From f32a3e5f818409d4ca3dbc11c32a42a1979fa965 Mon Sep 17 00:00:00 2001 From: Ruben Fonseca Date: Fri, 21 Apr 2023 16:29:16 +0200 Subject: [PATCH 01/10] chore: add analytics dispatch dummy job --- .../workflows/reusable_generate_analytics.yml | 23 +++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 .github/workflows/reusable_generate_analytics.yml diff --git a/.github/workflows/reusable_generate_analytics.yml b/.github/workflows/reusable_generate_analytics.yml new file mode 100644 index 00000000000..548db8a1061 --- /dev/null +++ b/.github/workflows/reusable_generate_analytics.yml @@ -0,0 +1,23 @@ +name: Reusable dispatch analytics + +on: + workflow_call: + +permissions: + id-token: write + contents: read + +jobs: + dispatch_token: + concurrency: + group: analytics + runs-on: ubuntu-latest + steps: + - name: AWS credentials + uses: aws-actions/configure-aws-credentials@e1e17a757e536f70e52b5a12b2e8d1d1c60e04ef + with: + aws-region: eu-central-1 + role-to-assume: ${{ secrets.AWS_ANALYTICS_ROLE_ARN }} + - name: test + run: | + aws sts get-caller-identity \ No newline at end of file From c71a3efc60098520ea1557528db4595e385fa36f Mon Sep 17 00:00:00 2001 From: Ruben Fonseca Date: Fri, 21 Apr 2023 16:30:31 +0200 Subject: [PATCH 02/10] fix: renamed file --- .../workflows/reusable_dispatch_analytics.yml | 15 ++++++++++-- .../workflows/reusable_generate_analytics.yml | 23 ------------------- 2 files changed, 13 insertions(+), 25 deletions(-) delete mode 100644 .github/workflows/reusable_generate_analytics.yml diff --git a/.github/workflows/reusable_dispatch_analytics.yml b/.github/workflows/reusable_dispatch_analytics.yml index 97e16fd2bdf..548db8a1061 100644 --- a/.github/workflows/reusable_dispatch_analytics.yml +++ b/.github/workflows/reusable_dispatch_analytics.yml @@ -1,7 +1,11 @@ name: Reusable dispatch analytics on: - workflow_dispatch: + workflow_call: + +permissions: + id-token: write + contents: read jobs: dispatch_token: @@ -9,4 +13,11 @@ jobs: group: analytics runs-on: ubuntu-latest steps: - - run: echo 'hello world' + - name: AWS credentials + uses: aws-actions/configure-aws-credentials@e1e17a757e536f70e52b5a12b2e8d1d1c60e04ef + with: + aws-region: eu-central-1 + role-to-assume: ${{ secrets.AWS_ANALYTICS_ROLE_ARN }} + - name: test + run: | + aws sts get-caller-identity \ No newline at end of file diff --git a/.github/workflows/reusable_generate_analytics.yml b/.github/workflows/reusable_generate_analytics.yml deleted file mode 100644 index 548db8a1061..00000000000 --- a/.github/workflows/reusable_generate_analytics.yml +++ /dev/null @@ -1,23 +0,0 @@ -name: Reusable dispatch analytics - -on: - workflow_call: - -permissions: - id-token: write - contents: read - -jobs: - dispatch_token: - concurrency: - group: analytics - runs-on: ubuntu-latest - steps: - - name: AWS credentials - uses: aws-actions/configure-aws-credentials@e1e17a757e536f70e52b5a12b2e8d1d1c60e04ef - with: - aws-region: eu-central-1 - role-to-assume: ${{ secrets.AWS_ANALYTICS_ROLE_ARN }} - - name: test - run: | - aws sts get-caller-identity \ No newline at end of file From a89b42676921611e5a6bfb3c370ca5f679823a92 Mon Sep 17 00:00:00 2001 From: Ruben Fonseca Date: Fri, 21 Apr 2023 16:33:18 +0200 Subject: [PATCH 03/10] fix: typo --- .github/workflows/reusable_dispatch_analytics.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/reusable_dispatch_analytics.yml b/.github/workflows/reusable_dispatch_analytics.yml index 548db8a1061..fd045c0cf84 100644 --- a/.github/workflows/reusable_dispatch_analytics.yml +++ b/.github/workflows/reusable_dispatch_analytics.yml @@ -1,7 +1,7 @@ name: Reusable dispatch analytics on: - workflow_call: + workflow_dispatch: permissions: id-token: write From b410b62a89a3ab34f65b8dc9a6b7a6b695ca6964 Mon Sep 17 00:00:00 2001 From: Ruben Fonseca Date: Fri, 21 Apr 2023 17:01:57 +0200 Subject: [PATCH 04/10] chore: actually call the dispatcher --- .github/workflows/reusable_dispatch_analytics.yml | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/.github/workflows/reusable_dispatch_analytics.yml b/.github/workflows/reusable_dispatch_analytics.yml index fd045c0cf84..5dc8349dc48 100644 --- a/.github/workflows/reusable_dispatch_analytics.yml +++ b/.github/workflows/reusable_dispatch_analytics.yml @@ -13,11 +13,15 @@ jobs: group: analytics runs-on: ubuntu-latest steps: - - name: AWS credentials + - name: Configure AWS credentials uses: aws-actions/configure-aws-credentials@e1e17a757e536f70e52b5a12b2e8d1d1c60e04ef with: aws-region: eu-central-1 role-to-assume: ${{ secrets.AWS_ANALYTICS_ROLE_ARN }} - - name: test + + - name: Invoke Lambda function run: | - aws sts get-caller-identity \ No newline at end of file + aws lambda invoke \ + --function-name ${{ secrets.AWS_ANALYTICS_DISPTACHER_ARN }} \ + --payload '{"githubToken": "${{ secrets.GITHUB_TOEN }}"}' response.json + cat response.json \ No newline at end of file From 71cdbbc0afac460dc26d9cda1909c093df31fded Mon Sep 17 00:00:00 2001 From: Ruben Fonseca Date: Fri, 21 Apr 2023 17:02:49 +0200 Subject: [PATCH 05/10] fix: typo --- .github/workflows/reusable_dispatch_analytics.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/reusable_dispatch_analytics.yml b/.github/workflows/reusable_dispatch_analytics.yml index 5dc8349dc48..7a559f7549d 100644 --- a/.github/workflows/reusable_dispatch_analytics.yml +++ b/.github/workflows/reusable_dispatch_analytics.yml @@ -22,6 +22,6 @@ jobs: - name: Invoke Lambda function run: | aws lambda invoke \ - --function-name ${{ secrets.AWS_ANALYTICS_DISPTACHER_ARN }} \ + --function-name ${{ secrets.AWS_ANALYTICS_DISPATCHER_ARN }} \ --payload '{"githubToken": "${{ secrets.GITHUB_TOEN }}"}' response.json cat response.json \ No newline at end of file From af31b19ad443d147d9849a6727ce00af41360bef Mon Sep 17 00:00:00 2001 From: Ruben Fonseca Date: Fri, 21 Apr 2023 17:05:09 +0200 Subject: [PATCH 06/10] fix: encode the payload as bsae64 --- .github/workflows/reusable_dispatch_analytics.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/reusable_dispatch_analytics.yml b/.github/workflows/reusable_dispatch_analytics.yml index 7a559f7549d..8cd7b4760f4 100644 --- a/.github/workflows/reusable_dispatch_analytics.yml +++ b/.github/workflows/reusable_dispatch_analytics.yml @@ -21,7 +21,8 @@ jobs: - name: Invoke Lambda function run: | + payload=$(echo -n '{"githubToken": "${{ secrets.GITHUB_TOKEN }}"}' | base64) aws lambda invoke \ --function-name ${{ secrets.AWS_ANALYTICS_DISPATCHER_ARN }} \ - --payload '{"githubToken": "${{ secrets.GITHUB_TOEN }}"}' response.json + --payload "$payload" response.json cat response.json \ No newline at end of file From 5f21dc8d888f7344ca020ca8301bfae64daa9abf Mon Sep 17 00:00:00 2001 From: Ruben Fonseca Date: Fri, 21 Apr 2023 17:08:35 +0200 Subject: [PATCH 07/10] chore: schedule the workflow every hour --- .github/workflows/reusable_dispatch_analytics.