Skip to content

Commit

Permalink
chore: add custom gh token to calling actions.
Browse files Browse the repository at this point in the history
  • Loading branch information
gtempus committed Oct 31, 2023
1 parent ae3d65b commit 9af0e70
Show file tree
Hide file tree
Showing 2 changed files with 25 additions and 2 deletions.
4 changes: 2 additions & 2 deletions .github/workflows/api_triggered_workflow.yml
Original file line number Diff line number Diff line change
Expand Up @@ -27,10 +27,10 @@ jobs:
run: |
case "${{ github.event.client_payload.action }}" in
start)
terraform apply -auto-approve -var="game_state=running" -var="slack_token=${{ secrets.SLACK_BOT_OAUTH_TOKEN }}"
terraform apply -auto-approve -var="game_state=running" -var="slack_token=${{ secrets.SLACK_BOT_OAUTH_TOKEN }} -var="github_token=${{ secrets.GH_ACTIONS_TOKEN }}"
;;
stop)
terraform apply -auto-approve -var="game_state=stopped" -var="slack_token=${{ secrets.SLACK_BOT_OAUTH_TOKEN }}"
terraform apply -auto-approve -var="game_state=stopped" -var="slack_token=${{ secrets.SLACK_BOT_OAUTH_TOKEN }} -var="github_token=${{ secrets.GH_ACTIONS_TOKEN }}"
;;
status)
terraform output -json
Expand Down
23 changes: 23 additions & 0 deletions terraform/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -137,6 +137,23 @@ resource "aws_instance" "minecraft-server" {
variable "slack_token" {
description = "Slack Bot User OAuth Token"
type = string
sensitive = true
}

variable "github_token" {
description = "The GitHub token for Secrets Manager"
type = string
sensitive = true # This ensures Terraform doesn't print the value in outputs
}

resource "aws_secretsmanager_secret" "github_token_secret" {
name = "github_token"
description = "Secret for GitHub Token"
}

resource "aws_secretsmanager_secret_version" "github_token_secret_version" {
secret_id = aws_secretsmanager_secret.github_token_secret.id
secret_string = "{\"GITHUB_TOKEN\":\"${var.github_token}\"}"
}

resource "aws_lambda_function" "minecraft_bot" {
Expand Down Expand Up @@ -207,3 +224,9 @@ resource "aws_iam_role_policy_attachment" "lambda_logs" {
policy_arn = aws_iam_policy.minecraft_bot_lambda_logging.arn
role = aws_iam_role.lambda_role.name
}

resource "aws_iam_role_policy_attachment" "secrets_manager_access" {
policy_arn = "arn:aws:iam::aws:policy/SecretsManagerReadWrite"
role = aws_iam_role.lambda_role.name
}

0 comments on commit 9af0e70

Please sign in to comment.