From 28a4e1a9e30489a4247b1d224429412c0f168f11 Mon Sep 17 00:00:00 2001 From: Matteo Fiandesio Date: Tue, 23 Jan 2024 14:14:55 +0100 Subject: [PATCH 1/9] Update build.yml Adds a step to publish jar to seqera's s3 --- .github/workflows/build.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index cf8b7b7..12a4854 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -92,3 +92,10 @@ jobs: env: JRELEASER_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} JRELEASER_PROJECT_VERSION: ${{ steps.version.outputs.VERSION }} + + - name: Publish STABLE jars + run: ./gradle.sh publish + env: + AWS_ACCESS_KEY_ID: ${{secrets.TOWER_CI_AWS_ACCESS}} + AWS_SECRET_ACCESS_KEY: ${{secrets.TOWER_CI_AWS_SECRET}} + From f87f911b166fd8983095a5757ebb06f6c649afb2 Mon Sep 17 00:00:00 2001 From: Matteo Fiandesio Date: Tue, 23 Jan 2024 14:50:35 +0100 Subject: [PATCH 2/9] Update build.yml Adapting to assume role --- .github/workflows/build.yml | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 12a4854..0678aa4 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -93,9 +93,13 @@ jobs: JRELEASER_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} JRELEASER_PROJECT_VERSION: ${{ steps.version.outputs.VERSION }} + - name: Configure AWS + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-region: eu-west-2 + role-to-assume: arn:aws:iam::128997144437:role/Development + - name: Publish STABLE jars run: ./gradle.sh publish - env: - AWS_ACCESS_KEY_ID: ${{secrets.TOWER_CI_AWS_ACCESS}} - AWS_SECRET_ACCESS_KEY: ${{secrets.TOWER_CI_AWS_SECRET}} + From 3e42af8cfc018494fb1727a49d7e3dc394e574ee Mon Sep 17 00:00:00 2001 From: Matteo Fiandesio Date: Tue, 23 Jan 2024 14:52:21 +0100 Subject: [PATCH 3/9] Update build.gradle Adds session token for assume role credentials --- build.gradle | 2 ++ 1 file changed, 2 insertions(+) diff --git a/build.gradle b/build.gradle index 931832e..58c608e 100644 --- a/build.gradle +++ b/build.gradle @@ -82,6 +82,7 @@ application { ext.aws_access_key_id = project.findProperty('aws_access_key_id') ?: System.getenv('AWS_ACCESS_KEY_ID') ext.aws_secret_access_key = project.findProperty('aws_secret_access_key') ?: System.getenv('AWS_SECRET_ACCESS_KEY') +ext.aws_session_token = project.findProperty('aws_session_token') ?: System.getenv('AWS_SESSION_TOKEN') ext.publishRepoUrl = project.findProperty('publish_repo_url') ?: System.getenv('PUBLISH_REPO_URL') ?: ( version.endsWith('-SNAPSHOT') ? "s3://maven.seqera.io/snapshots" : "s3://maven.seqera.io/releases" ) // Add sources to JARs. @@ -102,6 +103,7 @@ publishing { // keys are defined in the `gradle.properties` file accessKey aws_access_key_id secretKey aws_secret_access_key + sessionToken aws_session_token } } } From 1d376ef3ff6acb2da129c1e82d7497732ad9c5aa Mon Sep 17 00:00:00 2001 From: Matteo Fiandesio Date: Wed, 24 Jan 2024 06:54:12 +0100 Subject: [PATCH 4/9] [release] testing release From 557dbe8cb481c89d04149c52019b1a9267a9b9e3 Mon Sep 17 00:00:00 2001 From: Matteo Fiandesio Date: Wed, 24 Jan 2024 07:09:13 +0100 Subject: [PATCH 5/9] Update build.yml [release] testing release with new workflow --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 0678aa4..022b376 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -63,7 +63,7 @@ jobs: release: name: Release - if: "contains(github.event.head_commit.message, '[release]') && github.event.ref=='refs/heads/master'" + if: "contains(github.event.head_commit.message, '[release]')" needs: [ build ] runs-on: ubuntu-latest steps: From ab474e047a3f47bba5410eeae0d46a282a3e196b Mon Sep 17 00:00:00 2001 From: Matteo Fiandesio Date: Wed, 24 Jan 2024 07:37:13 +0100 Subject: [PATCH 6/9] Adding permissions snippet [release] --- .github/workflows/build.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 022b376..59fe774 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -66,6 +66,9 @@ jobs: if: "contains(github.event.head_commit.message, '[release]')" needs: [ build ] runs-on: ubuntu-latest + permissions: + id-token: write # Required to authenticate to AWS using assume-role + contents: write steps: - name: Checkout repository uses: actions/checkout@v2 From b617c82028d2d8ef9531a9ad2bec98cfe1475190 Mon Sep 17 00:00:00 2001 From: Matteo Fiandesio Date: Wed, 24 Jan 2024 07:47:00 +0100 Subject: [PATCH 7/9] [release] fix typo --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 59fe774..f887df4 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -103,6 +103,6 @@ jobs: role-to-assume: arn:aws:iam::128997144437:role/Development - name: Publish STABLE jars - run: ./gradle.sh publish + run: ./gradlew publish From 9587b2e450a14ece677cbdc7f89f599021aeb3eb Mon Sep 17 00:00:00 2001 From: Matteo Fiandesio Date: Wed, 24 Jan 2024 08:01:49 +0100 Subject: [PATCH 8/9] [release] should not execute release --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index f887df4..3fb19dd 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -63,7 +63,7 @@ jobs: release: name: Release - if: "contains(github.event.head_commit.message, '[release]')" + if: "contains(github.event.head_commit.message, '[release]') && github.event.ref=='refs/heads/master'" needs: [ build ] runs-on: ubuntu-latest permissions: From afa3ddca255dabe1cc91f9cc8df85dd90e7f5da5 Mon Sep 17 00:00:00 2001 From: Matteo Fiandesio Date: Wed, 17 Jul 2024 14:47:55 +0200 Subject: [PATCH 9/9] Update build.gradle Co-authored-by: Paolo Di Tommaso --- build.gradle | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/build.gradle b/build.gradle index 58c608e..8daae89 100644 --- a/build.gradle +++ b/build.gradle @@ -101,9 +101,9 @@ publishing { url = publishRepoUrl credentials(AwsCredentials) { // keys are defined in the `gradle.properties` file - accessKey aws_access_key_id - secretKey aws_secret_access_key - sessionToken aws_session_token + accessKey(aws_access_key_id) + secretKey(aws_secret_access_key) + if(aws_session_token) { sessionToken(aws_session_token) } } } }