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/reusable_dispatch_analytics.yml b/.github/workflows/reusable_dispatch_analytics.yml index 8cd7b4760f4..0a3a28d89cc 100644 --- a/.github/workflows/reusable_dispatch_analytics.yml +++ b/.github/workflows/reusable_dispatch_analytics.yml @@ -3,6 +3,9 @@ name: Reusable dispatch analytics on: workflow_dispatch: + schedule: + - cron: '0 * * * *' + permissions: id-token: write contents: read From aa3f4a4467988eb90eeb28051aa3a0e0a2c863c3 Mon Sep 17 00:00:00 2001 From: Ruben Fonseca Date: Fri, 21 Apr 2023 17:18:18 +0200 Subject: [PATCH 08/10] chore: add more permissions --- .github/workflows/reusable_dispatch_analytics.yml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/.github/workflows/reusable_dispatch_analytics.yml b/.github/workflows/reusable_dispatch_analytics.yml index 0a3a28d89cc..80b27efd9ed 100644 --- a/.github/workflows/reusable_dispatch_analytics.yml +++ b/.github/workflows/reusable_dispatch_analytics.yml @@ -8,7 +8,18 @@ on: permissions: id-token: write + actions: read + checks: read contents: read + deployments: read + issues: read + discussions: read + packages: read + pages: read + pull-requests: read + repository-projects: read + security-events: read + statuses: read jobs: dispatch_token: From ca3374dacda13975932ec4b6596442e95f02ed74 Mon Sep 17 00:00:00 2001 From: Ruben Fonseca Date: Mon, 24 Apr 2023 20:50:33 +0200 Subject: [PATCH 09/10] fix: remove reusable workflow, add environment --- ...{reusable_dispatch_analytics.yml => dispatch_analytics.yml} | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) rename .github/workflows/{reusable_dispatch_analytics.yml => dispatch_analytics.yml} (94%) diff --git a/.github/workflows/reusable_dispatch_analytics.yml b/.github/workflows/dispatch_analytics.yml similarity index 94% rename from .github/workflows/reusable_dispatch_analytics.yml rename to .github/workflows/dispatch_analytics.yml index 80b27efd9ed..07246ccefaf 100644 --- a/.github/workflows/reusable_dispatch_analytics.yml +++ b/.github/workflows/dispatch_analytics.yml @@ -1,4 +1,4 @@ -name: Reusable dispatch analytics +name: Dispatch analytics on: workflow_dispatch: @@ -26,6 +26,7 @@ jobs: concurrency: group: analytics runs-on: ubuntu-latest + environment: analytics steps: - name: Configure AWS credentials uses: aws-actions/configure-aws-credentials@e1e17a757e536f70e52b5a12b2e8d1d1c60e04ef From f888e69abb9540061559754695e178c96caa7c90 Mon Sep 17 00:00:00 2001 From: Ruben Fonseca Date: Mon, 24 Apr 2023 20:59:49 +0200 Subject: [PATCH 10/10] fix: add new line --- .github/workflows/dispatch_analytics.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/dispatch_analytics.yml b/.github/workflows/dispatch_analytics.yml index 07246ccefaf..49a276f6f61 100644 --- a/.github/workflows/dispatch_analytics.yml +++ b/.github/workflows/dispatch_analytics.yml @@ -40,4 +40,4 @@ jobs: aws lambda invoke \ --function-name ${{ secrets.AWS_ANALYTICS_DISPATCHER_ARN }} \ --payload "$payload" response.json - cat response.json \ No newline at end of file + cat response.json