refactor: switch to a single input

iamKunalGupta · iamKunalGupta · commit 5e7b176a8407 · 2026-02-05T19:33:40.000+05:30
diff --git a/.github/workflows/postgres-vm-image.yml b/.github/workflows/postgres-vm-image.yml
@@ -51,22 +51,10 @@ on:
         description: "🧪 TEST ONLY: Skip builds, use dummy values to test PR creation"
         default: false
         type: boolean
-      aws_role_arn:
-        description: "AWS Role ARN for authentication (if empty, uses access keys)"
-        type: string
-        default: ""
-      aws_build_role_arn:
-        description: "AWS Role ARN used when running build.sh"
-        type: string
-        default: ""
-      aws_vm_import_role_name:
-        description: "IAM role name used by EC2 VM Import/Export during import-snapshot"
-        type: string
-        default: "vmimport"
-      aws_ami_encryption_kms_key_id:
-        description: "KMS Key ID for AMI encryption (optional)"
-        type: string
-        default: ""
+      use_aws_role:
+        description: "Use AWS role-based authentication (if false, uses access keys)"
+        default: false
+        type: boolean
 
 permissions:
   id-token: write
@@ -92,10 +80,10 @@ jobs:
         uses: actions/checkout@v3
 
       - name: Configure AWS credentials (build role)
-        if: ${{ inputs.aws_build_role_arn != '' }}
+        if: ${{ inputs.use_aws_role }}
         uses: aws-actions/configure-aws-credentials@v5
         with:
-          role-to-assume: ${{ inputs.aws_build_role_arn }}
+          role-to-assume: ${{ secrets.AWS_BUILD_ROLE_ARN }}
           role-session-name: postgres-image-${{ job.name }}
           aws-region: us-west-2
 
@@ -191,15 +179,15 @@ jobs:
           aws --version
 
       - name: Configure AWS credentials (role)
-        if: ${{ inputs.upload_aws_ami && !inputs.build_only && inputs.aws_role_arn != '' }}
+        if: ${{ inputs.upload_aws_ami && !inputs.build_only && inputs.use_aws_role }}
         uses: aws-actions/configure-aws-credentials@v5
         with:
-          role-to-assume: ${{ inputs.aws_role_arn }}
+          role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
           role-session-name: postgres-image-${{ job.name }}
           aws-region: us-west-2
 
       - name: Configure AWS credentials (access keys)
-        if: ${{ inputs.upload_aws_ami && !inputs.build_only && inputs.aws_role_arn == '' }}
+        if: ${{ inputs.upload_aws_ami && !inputs.build_only && !inputs.use_aws_role }}
         uses: aws-actions/configure-aws-credentials@v5
         with:
           aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
@@ -227,7 +215,7 @@ jobs:
           image_filename=${{ steps.s3_upload.outputs.image_filename }}
           s3_bucket=${{ steps.s3_upload.outputs.s3_bucket }}
           s3_prefix=${{ steps.set_image_name.outputs.S3_BUCKET_IMAGE_PREFIX }}
-          vm_import_role_name="${{ inputs.aws_vm_import_role_name }}"
+          vm_import_role_name="${{ secrets.AWS_VM_IMPORT_ROLE_NAME || 'vmimport' }}"
 
           cat <<EOT > containers.json
           {
@@ -361,7 +349,7 @@ jobs:
               --region "${region}"
             )
 
-            kms_key_id="${{ inputs.aws_ami_encryption_kms_key_id }}"
+            kms_key_id="${{ secrets.AWS_AMI_ENCRYPTION_KMS_KEY_ID }}"
             if [ -n "${kms_key_id}" ]; then
               copy_args+=(--encrypted --kms-key-id "${kms_key_id}")
             fi
@@ -514,10 +502,10 @@ jobs:
         uses: actions/checkout@v3
 
       - name: Configure AWS credentials (build role)
-        if: ${{ inputs.aws_build_role_arn != '' }}
+        if: ${{ inputs.use_aws_role }}
         uses: aws-actions/configure-aws-credentials@v5
         with:
-          role-to-assume: ${{ inputs.aws_build_role_arn }}
+          role-to-assume: ${{ secrets.AWS_BUILD_ROLE_ARN }}
           role-session-name: postgres-image-${{ job.name }}
           aws-region: us-west-2
 
@@ -562,15 +550,15 @@ jobs:
           aws --version
 
       - name: Configure AWS credentials (role)
-        if: ${{ !inputs.build_only && inputs.aws_role_arn != '' }}
+        if: ${{ !inputs.build_only && inputs.use_aws_role }}
         uses: aws-actions/configure-aws-credentials@v5
         with:
-          role-to-assume: ${{ inputs.aws_role_arn }}
+          role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
           role-session-name: postgres-image-${{ job.name }}
           aws-region: us-west-2
 
       - name: Configure AWS credentials (access keys)
-        if: ${{ !inputs.build_only && inputs.aws_role_arn == '' }}
+        if: ${{ !inputs.build_only && !inputs.use_aws_role }}
         uses: aws-actions/configure-aws-credentials@v5
         with:
           aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
@@ -600,7 +588,7 @@ jobs:
           image_filename=${{ steps.s3_upload.outputs.image_filename }}
           s3_bucket=${{ steps.s3_upload.outputs.s3_bucket }}
           s3_prefix=${{ steps.set_image_name.outputs.S3_BUCKET_IMAGE_PREFIX }}
-          vm_import_role_name="${{ inputs.aws_vm_import_role_name }}"
+          vm_import_role_name="${{ secrets.AWS_VM_IMPORT_ROLE_NAME || 'vmimport' }}"
 
           cat <<EOT > containers.json
           {
@@ -734,7 +722,7 @@ jobs:
               --region "${region}"
             )
 
-            kms_key_id="${{ inputs.aws_ami_encryption_kms_key_id }}"
+            kms_key_id="${{ secrets.AWS_AMI_ENCRYPTION_KMS_KEY_ID }}"
             if [ -n "${kms_key_id}" ]; then
               copy_args+=(--encrypted --kms-key-id "${kms_key_id}")
             fi
