Debugging oidc - permissions scope? #6
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and Deploy Backend and Frontend | |
| on: | |
| push: | |
| branches: | |
| - main | |
| permissions: | |
| id-token: write | |
| contents: read | |
| jobs: | |
| oidc-debugger: | |
| name: OIDC Debugger | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout actions-oidc-debugger | |
| uses: actions/checkout@v3 | |
| with: | |
| repository: github/actions-oidc-debugger | |
| ref: main | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| path: ./.github/actions/actions-oidc-debugger | |
| - name: Debug OIDC Claims | |
| uses: ./.github/actions/actions-oidc-debugger | |
| with: | |
| audience: 'https://github.com/github' | |
| build-backend: | |
| name: Build backend and push to ECR | |
| runs-on: ubuntu-latest | |
| environment: build-backend | |
| steps: | |
| - name: Checkout repo | |
| uses: actions/checkout@v4 | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| audience: sts.amazonaws.com | |
| aws-region: ${{ vars.AWS_REGION }} | |
| role-to-assume: ${{ vars.AWS_ROLE }} | |
| - name: Log in to Amazon ECR | |
| id: login-ecr | |
| uses: aws-actions/amazon-ecr-login@v2 | |
| - name: Build, tag, and push backend Docker image | |
| env: | |
| ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
| ECR_REPOSITORY: calendar-app-backend | |
| IMAGE_TAG: ${{ github.sha }} | |
| run: | | |
| docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG . | |
| docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG | |
| build-frontend: | |
| name: Build frontend and push to ECR | |
| runs-on: ubuntu-latest | |
| environment: build-frontend | |
| steps: | |
| - name: Checkout repo | |
| uses: actions/checkout@v4 | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| audience: sts.amazonaws.com | |
| aws-region: ${{ vars.AWS_REGION }} | |
| role-to-assume: ${{ vars.AWS_ROLE }} | |
| - name: Log in to Amazon ECR | |
| id: login-ecr | |
| uses: aws-actions/amazon-ecr-login@v2 | |
| - name: Build, tag, and push backend Docker image | |
| env: | |
| ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
| ECR_REPOSITORY: calendar-app-frontend | |
| IMAGE_TAG: ${{ github.sha }} | |
| run: | | |
| docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG . | |
| docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG | |
| # deploy: | |
| # needs: [build-backend, build-frontend] | |
| # runs-on: ubuntu-latest | |
| # steps: | |
| # - name: Checkout code | |
| # uses: actions/checkout@v2 | |
| # | |
| # - name: Update ECS task definition | |
| # id: task-def | |
| # env: | |
| # BACKEND_IMAGE: ${{ steps.login-ecr.outputs.registry }}/your-backend-repo:${{ github.sha }} | |
| # FRONTEND_IMAGE: ${{ steps.login-ecr.outputs.registry }}/your-frontend-repo:${{ github.sha }} | |
| # run: | | |
| # sed -i "s|PLACEHOLDER_BACKEND_IMAGE|$BACKEND_IMAGE|g" ecs-task-def.json | |
| # sed -i "s|PLACEHOLDER_FRONTEND_IMAGE|$FRONTEND_IMAGE|g" ecs-task-def.json | |
| # aws ecs register-task-definition --cli-input-json file://ecs-task-def.json | |
| # | |
| # - name: Get new task definition revision | |
| # id: new-task-def | |
| # run: | | |
| # NEW_TASK_DEF=$(aws ecs describe-task-definition --task-definition your-task-family) | |
| # echo "::set-output name=task-def-arn::$(echo $NEW_TASK_DEF | jq -r '.taskDefinition.taskDefinitionArn')" | |
| # | |
| # - name: Update ECS service to use new task definition | |
| # run: | | |
| # aws ecs update-service --cluster your-cluster --service your-backend-service --task-definition ${{ steps.new-task-def.outputs.task-def-arn }} | |
| # aws ecs update-service --cluster your-cluster --service your-frontend-service --task-definition ${{ steps.new-task-def.outputs.task-def-arn }} |