From 24d9ebb79fdaeba67d142ea5b776da1cb0a00729 Mon Sep 17 00:00:00 2001 From: Umberto Baldi Date: Mon, 19 Feb 2024 18:15:31 +0100 Subject: [PATCH 1/2] put permission under correct job only --- .github/workflows/publish-go-nightly-task.yml | 3 +++ .github/workflows/release-go-task.yml | 5 +---- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/publish-go-nightly-task.yml b/.github/workflows/publish-go-nightly-task.yml index 8b496a6fbe8..d2efb3d92b5 100644 --- a/.github/workflows/publish-go-nightly-task.yml +++ b/.github/workflows/publish-go-nightly-task.yml @@ -236,6 +236,9 @@ jobs: - create-nightly-artifacts - notarize-macos - create-windows-installer + permissions: + contents: write + id-token: write # This is required for requesting the JWT steps: - name: Checkout repository diff --git a/.github/workflows/release-go-task.yml b/.github/workflows/release-go-task.yml index f24caab458c..e43b3252155 100644 --- a/.github/workflows/release-go-task.yml +++ b/.github/workflows/release-go-task.yml @@ -16,10 +16,6 @@ on: tags: - "v[0-9]+.[0-9]+.[0-9]+*" -permissions: - id-token: write # This is required for requesting the JWT - contents: read # This is required for actions/checkout - jobs: create-release-artifacts: outputs: @@ -242,6 +238,7 @@ jobs: - create-windows-installer permissions: contents: write + id-token: write # This is required for requesting the JWT steps: - name: Checkout repository From 218c8e4f9a4ab4771ff38d97783f517b6c94f86e Mon Sep 17 00:00:00 2001 From: Umberto Baldi Date: Mon, 19 Feb 2024 18:16:16 +0100 Subject: [PATCH 2/2] replace docker plugin with plain s3 command-line --- .github/workflows/publish-go-nightly-task.yml | 7 +------ .github/workflows/release-go-task.yml | 7 +------ 2 files changed, 2 insertions(+), 12 deletions(-) diff --git a/.github/workflows/publish-go-nightly-task.yml b/.github/workflows/publish-go-nightly-task.yml index d2efb3d92b5..c6dce447109 100644 --- a/.github/workflows/publish-go-nightly-task.yml +++ b/.github/workflows/publish-go-nightly-task.yml @@ -275,12 +275,7 @@ jobs: aws-region: ${{ env.AWS_REGION }} - name: Upload release files on Arduino downloads servers - uses: docker://plugins/s3 - env: - PLUGIN_SOURCE: "${{ env.DIST_DIR }}/*" - PLUGIN_TARGET: "${{ env.AWS_PLUGIN_TARGET }}nightly" - PLUGIN_STRIP_PREFIX: "${{ env.DIST_DIR }}/" - PLUGIN_BUCKET: ${{ secrets.DOWNLOADS_BUCKET }} + run: aws s3 sync ${{ env.DIST_DIR }} s3://${{ secrets.DOWNLOADS_BUCKET }}${{ env.AWS_PLUGIN_TARGET }}nightly report: runs-on: ubuntu-latest diff --git a/.github/workflows/release-go-task.yml b/.github/workflows/release-go-task.yml index e43b3252155..f091913172f 100644 --- a/.github/workflows/release-go-task.yml +++ b/.github/workflows/release-go-task.yml @@ -296,12 +296,7 @@ jobs: aws-region: ${{ env.AWS_REGION }} - name: Upload release files on Arduino downloads servers - uses: docker://plugins/s3 - env: - PLUGIN_SOURCE: "${{ env.DIST_DIR }}/*" - PLUGIN_TARGET: ${{ env.AWS_PLUGIN_TARGET }} - PLUGIN_STRIP_PREFIX: "${{ env.DIST_DIR }}/" - PLUGIN_BUCKET: ${{ secrets.DOWNLOADS_BUCKET }} + run: aws s3 sync ${{ env.DIST_DIR }} s3://${{ secrets.DOWNLOADS_BUCKET }}${{ env.AWS_PLUGIN_TARGET }} - name: Update Homebrew formula if: steps.prerelease.outputs.IS_PRE != 'true'