Merge pull request #2533 from vamshi-stepsecurity/bug-replaceable-act… #116

Summary
Jobs
- publish-test
Run details
- Usage
- Workflow file

Workflow file for this run

	name: Cfnrelease-int

	on:
	push:
	branches:
	- int

	permissions: # added using https://github.com/step-security/secure-repo
	contents: read

	jobs:
	publish-test:
	permissions:
	contents: read
	id-token: write
	runs-on: ubuntu-latest
	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0
	with:
	egress-policy: audit
	- name: Checkout
	uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
	with:
	fetch-depth: 0
	- name: Set up Go
	uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5
	with:
	go-version: 1.17

	- run: go test ./... -coverpkg=./...
	env:
	PAT: ${{ secrets.PAT }}

	- uses: step-security/wait-for-secrets@084b3ae774c0e0003a9307ae4f487c10f1f998fe
	id: wait-for-secrets
	with:
	slack-webhook-url: ${{ secrets.SLACK_WEBHOOK_URL }}
	secrets: \|
	AWS_ACCESS_KEY_ID_INT:
	name: 'AWS access key id'
	description: 'Access key id for secure-repo int'
	AWS_SECRET_ACCESS_KEY_INT:
	name: 'AWS secret access key'
	description: 'Secret access key for secure-repo int'
	AWS_SESSION_TOKEN_INT:
	name: 'AWS session token'
	description: 'Session token for secure-repo int'

	- name: Configure AWS Credentials
	uses: aws-actions/configure-aws-credentials@b47578312673ae6fa5b5096b330d9fbac3d116df
	with:
	aws-access-key-id: ${{ steps.wait-for-secrets.outputs.AWS_ACCESS_KEY_ID_INT }}
	aws-secret-access-key: ${{ steps.wait-for-secrets.outputs.AWS_SECRET_ACCESS_KEY_INT }}
	aws-session-token: ${{ steps.wait-for-secrets.outputs.AWS_SESSION_TOKEN_INT }}
	aws-region: us-west-2

	- name: Deploy to AWS CloudFormation
	uses: aws-actions/aws-cloudformation-github-deploy@33527b83bddcf6b3f0b135d9550bde8475325c73
	with:
	name: secure-workflow-api-ecr
	template: cloudformation/ecr.yml
	parameter-overrides: "ResourceName=secure-workflow-api"
	no-fail-on-empty-changeset: "1"

	- name: Login to Amazon ECR
	id: login-ecr
	uses: aws-actions/amazon-ecr-login@062b18b96a7aff071d4dc91bc00c4c1a7945b076

	- name: Build, tag, and push image to Amazon ECR
	env:
	ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
	ECR_REPOSITORY: secure-workflow-api
	IMAGE_TAG: ${{ github.sha }}
	run: \|
	docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
	docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG

	- name: Deploy to AWS CloudFormation
	uses: aws-actions/aws-cloudformation-github-deploy@33527b83bddcf6b3f0b135d9550bde8475325c73
	with:
	name: secure-workflow-api
	template: cloudformation/resources.yml
	parameter-overrides: >-
	ResourceName=secure-workflow-api,
	ImageTag=${{ github.sha }},
	PAT=${{ secrets.PAT }}
	no-fail-on-empty-changeset: "1"

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Merge pull request #2533 from vamshi-stepsecurity/bug-replaceable-act… #116

Workflow file

Merge pull request #2533 from vamshi-stepsecurity/bug-replaceable-act… #116

Uh oh!

Jobs

Run details

Workflow file for this run