fix role repo (#40)

cursive-team · Oct 5, 2024 · 0d3d826 · 0d3d826
1 parent a3736c5
commit 0d3d826
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 3 deletions.
diff --git a/deployment/README.md b/deployment/README.md
@@ -136,7 +136,7 @@ To create a local tag. If the `$commit-hash` is not supplied, the most recent co
 
 To annotate a tag: 
 
-`git tag -a v0.0.0 -m "Initial Release" $commit-hash`
+`git tag -a v0.0.0 -m "Initial release" $commit-hash`
 
 Push tag:
 `git push origin v0.0.0`
@@ -158,6 +158,9 @@ docker push $ACCOUNT_NUMBER.dkr.ecr.$AWS_REGION.amazonaws.com/$ECR_REPO_NAME:1
 ```
 
 ### Apply Specific Image Tag to Infra 
+
+To run locally, you must uncomment the credential path and profile in `provider.tf`.
+
 ``` 
 terraform apply -var="image_tag=${tag number}" -auto-approve
 ```

diff --git a/deployment/ecr.tf b/deployment/ecr.tf
@@ -49,8 +49,8 @@ resource "aws_iam_role" "github_actions_role" {
         Condition = {
           StringLike = {
             # TODO: if this works, then scope to specific repo:
-            # "token.actions.githubusercontent.com:sub" : "repo:${var.namespace}:${var.name}"
-            "token.actions.githubusercontent.com:sub" : "repo:${var.namespace}:*"
+            # "token.actions.githubusercontent.com:sub" : "repo:${var.namespace}/${var.name}"
+            "token.actions.githubusercontent.com:sub" : "repo:${var.namespace}/*"
           },
           StringEquals = {
             "token.actions.githubusercontent.com:aud" : "sts.amazonaws.com"