From 8bd6540dfc8f95141234e4e26a556ded6c99636b Mon Sep 17 00:00:00 2001 From: Andrew Hsu Date: Mon, 19 Aug 2024 10:24:05 -0500 Subject: [PATCH 1/3] gha: cleanup docs No functionality change. --- .github/workflows/docs.yml | 16 +++++----------- 1 file changed, 5 insertions(+), 11 deletions(-) diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index 656089a8..1f35dca7 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -1,27 +1,21 @@ +--- name: Build and Commit Documentation - on: pull_request: - types: [ labeled ] - + types: [labeled] jobs: build_and_commit: if: contains(github.event.pull_request.labels.*.name, 'docs') runs-on: ubuntu-latest - steps: - - name: Checkout code - uses: actions/checkout@v4 + - uses: actions/checkout@v4 with: ref: ${{ github.head_ref }} - - - name: Run make command - run: make doc - + - run: make doc - name: Commit changes run: | git config --local user.email "action@github.com" git config --local user.name "GitHub Action" git add . git commit -m "Update documentation" || echo "No changes to commit" - git push origin HEAD:${{ github.head_ref }} \ No newline at end of file + git push origin HEAD:${{ github.head_ref }} From a3d4b66124e5254a85a78ef54b79668b0e50e62d Mon Sep 17 00:00:00 2001 From: Andrew Hsu Date: Mon, 23 Sep 2024 00:06:11 -0500 Subject: [PATCH 2/3] gha: cleanup release No functionality change. --- .github/workflows/release.yml | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 262f891d..ddbaf1c5 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,13 +1,10 @@ -# Terraform Provider release workflow. +--- name: Release on: push: - tags: - - 'v*' - + tags: ['v*'] permissions: contents: write - jobs: goreleaser: runs-on: ubuntu-latest @@ -32,14 +29,12 @@ jobs: with: go-version-file: 'go.mod' cache: true - - name: Import GPG key - uses: crazy-max/ghaction-import-gpg@v6 + - uses: crazy-max/ghaction-import-gpg@v6 id: import_gpg with: gpg_private_key: ${{ env.TF_PROVIDER_RP_GPG_PRIVATE_KEY }} passphrase: ${{ env.TF_PROVIDER_RP_PASSPHRASE }} - - name: Run GoReleaser - uses: goreleaser/goreleaser-action@v6 + - uses: goreleaser/goreleaser-action@v6 with: args: release --clean env: From 87c4ce11d1eb76e821f7603554abde4093befcec Mon Sep 17 00:00:00 2001 From: Andrew Hsu Date: Mon, 23 Sep 2024 00:07:42 -0500 Subject: [PATCH 3/3] gha: update release to use oidc --- .github/workflows/release.yml | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index ddbaf1c5..e2385354 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -5,18 +5,16 @@ on: tags: ['v*'] permissions: contents: write + id-token: write jobs: goreleaser: runs-on: ubuntu-latest steps: - - name: configure aws credentials - uses: aws-actions/configure-aws-credentials@v4 + - uses: aws-actions/configure-aws-credentials@v4 with: - aws-access-key-id: ${{ secrets.AWS_SM_READONLY_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SM_READONLY_SECRET_ACCESS_KEY }} - aws-region: us-west-2 - - name: get secrets from aws sm - uses: aws-actions/aws-secretsmanager-get-secrets@v2 + aws-region: ${{ vars.RP_AWS_CRED_REGION }} + role-to-assume: arn:aws:iam::${{ secrets.RP_AWS_CRED_ACCOUNT_ID }}:role/${{ vars.RP_AWS_CRED_BASE_ROLE_NAME }}${{ github.event.repository.name }} + - uses: aws-actions/aws-secretsmanager-get-secrets@v2 with: secret-ids: | ,sdlc/prod/github/tf_provider_rp