Push test #12
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: AWS Auth + Welcome Email | |
on: | |
push: | |
branches: | |
- 'test_userpool_creation' | |
paths: | |
'**.json' | |
env: | |
AWS_ACCT_ID: ${{ secrets.AWS_ACCT_ID }} | |
AWS_REGION : 'us-west-2' | |
IAM_ROLE: ${{ secrets.ROLE_NAME }} | |
permissions: | |
id-token: write | |
contents: read | |
jobs: | |
changed_files: | |
runs-on: ubuntu-latest # windows-latest || macos-latest | |
name: Test changed-files | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 # OR "2" -> To retrieve the preceding commit. | |
- name: Get changed files | |
id: changed-files | |
uses: tj-actions/changed-files@v40 | |
# NOTE: `since_last_remote_commit: true` is implied by default and falls back to the previous local commit. | |
- name: List all changed files | |
run: | | |
for file in ${{ steps.changed-files.outputs.all_changed_files }}; do | |
if [[ "$file" == *nrel-op.json ]]; then | |
echo "The name of the config file is: ${file}." | |
export CONFIG_FILE=${file} | |
fi | |
done | |
AssumeRoleAndCallIdentity: | |
name: AWS Authentication + Sending Welcome Email | |
runs-on: ubuntu-latest | |
steps: | |
- name: Git clone the repository | |
uses: actions/checkout@v3 | |
- name: configure aws credentials | |
uses: aws-actions/[email protected] | |
with: | |
role-to-assume: arn:aws:iam::${{ env.AWS_ACCT_ID }}:role/${{ env.IAM_ROLE }} | |
role-session-name: GitHub_to_AWS_via_FederatedOIDC | |
aws-region: ${{ env.AWS_REGION }} | |
# Hello from AWS: WhoAmI | |
- name: Sts GetCallerIdentity | |
run: | | |
aws sts get-caller-identity --debug | |
# build: | |
# name: Run email-config.py | |
# needs: AssumeRoleAndCallIdentity | |
# runs-on: ubuntu-latest | |
# env: | |
# AWS_ACCT_ID: ${( secrets.AWS_ACCT_ID }} | |
# AWS_ROLE_ARN: arn:aws:iam::${{ secrets.AWS_ACCT_ID }}:role/${{ secrets.ROLE_NAME }} | |
# AWS_WEB_IDENTITY_TOKEN_SERVER: GitHub | |
# steps: | |
# - name: Checkout | |
# uses: actions/checkout@v2 | |
# - id: files | |
# uses: jitterbit/get-changed-files@v1 | |
# with: | |
# format: 'space-delimited' | |
# - run: | | |
# for changed_file in ${{ steps.files.outputs.all }}; do | |
# echo "The name of the new config file is: ${changed_file}." | |
# done | |
- name: Install Boto3 | |
run: pip install boto3 | |
- name: Run email-config.py | |
run: python email_automation/email-config.py -g configs/CONFIG_FILE |