Skip to content

Commit 3ce5c0a

Browse files
eahefnawyeahefnawy
authored
Merge pull request #20 from serverless/setup-github-oidc
chore(github): setup Github oidc
2 parents d5b0f1b + a63b141 commit 3ce5c0a

File tree

3 files changed

+33
-9
lines changed

3 files changed

+33
-9
lines changed

.github/workflows/main.yml

Lines changed: 11 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,11 @@ on:
55
branches:
66
- main
77

8+
permissions:
9+
id-token: write
10+
contents: write
11+
pull-requests: write
12+
813
jobs:
914
deploy:
1015
name: deploy-prod
@@ -24,11 +29,14 @@ jobs:
2429
cmd: |
2530
yq -i '.stages.prod.params.customDomainName = "${{ vars.CUSTOM_DOMAIN_NAME }}"' serverless-compose.yml
2631
yq -i '.stages.prod.params.customDomainCertificateARN = "${{ vars.CUSTOM_DOMAIN_CERTIFICATE_ARN }}"' serverless-compose.yml
27-
- name: Serverless Deploy
32+
- name: Configure AWS Credentials - Serverless Marketing AWS Account
33+
uses: aws-actions/configure-aws-credentials@v4
34+
with:
35+
role-to-assume: arn:aws:iam::488110005556:role/GithubActionsDeploymentRole
36+
aws-region: us-east-1
37+
- name: Serverless Deploy - Prod
2838
uses: serverless/github-action@v4
2939
with:
3040
args: deploy --stage prod
3141
env:
3242
SERVERLESS_LICENSE_KEY: ${{ secrets.SERVERLESS_LICENSE_KEY }}
33-
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
34-
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

.github/workflows/pr-deploy.yml

Lines changed: 11 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,11 @@ on:
55
branches:
66
- main
77

8+
permissions:
9+
id-token: write
10+
contents: write
11+
pull-requests: write
12+
813
jobs:
914
remove:
1015
name: deploy-pr-preview
@@ -18,11 +23,14 @@ jobs:
1823
cache: "npm"
1924
- name: Install dependencies
2025
run: npm ci
21-
- name: serverless deploy
26+
- name: Configure AWS Credentials - Serverless Marketing AWS Account
27+
uses: aws-actions/configure-aws-credentials@v4
28+
with:
29+
role-to-assume: arn:aws:iam::488110005556:role/GithubActionsDeploymentRole
30+
aws-region: us-east-1
31+
- name: Serverless Deploy - PR Preview
2232
uses: serverless/github-action@v4
2333
with:
2434
args: deploy --stage pr-${{ github.event.pull_request.number }}
2535
env:
2636
SERVERLESS_LICENSE_KEY: ${{ secrets.SERVERLESS_LICENSE_KEY }}
27-
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
28-
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

.github/workflows/pr-remove.yml

Lines changed: 11 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,11 @@ on:
55
types:
66
- closed
77

8+
permissions:
9+
id-token: write
10+
contents: write
11+
pull-requests: write
12+
813
jobs:
914
remove:
1015
name: remove-pr-preview
@@ -18,11 +23,14 @@ jobs:
1823
cache: "npm"
1924
- name: Install dependencies
2025
run: npm ci
21-
- name: serverless remove
26+
- name: Configure AWS Credentials - Serverless Marketing AWS Account
27+
uses: aws-actions/configure-aws-credentials@v4
28+
with:
29+
role-to-assume: arn:aws:iam::488110005556:role/GithubActionsDeploymentRole
30+
aws-region: us-east-1
31+
- name: Serverless Remove - PR Preview
2232
uses: serverless/github-action@v4
2333
with:
2434
args: remove --stage pr-${{ github.event.pull_request.number }}
2535
env:
2636
SERVERLESS_LICENSE_KEY: ${{ secrets.SERVERLESS_LICENSE_KEY }}
27-
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
28-
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

0 commit comments

Comments
 (0)