normalizing secrets #2368
Merged
normalizing secrets #2368
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
jimleroyer
reviewed
Nov 27, 2024
|
|
||
| steps: | ||
| - name: Configure credentials to Notify account using OIDC | ||
| uses: aws-actions/configure-aws-credentials@5fd3084fc36e372ff1fff382a39b10d03659f355 # v2.2.0 | ||
| with: | ||
| role-to-assume: arn:aws:iam::${{ secrets.PRODUCTION_API_LAMBDA_ECR_ACCOUNT }}:role/notification-api-apply | ||
| role-to-assume: arn:aws:iam::${{ secrets.PRODUCTION_ACCOUNT_ID }}:role/notification-api-apply |
There was a problem hiding this comment.
This is an AWS account ID, right? is the new one a global one or specific to ECR? Can the var name be more descriptive?
There was a problem hiding this comment.
It's an AWS account ID, and it's just the corresponding environment AWS Account ID... I've been keeping it consistent across all of the other repos I've done (they've all been named ENVIRONMENT_ACCOUNT_ID) - I can change this to PRODUCTION_AWS_ACCOUNT_ID but then I should go back and change all of the others. What do you think?
jimleroyer
reviewed
Nov 27, 2024
| @@ -7,7 +7,7 @@ on: | |||
| branches: [main] | |||
|
|
|||
| env: | |||
| REGISTRY: ${{ secrets.PRODUCTION_API_LAMBDA_ECR_ACCOUNT }}.dkr.ecr.ca-central-1.amazonaws.com/notify | |||
| REGISTRY: ${{ secrets.PRODUCTION_ACCOUNT_ID }}.dkr.ecr.ca-central-1.amazonaws.com/notify | |||
jimleroyer
reviewed
Nov 27, 2024
.github/workflows/lambda_staging.yml
Outdated
| @@ -7,7 +7,7 @@ on: | |||
| branches: [main] | |||
|
|
|||
| env: | |||
| REGISTRY: ${{ secrets.STAGING_API_LAMBDA_ECR_ACCOUNT }}.dkr.ecr.ca-central-1.amazonaws.com/notify | |||
| REGISTRY: ${{ secrets.STAGING_ACCOUNT_ID }}.dkr.ecr.ca-central-1.amazonaws.com/notify | |||
jimleroyer
approved these changes
Nov 27, 2024
ben851
added a commit
that referenced
this pull request
Nov 27, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary | Résumé
GHA Secrets configured to reflect TF changes
Related Issues | Cartes liées
Test instructions | Instructions pour tester la modification
Once the TF secrets PR has been merged, verify that the workflows all still work.
Release Instructions | Instructions pour le déploiement
None.
Reviewer checklist | Liste de vérification du réviseur