Adds missing authorization header #14
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Update lambdas for AWS integrations | |
# Controls when the workflow will run | |
on: | |
push: | |
branches: [ main ] | |
# the job will be triggered only on change in given folder on main branch | |
paths: | |
- coiote-aws-iot-cloud-formation/** | |
# Allows you to run this workflow manually from the Actions tab | |
workflow_dispatch: | |
permissions: | |
id-token: write | |
contents: read # This is required for actions/checkout@v2 | |
jobs: | |
# This workflow contains a single job called "build" | |
update-aws-lambdas: | |
# The type of runner that the job will run on | |
runs-on: ubuntu-20.04 | |
defaults: | |
run: | |
working-directory: ./coiote-aws-iot-cloud-formation | |
# Steps represent a sequence of tasks that will be executed as part of the job | |
steps: | |
# Checks-out repository under $GITHUB_WORKSPACE, so your job can access it | |
- uses: actions/checkout@v2 | |
- uses: actions/setup-python@v2 | |
with: | |
python-version: '3.8' | |
- name: Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@v1 | |
with: | |
role-to-assume: arn:aws:iam::039321617281:role/github-avsystem | |
aws-region: eu-central-1 | |
- name: Install lambdas requirements | |
run: find . -name requirements.txt -print0 | xargs -0 -n1 dirname | xargs -I '{}' pip install -r {}/requirements.txt --platform manylinux2014_x86_64 --only-binary=':all:' --target {} | |
- name: Package and upload lambdas | |
run: | | |
for REGION in \ | |
eu-central-1 \ | |
eu-north-1 \ | |
eu-west-1 \ | |
eu-west-2 \ | |
eu-west-3 \ | |
us-east-1 \ | |
us-east-2 \ | |
us-west-1 \ | |
us-west-2 | |
do | |
BUCKET_NAME=coiote-aws-int-$REGION | |
echo Processing bucket $BUCKET_NAME | |
echo ' Cleaning the bucket before upload' | |
aws s3 rm s3://$BUCKET_NAME --recursive | |
echo ' Building and uploading lambdas' | |
aws cloudformation package --template-file cloudFormation.json --s3-bucket $BUCKET_NAME --output-template-file coiote-aws-integration-cf-template.json --use-json | |
echo ' Uploading template to S3' | |
aws s3 cp coiote-aws-integration-cf-template.json s3://$BUCKET_NAME/coiote-aws-integration-cf-template.json | |
echo ' Removing local copy of the template' | |
rm coiote-aws-integration-cf-template.json | |
echo ' Allowing authenticated AWS accounts to read uploaded objects' | |
aws s3 ls $BUCKET_NAME | awk '{print $4}' | xargs -I {} aws s3api put-object-acl --acl authenticated-read --bucket $BUCKET_NAME --key {} | |
done |