Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DEVOPS-12289: Move OIDC config to the open-turo #16

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

DEVOPS-12289: Move OIDC config to the open-turo #16

wants to merge 1 commit into from

Conversation

kennedy-whytech
Copy link

@kennedy-whytech kennedy-whytech commented Dec 13, 2024
edited
Loading

Description

Move OIDC config to open-turo

Part of the OIDC configuration has been moved to open-turo. This change enable developers to use the OIDC configuration in multiple actions without duplicating the configuration.

Centralizing setup logic in the reusable workflow is convenient and ensures consistency. It’s a trade-off between encapsulation (all logic in the reusable workflow) and optimization (doing setup only once from the consumer workflow).

The workflow has been tested in https://github.com/turo/platform-scratch-infrastructure/pull/176

Fixes #DEVOPS-12289

Changes

  • feat(gha): move OIDC config to the reusable workflow

🚀 PR created with fotingo

@kennedy-whytech kennedy-whytech force-pushed the f/devops-12289_refactor_actions-s3-artifact_in_open-turo_to_include_additional_logics_d branch from a4b5723 to d7d130f Compare December 13, 2024 16:02
@kennedy-whytech kennedy-whytech changed the title DEVOPS-12289: Refactor actions-s3-artifact in open-turo to include additional logics defined in work DEVOPS-12289: Move OIDC config to the reusable workflow Dec 13, 2024
@kennedy-whytech kennedy-whytech force-pushed the f/devops-12289_refactor_actions-s3-artifact_in_open-turo_to_include_additional_logics_d branch from d7d130f to a3c6170 Compare December 13, 2024 16:19
@kennedy-whytech kennedy-whytech marked this pull request as draft December 13, 2024 16:37
@kennedy-whytech kennedy-whytech force-pushed the f/devops-12289_refactor_actions-s3-artifact_in_open-turo_to_include_additional_logics_d branch from a3c6170 to c43be76 Compare December 13, 2024 19:24
@kennedy-whytech
feat(gha): move OIDC config to the reusable workflow
edefcec 
BREAKING CHANGE: remove aws cli installation and credential configuration from consumer workflow
@kennedy-whytech kennedy-whytech force-pushed the f/devops-12289_refactor_actions-s3-artifact_in_open-turo_to_include_additional_logics_d branch from c43be76 to edefcec Compare December 13, 2024 19:33
@github-actions GitHub Actions
Copy link

github-actions bot commented Dec 13, 2024
edited
Loading

Release notes preview

Below is a preview of the release notes if your PR gets merged.

2.0.0 (2024-12-13)

⚠ BREAKING CHANGES

  • gha: remove aws cli installation and credential configuration from consumer workflow

Features

  • gha: move OIDC config to the reusable workflow (edefcec)

Continuous Integration

  • use renovate, update CI and precommit and automate docs (83c63a1)

Breaking changes file docs/breaking-changes/v2.md

Breaking changes in v2

Move OIDC config to the reusable workflow

Description of changes

The OIDC configuration has been moved to the reusable workflow. This change enable developers to use the OIDC configuration in multiple actions without duplicating the configuration.

Upgrade instructions

Update from:

permissions:
  id-token: write # This is required for requesting the JWT for OIDC
  contents: read

  ...
  - name: Install aws cli
    run: |
        pip install awscli==1.33.21
        aws --version

  - name: Configure AWS credentials
    uses: aws-actions/configure-aws-credentials@v4
    with:
        role-skip-session-tagging: true
        role-to-assume: ROLE-TO-ASSUME-WITH-OIDC
        aws-region: us-east-1

  - name: Upload to S3 bucket
    uses: open-turo/actions-s3-artifact/upload@v1
    id: aws-s3-upload
    with:
      compress: false
      path: PATH-TO-UPLOAD
      s3uri: S3-URI
      aws-region: us-east-1

to the following:

permissions:
  id-token: write # This is required for requesting the JWT for OIDC
  contents: read

  ...

  - name: Upload to S3 bucket
    uses: open-turo/actions-s3-artifact/upload@v2
    id: aws-s3-upload
    with:
      compress: false
      path: PATH-TO-UPLOAD
      s3uri: S3-URI
      aws-region: us-east-1
      role-to-assume-with-oidc: ${{ ROLE-TO-ASSUME-WITH-OIDC }} # the role can be defined in the GHA Repository secrets or inline

@kennedy-whytech kennedy-whytech changed the title DEVOPS-12289: Move OIDC config to the reusable workflow DEVOPS-12289: Move OIDC config to the open-turo Dec 13, 2024
@kennedy-whytech kennedy-whytech marked this pull request as ready for review December 13, 2024 19:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tagoro9 tagoro9 Awaiting requested review from tagoro9

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@kennedy-whytech