@@ -3,8 +3,11 @@ name: Build package
33on : [push]
44
55env :
6+ # Upload to AWS uses OIDC for federated auth:
7+ # https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services
68 S3_PATH : motus-builds/${{github.repository}}
79 S3_REGION : us-east-2
10+ AWS_ROLE : arn:aws:iam::635201719205:role/Github-actions-motus
811
912permissions :
1013 id-token : write
@@ -18,26 +21,34 @@ jobs:
1821 uses : actions/checkout@v2
1922 with :
2023 path : .
21- - run : echo "GIT_DESC=$(git describe --tags --dirty --always)" >>$GITHUB_ENV
24+
25+ # use branch or tag name in S3 upload path
26+ - run : echo GIT_REF=${{github.ref}} | sed -e 's;refs/[^/]*/;;' >>$GITHUB_ENV
27+
2228 - name : Generate .deb packages
2329 run : ./gen-package.sh
2430 shell : bash
2531 - run : ls -ls packages
32+
33+ # Upload github artifacts for debugging purposes
2634 - uses : actions/upload-artifact@v2
2735 with :
2836 name : deb-packages
2937 path : packages
38+
3039 - name : Configure AWS Credentials
3140 # See https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services
3241 uses : aws-actions/configure-aws-credentials@master
3342 with :
34- role-to-assume : arn:aws:iam::635201719205:role/Github-actions-motus
43+ role-to-assume : ${{env.AWS_ROLE}}
3544 role-session-name : GithubActionsMotus
3645 aws-region : ${{ env.S3_REGION }}
46+
3747 - name : Upload .debs to AWS S3 repo
3848 run : |
39- aws s3 sync --acl public-read packages s3://${{env.S3_PATH}}/$GIT_DESC/
40- name : Link to packages on S3
49+ aws s3 sync --acl public-read packages s3://${{env.S3_PATH}}/$GIT_REF/
50+
51+ name : Create annotation with link to packages on S3
4152 run : |
42- echo "https://${{env.S3_PATH}}/$GIT_DESC /"
43- echo "::notice title=Packages::https://${{env.S3_PATH}}/$GIT_DESC /"
53+ echo "https://${{env.S3_PATH}}/$GIT_REF /"
54+ echo "::notice title=Packages::https://${{env.S3_PATH}}/$GIT_REF /"
0 commit comments