diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index cf8b7b7..3fb19dd 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -66,6 +66,9 @@ jobs: if: "contains(github.event.head_commit.message, '[release]') && github.event.ref=='refs/heads/master'" needs: [ build ] runs-on: ubuntu-latest + permissions: + id-token: write # Required to authenticate to AWS using assume-role + contents: write steps: - name: Checkout repository uses: actions/checkout@v2 @@ -92,3 +95,14 @@ jobs: env: JRELEASER_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} JRELEASER_PROJECT_VERSION: ${{ steps.version.outputs.VERSION }} + + - name: Configure AWS + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-region: eu-west-2 + role-to-assume: arn:aws:iam::128997144437:role/Development + + - name: Publish STABLE jars + run: ./gradlew publish + + diff --git a/build.gradle b/build.gradle index 931832e..8daae89 100644 --- a/build.gradle +++ b/build.gradle @@ -82,6 +82,7 @@ application { ext.aws_access_key_id = project.findProperty('aws_access_key_id') ?: System.getenv('AWS_ACCESS_KEY_ID') ext.aws_secret_access_key = project.findProperty('aws_secret_access_key') ?: System.getenv('AWS_SECRET_ACCESS_KEY') +ext.aws_session_token = project.findProperty('aws_session_token') ?: System.getenv('AWS_SESSION_TOKEN') ext.publishRepoUrl = project.findProperty('publish_repo_url') ?: System.getenv('PUBLISH_REPO_URL') ?: ( version.endsWith('-SNAPSHOT') ? "s3://maven.seqera.io/snapshots" : "s3://maven.seqera.io/releases" ) // Add sources to JARs. @@ -100,8 +101,9 @@ publishing { url = publishRepoUrl credentials(AwsCredentials) { // keys are defined in the `gradle.properties` file - accessKey aws_access_key_id - secretKey aws_secret_access_key + accessKey(aws_access_key_id) + secretKey(aws_secret_access_key) + if(aws_session_token) { sessionToken(aws_session_token) } } } }