Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

OIDC deploy #450

Merged
merged 13 commits into from
Jun 13, 2024
Merged

OIDC deploy #450

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
a080e1a
Use aws-configure-credentials for OIDC deploy
Crola1702 Jun 4, 2024
06be304
Fix aws-action syntax
Crola1702 Jun 4, 2024
9159eb0
Test configure credentials
Crola1702 Jun 5, 2024
1c4ba48
Test describe permissions
Crola1702 Jun 5, 2024
4847d80
List permissions in a different way
Crola1702 Jun 5, 2024
9a34dfd
List permissions in a different way
Crola1702 Jun 5, 2024
fd59952
List permissions in a different way
Crola1702 Jun 5, 2024
109afac
Test identity from dockerfiles
Crola1702 Jun 5, 2024
87557ba
Check if credentials defined
Crola1702 Jun 5, 2024
0d92eb5
Fix syntax
Crola1702 Jun 5, 2024
f407f5d
Check if not defined
Crola1702 Jun 5, 2024
9b5aef8
Add session token to aws configuration
Crola1702 Jun 5, 2024
53624e8
Add session token to all distributions
Crola1702 Jun 5, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
29 changes: 16 additions & 13 deletions .github/workflows/nightly-upload.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,26 +10,29 @@ jobs:
upload:
name: Upload docs to production
runs-on: ubuntu-20.04
permissions:
id-token: write
contents: read
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Setup aws cli
run: |
sudo apt-get update &&
sudo apt-get install curl &&
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" &&
unzip awscliv2.zip &&
sudo ./aws/install --update &&
aws --version
- name: Configure AWS Credentials
id: creds
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: us-east-1
role-to-assume: arn:aws:iam::200670743174:role/github-oidc-deployment-gz-web-app
# Need to run ./build_docs.sh
output-credentials: true
- name: Run nightly upload
run: cd tools && ./build_docs.sh all
run: |
cd tools && ./build_docs.sh all
shell: bash
env:
GZ_VERSION_PASSWORD: ${{ secrets.GZ_VERSION_PASSWORD }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_ACCESS_KEY_ID: ${{ steps.creds.outputs.aws-access-key-id }}
AWS_SECRET_ACCESS_KEY: ${{ steps.creds.outputs.aws-secret-access-key }}
AWS_SESSION_TOKEN: ${{ steps.creds.outputs.aws-session-token }}
- name: Invalidate Cloudfront distribution
run: |
aws configure set aws_access_key_id ${{ secrets.AWS_ACCESS_KEY_ID }} &&
aws configure set aws_secret_access_key ${{ secrets.AWS_SECRET_ACCESS_KEY }} &&
aws cloudfront create-invalidation --distribution-id ${{ secrets.CLOUDFRONT_DISTRIBUTION_ID }} --paths '/*' --region us-east-1
3 changes: 2 additions & 1 deletion tools/Dockerfile.citadel
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,9 +13,10 @@ ARG GZ_VERSION_PASSWORD
ARG GZ_VERSION_DATE
ARG AWS_ACCESS_KEY_ID
ARG AWS_SECRET_ACCESS_KEY
ARG AWS_SESSION_TOKEN

COPY scripts/install_common_deps.sh scripts/install_common_deps.sh
RUN scripts/install_common_deps.sh $AWS_ACCESS_KEY_ID $AWS_SECRET_ACCESS_KEY
RUN scripts/install_common_deps.sh $AWS_ACCESS_KEY_ID $AWS_SECRET_ACCESS_KEY $AWS_SESSION_TOKEN

COPY scripts/build_gz.sh scripts/build_gz.sh

Expand Down
3 changes: 2 additions & 1 deletion tools/Dockerfile.fortress
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,9 +13,10 @@ ARG GZ_VERSION_PASSWORD
ARG GZ_VERSION_DATE
ARG AWS_ACCESS_KEY_ID
ARG AWS_SECRET_ACCESS_KEY
ARG AWS_SESSION_TOKEN

COPY scripts/install_common_deps.sh scripts/install_common_deps.sh
RUN scripts/install_common_deps.sh $AWS_ACCESS_KEY_ID $AWS_SECRET_ACCESS_KEY
RUN scripts/install_common_deps.sh $AWS_ACCESS_KEY_ID $AWS_SECRET_ACCESS_KEY $AWS_SESSION_TOKEN

COPY scripts/build_gz.sh scripts/build_gz.sh

Expand Down
3 changes: 2 additions & 1 deletion tools/Dockerfile.garden
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,9 +13,10 @@ ARG GZ_VERSION_PASSWORD
ARG GZ_VERSION_DATE
ARG AWS_ACCESS_KEY_ID
ARG AWS_SECRET_ACCESS_KEY
ARG AWS_SESSION_TOKEN

COPY scripts/install_common_deps.sh scripts/install_common_deps.sh
RUN scripts/install_common_deps.sh $AWS_ACCESS_KEY_ID $AWS_SECRET_ACCESS_KEY
RUN scripts/install_common_deps.sh $AWS_ACCESS_KEY_ID $AWS_SECRET_ACCESS_KEY $AWS_SESSION_TOKEN

COPY scripts/build_gz.sh scripts/build_gz.sh

Expand Down
3 changes: 2 additions & 1 deletion tools/Dockerfile.harmonic
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,9 +13,10 @@ ARG GZ_VERSION_PASSWORD
ARG GZ_VERSION_DATE
ARG AWS_ACCESS_KEY_ID
ARG AWS_SECRET_ACCESS_KEY
ARG AWS_SESSION_TOKEN

COPY scripts/install_common_deps.sh scripts/install_common_deps.sh
RUN scripts/install_common_deps.sh $AWS_ACCESS_KEY_ID $AWS_SECRET_ACCESS_KEY
RUN scripts/install_common_deps.sh $AWS_ACCESS_KEY_ID $AWS_SECRET_ACCESS_KEY $AWS_SESSION_TOKEN
RUN echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/pkgs-osrf-archive-keyring.gpg] http://packages.osrfoundation.org/gazebo/ubuntu-prerelease $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/gazebo-prerelease.list > /dev/null \
&& apt-get update

Expand Down
2 changes: 1 addition & 1 deletion tools/build_docs.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@

if [[ $1 == 'all' || $1 == 'citadel' || $1 == 'Citadel' ]]; then
echo -e "\e[46m\e[30mUploading documentation for Citadel\e[0m\e[39m"
docker build -t gz-docs-builder -f Dockerfile.citadel --build-arg GZ_VERSION_PASSWORD --build-arg GZ_VERSION_DATE=`date -Iseconds` --no-cache --build-arg AWS_ACCESS_KEY_ID --build-arg AWS_SECRET_ACCESS_KEY .
docker build -t gz-docs-builder -f Dockerfile.citadel --build-arg GZ_VERSION_PASSWORD --build-arg GZ_VERSION_DATE=`date -Iseconds` --no-cache --build-arg AWS_ACCESS_KEY_ID --build-arg AWS_SECRET_ACCESS_KEY --build-arg AWS_SESSION_TOKEN .
docker image rm -f gz-docs-builder
docker image prune -f
fi
Expand Down
1 change: 1 addition & 0 deletions tools/scripts/install_common_deps.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,4 +35,5 @@ sudo ./aws/install
# Configure AWS so that API docs can be uploaded to s3.
aws configure set aws_access_key_id $1
aws configure set aws_secret_access_key $2
aws configure set aws_session_token $3
aws configure set default.region us-east-1
Loading