-
Notifications
You must be signed in to change notification settings - Fork 11
77 lines (67 loc) · 2.46 KB
/
AWS-auth.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
name: AWS Auth + Welcome Email
on:
push:
branches: [ main ]
paths:
'configs/**.json'
env:
AWS_ACCT_ID: ${{ secrets.AWS_ACCT_ID }}
AWS_REGION : 'us-west-2'
IAM_ROLE: ${{ secrets.ROLE_NAME }}
permissions:
id-token: write
contents: read
jobs:
changed_files:
runs-on: ubuntu-latest # windows-latest || macos-latest
name: Get config file name
outputs:
config-file-name: ${{ steps.config-file-name.outputs.CONFIG_FILES}}
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0 # OR "2" -> To retrieve the preceding commit.
- name: Get changed files
id: get-changed-files
uses: tj-actions/changed-files@v40
# NOTE: `since_last_remote_commit: true` is implied by default and falls back to the previous local commit.
- name: List all changed files
id: config-file-name
run: |
echo ${{ steps.get-changed-files.outputs.all_changed_files }}
changedfiles=()
for file in ${{ steps.get-changed-files.outputs.all_changed_files }}; do
if [[ "$file" == *nrel-op.json ]]; then
changedfiles+=("${file}")
echo "The name of the config file is: ${file}."
fi
done
echo "final changedfiles array: ${changedfiles[*]}"
echo "CONFIG_FILES=${changedfiles[*]}" >> "$GITHUB_OUTPUT"
AssumeRoleAndCallIdentity:
name: AWS Authentication + Sending Welcome Email
needs: changed_files
if: always()
runs-on: ubuntu-latest
steps:
- name: Git clone the repository
uses: actions/checkout@v3
- name: configure aws credentials
uses: aws-actions/[email protected]
with:
role-to-assume: arn:aws:iam::${{ env.AWS_ACCT_ID }}:role/${{ env.IAM_ROLE }}
role-session-name: GitHub_to_AWS_via_FederatedOIDC
aws-region: ${{ env.AWS_REGION }}
# Hello from AWS: WhoAmI
- name: Sts GetCallerIdentity
run: |
aws sts get-caller-identity --debug
- name: Install Boto3
run: pip install boto3
- name: Run email-config.py
run: |
echo "changed files string: ${{ needs.changed_files.outputs.config-file-name }}"
for config_file in ${{ needs.changed_files.outputs.config-file-name }}; do
echo "config file name ${config_file}"
python email_automation/email-config.py -g ${config_file}
done