Skip to content

Commit b3cbef0

Browse files
heitorlessaheitorlessa
committed
* 'develop' of https://github.com/awslabs/aws-lambda-powertools-python: chore(ci): use OIDC and encrypt release secrets (aws-powertools#1355) chore(ci): introduce codeowners (aws-powertools#1352)
2 parents 2ec7418 + 501420a commit b3cbef0

File tree

2 files changed

+10
-7
lines changed

2 files changed

+10
-7
lines changed

Diff for: .github/CODEOWNERS

+3
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
# https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners
2+
3+
* @awslabs/aws-lambda-powertools-python @awslabs/aws-lambda-powertools-core

Diff for: .github/workflows/publish.yml

+7-7
Original file line numberDiff line numberDiff line change
@@ -31,6 +31,7 @@ on:
3131

3232
jobs:
3333
release:
34+
environment: release
3435
runs-on: ubuntu-latest
3536
outputs:
3637
RELEASE_VERSION: ${{ steps.release_version.outputs.RELEASE_VERSION }}
@@ -84,16 +85,15 @@ jobs:
8485
env:
8586
PYPI_USERNAME: __token__
8687
PYPI_TOKEN: ${{ secrets.PYPI_TOKEN }}
88+
- name: aws credentials
89+
uses: aws-actions/configure-aws-credentials@v1
90+
with:
91+
aws-region: eu-west-1
92+
role-to-assume: ${{ secrets.AWS_SAR_ROLE_ARN }}
8793
- name: publish lambda layer in SAR by triggering the internal codepipeline
8894
run: |
8995
aws ssm put-parameter --name "powertools-python-release-version" --value $RELEASE_VERSION --overwrite
90-
aws codepipeline start-pipeline-execution --name ${{ secrets.CODEPIPELINE_NAME }}
91-
env:
92-
# Maintenance: Migrate to new OAuth mechanism
93-
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
94-
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
95-
AWS_DEFAULT_REGION: eu-west-1
96-
AWS_DEFAULT_OUTPUT: json
96+
aws codepipeline start-pipeline-execution --name ${{ secrets.AWS_SAR_PIPELINE_NAME }}
9797
9898
docs:
9999
needs: release

0 commit comments

Comments
 (0)