chore: Update GitHub Actions deploy workflows for AWS credentials

This commit updates the GitHub Actions workflows to pass input values to the `ServerlessOpsIO/gha-assume-aws-credentials` action. This change is necessary to supply our own AWS credentials for the workflows.
ServerlessOpsIO · Sep 3, 2024 · 208df07 · 208df07
1 parent 9181618
commit 208df07
Showing 1 changed file with 22 additions and 84 deletions.
diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml
@@ -90,52 +90,21 @@ jobs:
       contents: read
 
     steps:
-      - name: Set extra GitHub environment variables
-        id: github-env-vars
-        uses: rlespinasse/github-slug-action@v4
-
-      - name: Download artifact
-        id: download-artifact
-        uses: actions/download-artifact@v4
-        with:
-          name: ${{ env.GITHUB_REPOSITORY_SLUG }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ github.run_number }}-${{ github.sha }}
-
-      - name: Setup Python
-        id: install-python
-        uses: actions/setup-python@v3
-        with:
-          python-version: 3.12
-          cache: pipenv
-
-      - name: Install pipenv
-        id: install-pipenv
-        shell: bash
-        run: python -m pip install --upgrade pipenv
-
-
-      - name: Install dependencies
-        id: install-python-deps
-        shell: bash
-        run: pipenv install --dev
+      - name: Setup job workspace
+        uses: ServerlessOpsIO/gha-setup-workspace@v1
 
-      - name: Assume build account AWS credentials
-        id: build-account-credentials
-        uses: aws-actions/configure-aws-credentials@v4
+      - name: Setup Python enviornment
+        uses: ServerlessOpsIO/gha-setup-python@v1
         with:
-          role-to-assume: arn:aws:iam::346402060170:role/GitHubActionsBuildRole
-          role-session-name: ${{ env.GITHUB_REPOSITORY_NAME_PART_SLUG_URL }}-${{ github.run_number }}-${{ github.job }}
-          role-duration-seconds: 3600   # 60 minutes; needs to be less than our current max duration
-          aws-region: us-east-1
+          python_version: 3.12
 
-      - name: Assume deploy account AWS credentials
-        id: deploy-account-credentials
-        uses: aws-actions/configure-aws-credentials@v4
+      - name: Assume AWS Credentials
+        uses: ServerlessOpsIO/gha-assume-aws-credentials@v1
         with:
-          role-to-assume: arn:aws:iam::349603509961:role/GitHubActionsCfnDeployRole
-          role-session-name: ${{ env.GITHUB_REPOSITORY_NAME_PART_SLUG_URL }}-${{ github.run_number }}-${{ github.job }}
-          role-duration-seconds: 3600   # 60 minutes; needs to be less than our current max duration
-          aws-region: us-east-1
-          role-chaining: true
+          build_aws_account_id: ${{ secrets.AWS_CICD_ACCOUNT_ID }}
+          gha_build_role_name: ${{ secrets.AWS_CICD_BUILD_ROLE_NAME }}
+          deploy_aws_account_id: ${{ secrets.AWS_MANAGEMENT_ACCOUNT_ID }}
+          gha_deploy_role_name: ${{ secrets.AWS_CICD_DEPLOY_ROLE_NAME }}
 
       - name: Install AWS SAM
         uses: aws-actions/setup-sam@v2
@@ -204,52 +173,21 @@ jobs:
       contents: read
 
     steps:
-      - name: Set extra GitHub environment variables
-        id: github-env-vars
-        uses: rlespinasse/github-slug-action@v4
-
-      - name: Download artifact
-        id: download-artifact
-        uses: actions/download-artifact@v4
-        with:
-          name: ${{ env.GITHUB_REPOSITORY_SLUG }}-${{ env.GITHUB_REF_SLUG_URL }}-${{ github.run_number }}-${{ github.sha }}
-
-      - name: Setup Python
-        id: install-python
-        uses: actions/setup-python@v3
-        with:
-          python-version: 3.12
-          cache: pipenv
-
-      - name: Install pipenv
-        id: install-pipenv
-        shell: bash
-        run: python -m pip install --upgrade pipenv
-
-
-      - name: Install dependencies
-        id: install-python-deps
-        shell: bash
-        run: pipenv install --dev
+      - name: Setup job workspace
+        uses: ServerlessOpsIO/gha-setup-workspace@v1
 
-      - name: Assume build account AWS credentials
-        id: build-account-credentials
-        uses: aws-actions/configure-aws-credentials@v4
+      - name: Setup Python enviornment
+        uses: ServerlessOpsIO/gha-setup-python@v1
         with:
-          role-to-assume: arn:aws:iam::346402060170:role/GitHubActionsBuildRole
-          role-session-name: ${{ env.GITHUB_REPOSITORY_NAME_PART_SLUG_URL }}-${{ github.run_number }}-${{ github.job }}
-          role-duration-seconds: 3600   # 60 minutes; needs to be less than our current max duration
-          aws-region: us-east-1
+          python_version: 3.12
 
-      - name: Assume deploy account AWS credentials
-        id: deploy-account-credentials
-        uses: aws-actions/configure-aws-credentials@v4
+      - name: Assume AWS Credentials
+        uses: ServerlessOpsIO/gha-assume-aws-credentials@v1
         with:
-          role-to-assume: arn:aws:iam::774305573766:role/GitHubActionsCfnDeployRole
-          role-session-name: ${{ env.GITHUB_REPOSITORY_NAME_PART_SLUG_URL }}-${{ github.run_number }}-${{ github.job }}
-          role-duration-seconds: 3600   # 60 minutes; needs to be less than our current max duration
-          aws-region: us-east-1
-          role-chaining: true
+          build_aws_account_id: ${{ secrets.AWS_CICD_ACCOUNT_ID }}
+          gha_build_role_name: ${{ secrets.AWS_CICD_BUILD_ROLE_NAME }}
+          deploy_aws_account_id: ${{ secrets.AWS_STACKSETS_ACCOUNT_ID }}
+          gha_deploy_role_name: ${{ secrets.AWS_CICD_DEPLOY_ROLE_NAME }}
 
       - name: Install AWS SAM
         uses: aws-actions/setup-sam@v2