add GetKeyPolicy action #3

Workflow file for this run

.github/workflows/ci-ops-infra.yml at dadd061

	name: "CI - Update OPS Infrastructure"
	on:
	push:
	branches:
	- master
	- BFD-3384
	workflow_dispatch:
	permissions:
	id-token: write # This is required for requesting the AWS IAM OIDC JWT
	contents: write # This is required for actions/checkout
	defaults:
	run:
	shell: bash
	env:
	DEFAULT_LOG_GROUP: "/bfd/mgmt/gha/ci-ops-infra"
	DEFAULT_LOG_STREAM: "deploy-terraservice_${{ github.run_number }}"

	jobs:
	update-mgmt-infra:
	runs-on: ubuntu-latest
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	with:
	fetch-depth: 0
	ref: ${{ github.ref_name }}

	- name: Configure AWS credentials
	id: config-aws-creds
	uses: aws-actions/configure-aws-credentials@v4
	with:
	role-to-assume: ${{ secrets.GHA_AWS_IAM_ROLE_ARN }}
	role-session-name: ci-deploy-mgmt
	aws-region: us-east-1

	- name: Mask sensitive AWS data
	id: mask-sensitive-aws-data
	run: \|
	caller_id="$(aws sts get-caller-identity)"
	account_num="$(jq -r '.Account' <<<${caller_id})"
	role_arn="$(jq -r '.Arn' <<<${caller_id})"
	user_id="$(jq -r '.UserId' <<<${caller_id})"

	echo "::add-mask::$account_num"
	echo "::add-mask::$role_arn"
	echo "::add-mask::$user_id"

	- name: Deploy mgmt base_config
	id: ci-deploy-mgmt-base-config
	uses: ./.github/actions/deploy-terraservice
	with:
	bfd-env: default
	service-path: ops/terraform/env/mgmt/base_config
	cw-log-group: ${{ env.DEFAULT_LOG_GROUP }}
	cw-log-stream: ${{ env.DEFAULT_LOG_STREAM }}

	- name: Deploy mgmt
	id: ci-deploy-mgmt
	uses: ./.github/actions/deploy-terraservice
	with:
	bfd-env: default
	service-path: ops/terraform/env/mgmt
	cw-log-group: ${{ env.DEFAULT_LOG_GROUP }}
	cw-log-stream: ${{ env.DEFAULT_LOG_STREAM }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

add GetKeyPolicy action #3

Workflow file

add GetKeyPolicy action #3

Jobs

Run details

Workflow file for this run