From 310f79cfd201d3996a8a364fcc82e59278b14b71 Mon Sep 17 00:00:00 2001 From: Alexander Melnyk Date: Fri, 22 Jul 2022 16:40:50 +0200 Subject: [PATCH] chore(ci): use environment for beta and prod deploy --- .github/workflows/publish_layer.yml | 6 ++---- .github/workflows/reusable_deploy_layer_stack.yml | 6 +++++- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/.github/workflows/publish_layer.yml b/.github/workflows/publish_layer.yml index 37e250298dd..f3adac5be2a 100644 --- a/.github/workflows/publish_layer.yml +++ b/.github/workflows/publish_layer.yml @@ -67,8 +67,7 @@ jobs: with: stage: "BETA" artefact-name: "cdk-layer-artefact" - secrets: - target-account-role: ${{ secrets.AWS_LAYERS_BETA_ROLE_ARN }} + environment: "layer-beta" deploy-prod: needs: @@ -77,5 +76,4 @@ jobs: with: stage: "PROD" artefact-name: "cdk-layer-artefact" - secrets: - target-account-role: ${{ secrets.AWS_LAYERS_PROD_ROLE_ARN }} + environment: "layer-prod" diff --git a/.github/workflows/reusable_deploy_layer_stack.yml b/.github/workflows/reusable_deploy_layer_stack.yml index 7c3cd2946e8..8a2c2130d2f 100644 --- a/.github/workflows/reusable_deploy_layer_stack.yml +++ b/.github/workflows/reusable_deploy_layer_stack.yml @@ -13,6 +13,9 @@ on: artefact-name: required: true type: string + environment: + required: true + type: string secrets: target-account-role: required: true @@ -20,6 +23,7 @@ on: jobs: deploy-cdk-stack: runs-on: ubuntu-latest + environment: ${{ inputs.environment }} defaults: run: working-directory: ./layer @@ -58,7 +62,7 @@ jobs: uses: aws-actions/configure-aws-credentials@v1 with: aws-region: ${{ matrix.region }} - role-to-assume: ${{ secrets.target-account-role }} + role-to-assume: ${{ secrets.AWS_LAYERS_ROLE_ARN }} - name: Setup Node.js uses: actions/setup-node@v3 with: