From ca6d03b92ee4e0a375daf51e1134c62a471e74ec Mon Sep 17 00:00:00 2001 From: Jover Date: Thu, 24 Aug 2023 15:19:22 -0700 Subject: [PATCH] Update builds to use `--env` options Better to be explicit about which envvars are being passed to runtimes rather than rely on the automatic variables passed through. The upload workflow requires the rethinkdb secrets to access Fauna and the AWS secrets to upload files to S3. The public and private builds just need the AWS secrets to launch jobs on AWS Batch and to download files from S3. These are all GitHub Action secrets that are being inherited by the reusable workflow and available as envvars in the GitHub Action job. --- .github/workflows/run-private-nextflu-builds.yaml | 2 ++ .github/workflows/run-public-builds.yaml | 2 ++ .github/workflows/upload.yaml | 4 ++++ 3 files changed, 8 insertions(+) diff --git a/.github/workflows/run-private-nextflu-builds.yaml b/.github/workflows/run-private-nextflu-builds.yaml index c8b14cf8..fa271e58 100644 --- a/.github/workflows/run-private-nextflu-builds.yaml +++ b/.github/workflows/run-private-nextflu-builds.yaml @@ -23,6 +23,8 @@ jobs: --detach \ --cpus 36 \ --memory 72gib \ + --env AWS_ACCESS_KEY_ID \ + --env AWS_SECRET_ACCESS_KEY \ . \ all_who \ -p \ diff --git a/.github/workflows/run-public-builds.yaml b/.github/workflows/run-public-builds.yaml index e1009432..7c2437b5 100644 --- a/.github/workflows/run-public-builds.yaml +++ b/.github/workflows/run-public-builds.yaml @@ -23,6 +23,8 @@ jobs: --detach \ --cpus 36 \ --memory 72gib \ + --env AWS_ACCESS_KEY_ID \ + --env AWS_SECRET_ACCESS_KEY \ . \ deploy_all \ -p \ diff --git a/.github/workflows/upload.yaml b/.github/workflows/upload.yaml index 0448fbd6..5bb34d09 100644 --- a/.github/workflows/upload.yaml +++ b/.github/workflows/upload.yaml @@ -31,6 +31,10 @@ jobs: runtime: docker run: | nextstrain build \ + --env AWS_ACCESS_KEY_ID \ + --env AWS_SECRET_ACCESS_KEY \ + --env RETHINK_AUTH_KEY \ + --env RETHINK_HOST \ . \ -j 4 \ upload_all_titers \