This repository has been archived by the owner on Oct 9, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 4
109 lines (98 loc) · 3.25 KB
/
aws-iam-roles.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
name: "aws-iam-roles"
on:
workflow_call:
inputs:
cluster-name:
description: "Name of the EKS cluster."
type: string
required: true
region:
description: "The AWS region where the EKS cluster will be created"
required: true
type: string
action:
required: true
type: string
description: "Create (new) or delete (existing)"
secrets:
AWS_ACCESS_KEY_ID:
required: true
AWS_SECRET_ACCESS_KEY:
required: true
AWS_SESSION_TOKEN:
required: false
CSP_API_TOKEN:
required: true
jobs:
encode-create-tap-iam-roles-script:
runs-on: ubuntu-22.04
defaults:
run:
shell: bash
outputs:
result: ${{ steps.encode.outputs.result }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Encode
id: encode
run: |
result="$(cat scripts/aws/create-tap-iam-roles.sh | base64 -w 0)"
echo "result=${result}" >> $GITHUB_OUTPUT
encode-delete-tap-iam-roles-script:
runs-on: ubuntu-22.04
defaults:
run:
shell: bash
outputs:
result: ${{ steps.encode.outputs.result }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Encode
id: encode
run: |
result="$(cat scripts/aws/delete-tap-iam-roles.sh | base64 -w 0)"
echo "result=${result}" >> $GITHUB_OUTPUT
create-roles:
if: inputs.action == 'create'
needs: encode-create-tap-iam-roles-script
runs-on: ubuntu-22.04
# Use the Bash shell regardless whether the GitHub Actions runner is ubuntu-22.04, macos-latest, or windows-latest
defaults:
run:
shell: bash
steps:
# Checkout the repository to the GitHub Actions runner
- name: Checkout
uses: actions/checkout@v4
- name: "Create IAM roles for use by EKS and ECR"
uses: ./docker/actions/aws/tanzu-runsh-setup-action
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-session-token: ${{ secrets.AWS_SESSION_TOKEN }}
script-contents: ${{ needs.encode-create-tap-iam-roles-script.outputs.result }}
script-arguments: "${{ inputs.cluster-name }} ${{ inputs.region }}"
csp-api-token: ${{ secrets.CSP_API_TOKEN }}
delete-roles:
if: inputs.action == 'delete'
needs: encode-delete-tap-iam-roles-script
runs-on: ubuntu-22.04
# Use the Bash shell regardless whether the GitHub Actions runner is ubuntu-22.04, macos-latest, or windows-latest
defaults:
run:
shell: bash
steps:
# Checkout the repository to the GitHub Actions runner
- name: Checkout
uses: actions/checkout@v4
- name: "Delete IAM roles for use by EKS and ECR"
uses: ./docker/actions/aws/tanzu-runsh-setup-action
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-session-token: ${{ secrets.AWS_SESSION_TOKEN }}
script-contents: ${{ needs.encode-delete-tap-iam-roles-script.outputs.result }}
script-arguments: "${{ inputs.cluster-name }} ${{ inputs.region }}"
csp-api-token: ${{ secrets.CSP_API_TOKEN }}