Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add code sync up workflow #10

Merged
merged 1 commit into from
Mar 31, 2023
Merged

Add code sync up workflow #10

merged 1 commit into from
Mar 31, 2023

Conversation

liubnu
Copy link
Contributor

@liubnu liubnu commented Mar 31, 2023

Summary

Add automatic code sync to CodeCommit repository.

Implementation details

Add two GitHub actions to sync up code to beta and prod CodeCommit repositories.

  1. Use aws-actions/configure-aws-credentials@v2 to generate a short lived token.
  2. Use the latest version of github-to-aws-codecommit-sync to sync up code.
  3. Couldn't put them in a single action because unable to unset envs after fetching credentials for an account. Allow to unset env variables actions/runner#1126

Testing

Tested in my personal account.

New tests cover the changes: no

Description for the changelog

Add code sync up workflow

Licensing

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

karanvasnani
karanvasnani reviewed Mar 31, 2023
View reviewed changes
.github/workflows/beta_codesync.yml
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v2
with:
role-to-assume: arn:aws:iam::377429403256:role/github-codesync-role
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't see this role created for the account. What permissions are attached to it and how are we limiting access only to this github action?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nvm found it.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This role is created by an internal code commit. You can find it under our code repo. And it has limited to only github can assume it and push code to GitHubServiceConnectAgent.

@liubnu liubnu merged commit 2b6d614 into aws:main Mar 31, 2023
shenjianan97
shenjianan97 approved these changes Mar 31, 2023
View reviewed changes
Copy link

@shenjianan97 shenjianan97 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

ytsssun
ytsssun reviewed Mar 31, 2023
View reviewed changes
.github/workflows/prod_codesync.yml
role-session-name: prodrolesession
aws-region: us-west-2
- name: Sync up to CodeCommit
uses: tsgit18/sync-up-to-codecommit-action@v1.0.6
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we need to watch out for updates of this action?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good point. Currently it's enough for us. If there is a significant change for it, then we can update to a new version. I think we won't need to update it very often.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ytsssun ytsssun ytsssun left review comments

@XinyiZhangAws XinyiZhangAws XinyiZhangAws approved these changes

@shenjianan97 shenjianan97 shenjianan97 approved these changes

@suniltheta suniltheta suniltheta approved these changes

@karanvasnani karanvasnani karanvasnani approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@liubnu @karanvasnani @suniltheta @shenjianan97 @XinyiZhangAws @ytsssun