACCOUNT_ID}:role/${TOOLS_CLOUDGATE_USER}" \
--role-arn arn:aws:iam::$TOOLS_CLOUDGATE_ACCOUNT_ID:role/$TOOLS_CLOUDGATE_USER \
--role-session-name $session_name \
--duration-seconds $duration_seconds \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \

View File

@@ -25,6 +25,37 @@ jobs:
echo "AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID" >> $GITHUB_ENV
echo "AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY" >> $GITHUB_ENV
echo "AWS_SESSION_TOKEN=$AWS_SESSION_TOKEN" >> $GITHUB_ENV
echo "AWS_DEFAULT_REGION=$AWS_DEFAULT_REGION" >> $GITHUB_ENV
- name: Test Environment
env:
AWS_DEFAULT_REGION: us-east-1
run: |
file="upload-test.txt"
echo 'Upload test file' > $file
cat $file
echo $AWS_SESSION_TOKEN
aws s3 mv ./$file s3://tools-spring-io/test-akamai/$file
aws s3 rm s3://tools-spring-io/test-akamai/$file
akamai-upload-via-script:
name: Upload to Akamai via Script
runs-on: ubuntu-latest
steps:
- name: Akamai Setup
id: akamai-setup
env:
AWS_ACCESS_KEY_ID: ${{ secrets.TOOLS_CLOUDGATE_ACCESS_KEY }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.TOOLS_CLOUDGATE_SECRET_KEY }}
TOOLS_CLOUDGATE_ACCOUNT_ID: ${{ secrets.TOOLS_CLOUDGATE_ACCOUNT_ID }}
TOOLS_CLOUDGATE_USER: ${{ secrets.TOOLS_CLOUDGATE_USER }}
AWS_DEFAULT_REGION: us-east-1
run: |
${{ github.workspace }}/.github/scripts/akamai-aws-cli-env.sh ${{ github.run }}
echo "AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID" >> $GITHUB_ENV
echo "AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY" >> $GITHUB_ENV
echo "AWS_SESSION_TOKEN=$AWS_SESSION_TOKEN" >> $GITHUB_ENV
echo "AWS_DEFAULT_REGION=$AWS_DEFAULT_REGION" >> $GITHUB_ENV
- name: Test Environment
env:
AWS_DEFAULT_REGION: us-east-1
@@ -37,4 +68,3 @@ jobs:
aws s3 rm s3://tools-spring-io/test-akamai/$file

View File

@@ -70,7 +70,12 @@ jobs:
TOOLS_CLOUDGATE_USER: ${{ secrets.TOOLS_CLOUDGATE_USER }}
AWS_DEFAULT_REGION: us-east-1
run: |
${{ github.workspace }}/.github/scripts/akamai-aws-cli-env.sh ${{ github.run }}
export $(printf "AWS_ACCESS_KEY_ID=%s AWS_SECRET_ACCESS_KEY=%s AWS_SESSION_TOKEN=%s" \
$(aws sts assume-role \
--role-arn arn:aws:iam::${{ secrets.TOOLS_CLOUDGATE_ACCOUNT_ID }}:role/${{ secrets.TOOLS_CLOUDGATE_USER }} \
--role-session-name gha-upload \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text))
echo "AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID" >> $GITHUB_ENV
echo "AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY" >> $GITHUB_ENV
echo "AWS_SESSION_TOKEN=$AWS_SESSION_TOKEN" >> $GITHUB_ENV