From 13c7f39905284d5895704023e864e7fdaadb7559 Mon Sep 17 00:00:00 2001 From: Simon Thulbourn Date: Wed, 24 May 2023 09:16:20 +0000 Subject: [PATCH 1/4] fix(docs): use concrete secrets from settings --- .github/workflows/on_push_docs.yml | 3 +++ .github/workflows/publish_v2_layer.yml | 3 +++ .github/workflows/rebuild_latest_docs.yml | 3 +++ .github/workflows/reusable_publish_docs.yml | 7 +++++++ 4 files changed, 16 insertions(+) diff --git a/.github/workflows/on_push_docs.yml b/.github/workflows/on_push_docs.yml index e257f49e808..79f8ddb9c75 100644 --- a/.github/workflows/on_push_docs.yml +++ b/.github/workflows/on_push_docs.yml @@ -23,3 +23,6 @@ jobs: with: version: develop alias: stage + secrets: + AWS_DOCS_ROLE_ARN: ${{ secrets.AWS_DOCS_ROLE_ARN }} + AWS_DOCS_BUCKET: ${{ secrets.AWS_DOCS_BUCKET }} \ No newline at end of file diff --git a/.github/workflows/publish_v2_layer.yml b/.github/workflows/publish_v2_layer.yml index 5447d0a51e5..48457c2e0f1 100644 --- a/.github/workflows/publish_v2_layer.yml +++ b/.github/workflows/publish_v2_layer.yml @@ -229,3 +229,6 @@ jobs: version: ${{ inputs.latest_published_version }} alias: ${{ needs.prepare_docs_alias.outputs.DOCS_ALIAS }} git_ref: ${{ needs.update_v2_layer_arn_docs.outputs.temp_branch }} + secrets: + AWS_DOCS_ROLE_ARN: ${{ secrets.AWS_DOCS_ROLE_ARN }} + AWS_DOCS_BUCKET: ${{ secrets.AWS_DOCS_BUCKET }} diff --git a/.github/workflows/rebuild_latest_docs.yml b/.github/workflows/rebuild_latest_docs.yml index deac728ac25..ce8e39bae8c 100644 --- a/.github/workflows/rebuild_latest_docs.yml +++ b/.github/workflows/rebuild_latest_docs.yml @@ -27,3 +27,6 @@ jobs: with: version: ${{ inputs.latest_published_version }} alias: latest + secrets: + AWS_DOCS_ROLE_ARN: ${{ secrets.AWS_DOCS_ROLE_ARN }} + AWS_DOCS_BUCKET: ${{ secrets.AWS_DOCS_BUCKET }} diff --git a/.github/workflows/reusable_publish_docs.yml b/.github/workflows/reusable_publish_docs.yml index f624d327ee5..bcad81063eb 100644 --- a/.github/workflows/reusable_publish_docs.yml +++ b/.github/workflows/reusable_publish_docs.yml @@ -5,6 +5,13 @@ env: on: workflow_call: + secrets: + AWS_DOCS_ROLE_ARN: + description: Docs IAM Role + required: false + AWS_DOCS_BUCKET: + description: Docs S3 Bucket + required: false inputs: version: description: "Version to build and publish docs (1.28.0, develop)" From 7b43749aa88c47e3a9d015c7cb4b3187253969b6 Mon Sep 17 00:00:00 2001 From: Simon Thulbourn Date: Wed, 24 May 2023 10:29:41 +0000 Subject: [PATCH 2/4] pass environment maybe --- .github/workflows/on_push_docs.yml | 5 ++--- .github/workflows/publish_v2_layer.yml | 5 ++--- .github/workflows/rebuild_latest_docs.yml | 5 ++--- .github/workflows/reusable_publish_docs.yml | 13 +++++-------- 4 files changed, 11 insertions(+), 17 deletions(-) diff --git a/.github/workflows/on_push_docs.yml b/.github/workflows/on_push_docs.yml index 79f8ddb9c75..e1a2ce68c6b 100644 --- a/.github/workflows/on_push_docs.yml +++ b/.github/workflows/on_push_docs.yml @@ -19,10 +19,9 @@ jobs: contents: write pages: write id-token: write + secrets: inherit uses: ./.github/workflows/reusable_publish_docs.yml with: version: develop alias: stage - secrets: - AWS_DOCS_ROLE_ARN: ${{ secrets.AWS_DOCS_ROLE_ARN }} - AWS_DOCS_BUCKET: ${{ secrets.AWS_DOCS_BUCKET }} \ No newline at end of file + environment: "Docs" \ No newline at end of file diff --git a/.github/workflows/publish_v2_layer.yml b/.github/workflows/publish_v2_layer.yml index 48457c2e0f1..73a7cf1f13b 100644 --- a/.github/workflows/publish_v2_layer.yml +++ b/.github/workflows/publish_v2_layer.yml @@ -224,11 +224,10 @@ jobs: pages: write pull-requests: none id-token: write + secrets: inherit uses: ./.github/workflows/reusable_publish_docs.yml with: version: ${{ inputs.latest_published_version }} alias: ${{ needs.prepare_docs_alias.outputs.DOCS_ALIAS }} git_ref: ${{ needs.update_v2_layer_arn_docs.outputs.temp_branch }} - secrets: - AWS_DOCS_ROLE_ARN: ${{ secrets.AWS_DOCS_ROLE_ARN }} - AWS_DOCS_BUCKET: ${{ secrets.AWS_DOCS_BUCKET }} + environment: "Docs" diff --git a/.github/workflows/rebuild_latest_docs.yml b/.github/workflows/rebuild_latest_docs.yml index ce8e39bae8c..7f5dd4a6867 100644 --- a/.github/workflows/rebuild_latest_docs.yml +++ b/.github/workflows/rebuild_latest_docs.yml @@ -23,10 +23,9 @@ jobs: contents: write pages: write id-token: write + secrets: inherit uses: ./.github/workflows/reusable_publish_docs.yml with: version: ${{ inputs.latest_published_version }} alias: latest - secrets: - AWS_DOCS_ROLE_ARN: ${{ secrets.AWS_DOCS_ROLE_ARN }} - AWS_DOCS_BUCKET: ${{ secrets.AWS_DOCS_BUCKET }} + environment: "Docs" diff --git a/.github/workflows/reusable_publish_docs.yml b/.github/workflows/reusable_publish_docs.yml index bcad81063eb..86d574a15de 100644 --- a/.github/workflows/reusable_publish_docs.yml +++ b/.github/workflows/reusable_publish_docs.yml @@ -5,13 +5,6 @@ env: on: workflow_call: - secrets: - AWS_DOCS_ROLE_ARN: - description: Docs IAM Role - required: false - AWS_DOCS_BUCKET: - description: Docs S3 Bucket - required: false inputs: version: description: "Version to build and publish docs (1.28.0, develop)" @@ -31,6 +24,10 @@ on: required: false type: string default: develop + environment: + description: "GitHub Environment to use for encrypted secrets" + required: true + type: string permissions: id-token: write @@ -44,7 +41,7 @@ jobs: concurrency: group: on-docs-rebuild runs-on: ubuntu-latest - environment: Docs + environment: ${{ inputs.environment }} steps: - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 with: From 5ea9672522a3356d4ed1b07cfe41e97e11c8f1de Mon Sep 17 00:00:00 2001 From: Simon Thulbourn Date: Wed, 24 May 2023 10:30:42 +0000 Subject: [PATCH 3/4] remove input --- .github/workflows/on_push_docs.yml | 3 +-- .github/workflows/publish_v2_layer.yml | 1 - .github/workflows/rebuild_latest_docs.yml | 1 - .github/workflows/reusable_publish_docs.yml | 4 ---- 4 files changed, 1 insertion(+), 8 deletions(-) diff --git a/.github/workflows/on_push_docs.yml b/.github/workflows/on_push_docs.yml index e1a2ce68c6b..b6051f8fa94 100644 --- a/.github/workflows/on_push_docs.yml +++ b/.github/workflows/on_push_docs.yml @@ -23,5 +23,4 @@ jobs: uses: ./.github/workflows/reusable_publish_docs.yml with: version: develop - alias: stage - environment: "Docs" \ No newline at end of file + alias: stage \ No newline at end of file diff --git a/.github/workflows/publish_v2_layer.yml b/.github/workflows/publish_v2_layer.yml index 73a7cf1f13b..0046a6bb84d 100644 --- a/.github/workflows/publish_v2_layer.yml +++ b/.github/workflows/publish_v2_layer.yml @@ -230,4 +230,3 @@ jobs: version: ${{ inputs.latest_published_version }} alias: ${{ needs.prepare_docs_alias.outputs.DOCS_ALIAS }} git_ref: ${{ needs.update_v2_layer_arn_docs.outputs.temp_branch }} - environment: "Docs" diff --git a/.github/workflows/rebuild_latest_docs.yml b/.github/workflows/rebuild_latest_docs.yml index 7f5dd4a6867..fc65bd71673 100644 --- a/.github/workflows/rebuild_latest_docs.yml +++ b/.github/workflows/rebuild_latest_docs.yml @@ -28,4 +28,3 @@ jobs: with: version: ${{ inputs.latest_published_version }} alias: latest - environment: "Docs" diff --git a/.github/workflows/reusable_publish_docs.yml b/.github/workflows/reusable_publish_docs.yml index 86d574a15de..4ff711432ce 100644 --- a/.github/workflows/reusable_publish_docs.yml +++ b/.github/workflows/reusable_publish_docs.yml @@ -24,10 +24,6 @@ on: required: false type: string default: develop - environment: - description: "GitHub Environment to use for encrypted secrets" - required: true - type: string permissions: id-token: write From f52b30410401948d70abc0b34f925ead8d8d4ff2 Mon Sep 17 00:00:00 2001 From: Simon Thulbourn Date: Wed, 24 May 2023 13:30:31 +0200 Subject: [PATCH 4/4] add actual env name Signed-off-by: Simon Thulbourn --- .github/workflows/reusable_publish_docs.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/reusable_publish_docs.yml b/.github/workflows/reusable_publish_docs.yml index 4ff711432ce..1ebe58ebf31 100644 --- a/.github/workflows/reusable_publish_docs.yml +++ b/.github/workflows/reusable_publish_docs.yml @@ -37,7 +37,7 @@ jobs: concurrency: group: on-docs-rebuild runs-on: ubuntu-latest - environment: ${{ inputs.environment }} + environment: "Docs" steps: - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 with: