From dfeeaa2c219785ca1995a61c1968601ce449bd4e Mon Sep 17 00:00:00 2001 From: aboyko Date: Wed, 8 Nov 2023 19:45:28 -0500 Subject: [PATCH] GHA: Debug akamai setup script --- .github/scripts/akamai-aws-cli-env.sh | 4 ++- .github/workflows/akamai-test.yml | 32 ++++++++++++++++++- .../workflows/eclipse-ls-extensions-build.yml | 7 +++- 3 files changed, 40 insertions(+), 3 deletions(-) diff --git a/.github/scripts/akamai-aws-cli-env.sh b/.github/scripts/akamai-aws-cli-env.sh index 59054dad0..36f53ddd5 100755 --- a/.github/scripts/akamai-aws-cli-env.sh +++ b/.github/scripts/akamai-aws-cli-env.sh @@ -1,6 +1,8 @@ # Akamai supports assumeRole for Cloudgate S3 access # The script asks for temp credentials to be able to upload to Akamai S3 origin bucket # The AWS CLI environment variables are then updated with temp credentials values +set -e + session_name=$1 duration_seconds=900 if [ ! -z "$2" ]; then @@ -9,7 +11,7 @@ fi export $(printf "AWS_ACCESS_KEY_ID=%s AWS_SECRET_ACCESS_KEY=%s AWS_SESSION_TOKEN=%s" \ $(aws sts assume-role \ ---role-arn "arn:aws:iam::${TOOLS_CLOUDGATE_ACCOUNT_ID}:role/${TOOLS_CLOUDGATE_USER}" \ +--role-arn arn:aws:iam::$TOOLS_CLOUDGATE_ACCOUNT_ID:role/$TOOLS_CLOUDGATE_USER \ --role-session-name $session_name \ --duration-seconds $duration_seconds \ --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ diff --git a/.github/workflows/akamai-test.yml b/.github/workflows/akamai-test.yml index 4cf51443f..18cb1f863 100644 --- a/.github/workflows/akamai-test.yml +++ b/.github/workflows/akamai-test.yml @@ -25,6 +25,37 @@ jobs: echo "AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID" >> $GITHUB_ENV echo "AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY" >> $GITHUB_ENV echo "AWS_SESSION_TOKEN=$AWS_SESSION_TOKEN" >> $GITHUB_ENV + echo "AWS_DEFAULT_REGION=$AWS_DEFAULT_REGION" >> $GITHUB_ENV + - name: Test Environment + env: + AWS_DEFAULT_REGION: us-east-1 + run: | + file="upload-test.txt" + echo 'Upload test file' > $file + cat $file + echo $AWS_SESSION_TOKEN + aws s3 mv ./$file s3://tools-spring-io/test-akamai/$file + aws s3 rm s3://tools-spring-io/test-akamai/$file + + + akamai-upload-via-script: + name: Upload to Akamai via Script + runs-on: ubuntu-latest + steps: + - name: Akamai Setup + id: akamai-setup + env: + AWS_ACCESS_KEY_ID: ${{ secrets.TOOLS_CLOUDGATE_ACCESS_KEY }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.TOOLS_CLOUDGATE_SECRET_KEY }} + TOOLS_CLOUDGATE_ACCOUNT_ID: ${{ secrets.TOOLS_CLOUDGATE_ACCOUNT_ID }} + TOOLS_CLOUDGATE_USER: ${{ secrets.TOOLS_CLOUDGATE_USER }} + AWS_DEFAULT_REGION: us-east-1 + run: | + ${{ github.workspace }}/.github/scripts/akamai-aws-cli-env.sh ${{ github.run }} + echo "AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID" >> $GITHUB_ENV + echo "AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY" >> $GITHUB_ENV + echo "AWS_SESSION_TOKEN=$AWS_SESSION_TOKEN" >> $GITHUB_ENV + echo "AWS_DEFAULT_REGION=$AWS_DEFAULT_REGION" >> $GITHUB_ENV - name: Test Environment env: AWS_DEFAULT_REGION: us-east-1 @@ -37,4 +68,3 @@ jobs: aws s3 rm s3://tools-spring-io/test-akamai/$file - diff --git a/.github/workflows/eclipse-ls-extensions-build.yml b/.github/workflows/eclipse-ls-extensions-build.yml index 8b3227b9a..77f2f78b5 100644 --- a/.github/workflows/eclipse-ls-extensions-build.yml +++ b/.github/workflows/eclipse-ls-extensions-build.yml @@ -70,7 +70,12 @@ jobs: TOOLS_CLOUDGATE_USER: ${{ secrets.TOOLS_CLOUDGATE_USER }} AWS_DEFAULT_REGION: us-east-1 run: | - ${{ github.workspace }}/.github/scripts/akamai-aws-cli-env.sh ${{ github.run }} + export $(printf "AWS_ACCESS_KEY_ID=%s AWS_SECRET_ACCESS_KEY=%s AWS_SESSION_TOKEN=%s" \ + $(aws sts assume-role \ + --role-arn arn:aws:iam::${{ secrets.TOOLS_CLOUDGATE_ACCOUNT_ID }}:role/${{ secrets.TOOLS_CLOUDGATE_USER }} \ + --role-session-name gha-upload \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text)) echo "AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID" >> $GITHUB_ENV echo "AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY" >> $GITHUB_ENV echo "AWS_SESSION_TOKEN=$AWS_SESSION_TOKEN" >> $GITHUB_ENV