From 9b6135edf24f890300493b606a8b656cf9eacb65 Mon Sep 17 00:00:00 2001 From: Aron Price Date: Thu, 23 May 2024 14:53:17 +0000 Subject: [PATCH 01/10] workflows --- .github/workflows/github_codecommit.yml | 39 +++++++++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100644 .github/workflows/github_codecommit.yml diff --git a/.github/workflows/github_codecommit.yml b/.github/workflows/github_codecommit.yml new file mode 100644 index 0000000..1d5e1a9 --- /dev/null +++ b/.github/workflows/github_codecommit.yml @@ -0,0 +1,39 @@ +# This is a basic workflow to help you get started with Actions +name: Connect to an AWS role from a GitHub repository + +# Controls when the action will run. Invokes the workflow on push events but only for the main branch +on: + push: + branches: [ main ] + pull_request: + branches: [ main ] + +env: + + AWS_REGION : us-east-1 #Change to reflect your Region + +# Permission can be added at job level or workflow level +permissions: + id-token: write # This is required for requesting the JWT + contents: read # This is required for actions/checkout +jobs: + sync: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + with: + fetch-depth: 0 + + - name: configure aws credentials + uses: aws-actions/configure-aws-credentials@v1.7.0 + with: + role-to-assume: arn:aws:iam::805600764437:role/GitHubSync #change to reflect your IAM role’s ARN + role-session-name: GitHub_to_AWS_via_FederatedOIDC + aws-region: ${{ env.AWS_REGION }} + + - name: Sync up to CodeCommit + uses: pay-theory/sync-up-to-codecommit-action@v1 + with: + repository_name: html-demo + aws_region: us-east-1 \ No newline at end of file From cf5cfffcf175867ca2a04deed6c59ece9f3dc445 Mon Sep 17 00:00:00 2001 From: Aron Price Date: Thu, 23 May 2024 14:53:38 +0000 Subject: [PATCH 02/10] workflows --- github_codecommit.yml | 39 --------------------------------------- 1 file changed, 39 deletions(-) delete mode 100644 github_codecommit.yml diff --git a/github_codecommit.yml b/github_codecommit.yml deleted file mode 100644 index 1d5e1a9..0000000 --- a/github_codecommit.yml +++ /dev/null @@ -1,39 +0,0 @@ -# This is a basic workflow to help you get started with Actions -name: Connect to an AWS role from a GitHub repository - -# Controls when the action will run. Invokes the workflow on push events but only for the main branch -on: - push: - branches: [ main ] - pull_request: - branches: [ main ] - -env: - - AWS_REGION : us-east-1 #Change to reflect your Region - -# Permission can be added at job level or workflow level -permissions: - id-token: write # This is required for requesting the JWT - contents: read # This is required for actions/checkout -jobs: - sync: - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v3 - with: - fetch-depth: 0 - - - name: configure aws credentials - uses: aws-actions/configure-aws-credentials@v1.7.0 - with: - role-to-assume: arn:aws:iam::805600764437:role/GitHubSync #change to reflect your IAM role’s ARN - role-session-name: GitHub_to_AWS_via_FederatedOIDC - aws-region: ${{ env.AWS_REGION }} - - - name: Sync up to CodeCommit - uses: pay-theory/sync-up-to-codecommit-action@v1 - with: - repository_name: html-demo - aws_region: us-east-1 \ No newline at end of file From 4d1400456f980f0c951844e39bae8800b1225708 Mon Sep 17 00:00:00 2001 From: Aron Price Date: Thu, 23 May 2024 15:22:21 +0000 Subject: [PATCH 03/10] demo action --- .github/workflows/github_codecommit.yml | 32 +++++++++++++++++-------- 1 file changed, 22 insertions(+), 10 deletions(-) diff --git a/.github/workflows/github_codecommit.yml b/.github/workflows/github_codecommit.yml index 1d5e1a9..db20374 100644 --- a/.github/workflows/github_codecommit.yml +++ b/.github/workflows/github_codecommit.yml @@ -20,20 +20,32 @@ jobs: sync: runs-on: ubuntu-latest steps: - - name: Checkout + - name: Git clone the repository uses: actions/checkout@v3 - with: - fetch-depth: 0 - - name: configure aws credentials uses: aws-actions/configure-aws-credentials@v1.7.0 with: - role-to-assume: arn:aws:iam::805600764437:role/GitHubSync #change to reflect your IAM role’s ARN + role-to-assume: #change to reflect your IAM role’s ARN role-session-name: GitHub_to_AWS_via_FederatedOIDC aws-region: ${{ env.AWS_REGION }} + # Hello from AWS: WhoAmI + - name: Sts GetCallerIdentity + run: | + aws sts get-caller-identity + # - name: Checkout + # uses: actions/checkout@v3 + # with: + # fetch-depth: 0 - - name: Sync up to CodeCommit - uses: pay-theory/sync-up-to-codecommit-action@v1 - with: - repository_name: html-demo - aws_region: us-east-1 \ No newline at end of file + # - name: configure aws credentials + # uses: aws-actions/configure-aws-credentials@v1.7.0 + # with: + # role-to-assume: arn:aws:iam::805600764437:role/GitHubSync #change to reflect your IAM role’s ARN + # role-session-name: GitHub_to_AWS_via_FederatedOIDC + # aws-region: ${{ env.AWS_REGION }} + + # - name: Sync up to CodeCommit + # uses: pay-theory/sync-up-to-codecommit-action@v1 + # with: + # repository_name: html-demo + # aws_region: us-east-1 \ No newline at end of file From 5d426792e787f3a91f11cd8c065c7ab31981e758 Mon Sep 17 00:00:00 2001 From: Aron Price Date: Thu, 23 May 2024 15:24:43 +0000 Subject: [PATCH 04/10] role --- .github/workflows/github_codecommit.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/github_codecommit.yml b/.github/workflows/github_codecommit.yml index db20374..392ef61 100644 --- a/.github/workflows/github_codecommit.yml +++ b/.github/workflows/github_codecommit.yml @@ -25,7 +25,7 @@ jobs: - name: configure aws credentials uses: aws-actions/configure-aws-credentials@v1.7.0 with: - role-to-assume: #change to reflect your IAM role’s ARN + role-to-assume: arn:aws:iam::805600764437:role/GitHubSync #change to reflect your IAM role’s ARN role-session-name: GitHub_to_AWS_via_FederatedOIDC aws-region: ${{ env.AWS_REGION }} # Hello from AWS: WhoAmI From 703bd0f71dfa2330eb5b4b516491ce2aa45ca7d7 Mon Sep 17 00:00:00 2001 From: Aron Price Date: Thu, 23 May 2024 15:33:02 +0000 Subject: [PATCH 05/10] trusted --- .github/workflows/github_codecommit.yml | 42 ++++++++++++------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/.github/workflows/github_codecommit.yml b/.github/workflows/github_codecommit.yml index 392ef61..82360a1 100644 --- a/.github/workflows/github_codecommit.yml +++ b/.github/workflows/github_codecommit.yml @@ -20,32 +20,32 @@ jobs: sync: runs-on: ubuntu-latest steps: - - name: Git clone the repository - uses: actions/checkout@v3 - - name: configure aws credentials - uses: aws-actions/configure-aws-credentials@v1.7.0 - with: - role-to-assume: arn:aws:iam::805600764437:role/GitHubSync #change to reflect your IAM role’s ARN - role-session-name: GitHub_to_AWS_via_FederatedOIDC - aws-region: ${{ env.AWS_REGION }} - # Hello from AWS: WhoAmI - - name: Sts GetCallerIdentity - run: | - aws sts get-caller-identity - # - name: Checkout + # - name: Git clone the repository # uses: actions/checkout@v3 - # with: - # fetch-depth: 0 - # - name: configure aws credentials # uses: aws-actions/configure-aws-credentials@v1.7.0 # with: # role-to-assume: arn:aws:iam::805600764437:role/GitHubSync #change to reflect your IAM role’s ARN # role-session-name: GitHub_to_AWS_via_FederatedOIDC # aws-region: ${{ env.AWS_REGION }} + # # Hello from AWS: WhoAmI + # - name: Sts GetCallerIdentity + # run: | + # aws sts get-caller-identity + - name: Checkout + uses: actions/checkout@v3 + with: + fetch-depth: 0 - # - name: Sync up to CodeCommit - # uses: pay-theory/sync-up-to-codecommit-action@v1 - # with: - # repository_name: html-demo - # aws_region: us-east-1 \ No newline at end of file + - name: configure aws credentials + uses: aws-actions/configure-aws-credentials@v1.7.0 + with: + role-to-assume: arn:aws:iam::805600764437:role/GitHubSync #change to reflect your IAM role’s ARN + role-session-name: GitHub_to_AWS_via_FederatedOIDC + aws-region: ${{ env.AWS_REGION }} + + - name: Sync up to CodeCommit + uses: pay-theory/sync-up-to-codecommit-action@v1 + with: + repository_name: html-demo + aws_region: us-east-1 \ No newline at end of file From 1448092c2f6222608fb4c16673f862c80fc3ca8a Mon Sep 17 00:00:00 2001 From: Aron Price Date: Thu, 23 May 2024 15:38:44 +0000 Subject: [PATCH 06/10] revised commit docker --- .github/workflows/github_codecommit.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/github_codecommit.yml b/.github/workflows/github_codecommit.yml index 82360a1..690fec0 100644 --- a/.github/workflows/github_codecommit.yml +++ b/.github/workflows/github_codecommit.yml @@ -45,7 +45,7 @@ jobs: aws-region: ${{ env.AWS_REGION }} - name: Sync up to CodeCommit - uses: pay-theory/sync-up-to-codecommit-action@v1 + uses: pay-theory/sync-up-to-codecommit-action@v1.0.1 with: repository_name: html-demo aws_region: us-east-1 \ No newline at end of file From 744ecf1f728671fed2c19712b7a3d78ebbf71043 Mon Sep 17 00:00:00 2001 From: Aron Price Date: Thu, 23 May 2024 19:16:16 +0000 Subject: [PATCH 07/10] inline action --- .github/workflows/Dockerfile | 5 +++++ .github/workflows/github_codecommit.yml | 19 +++---------------- entrypoint.sh | 13 +++++++++++++ 3 files changed, 21 insertions(+), 16 deletions(-) create mode 100644 .github/workflows/Dockerfile create mode 100644 entrypoint.sh diff --git a/.github/workflows/Dockerfile b/.github/workflows/Dockerfile new file mode 100644 index 0000000..c4ddb06 --- /dev/null +++ b/.github/workflows/Dockerfile @@ -0,0 +1,5 @@ +FROM amazon/aws-cli:2.0.43 + +COPY entrypoint.sh /entrypoint.sh + +ENTRYPOINT ["/entrypoint.sh"] \ No newline at end of file diff --git a/.github/workflows/github_codecommit.yml b/.github/workflows/github_codecommit.yml index 690fec0..15410c5 100644 --- a/.github/workflows/github_codecommit.yml +++ b/.github/workflows/github_codecommit.yml @@ -20,18 +20,6 @@ jobs: sync: runs-on: ubuntu-latest steps: - # - name: Git clone the repository - # uses: actions/checkout@v3 - # - name: configure aws credentials - # uses: aws-actions/configure-aws-credentials@v1.7.0 - # with: - # role-to-assume: arn:aws:iam::805600764437:role/GitHubSync #change to reflect your IAM role’s ARN - # role-session-name: GitHub_to_AWS_via_FederatedOIDC - # aws-region: ${{ env.AWS_REGION }} - # # Hello from AWS: WhoAmI - # - name: Sts GetCallerIdentity - # run: | - # aws sts get-caller-identity - name: Checkout uses: actions/checkout@v3 with: @@ -45,7 +33,6 @@ jobs: aws-region: ${{ env.AWS_REGION }} - name: Sync up to CodeCommit - uses: pay-theory/sync-up-to-codecommit-action@v1.0.1 - with: - repository_name: html-demo - aws_region: us-east-1 \ No newline at end of file + run: + using: 'docker' + image: './Dockerfile' \ No newline at end of file diff --git a/entrypoint.sh b/entrypoint.sh new file mode 100644 index 0000000..5585491 --- /dev/null +++ b/entrypoint.sh @@ -0,0 +1,13 @@ +#!/bin/sh + +set -ue + +RepositoryName="${GITHUB_REPOSITORY}" +AwsRegion="us-east-1" +CodeCommitUrl="https://git-codecommit.${AwsRegion}.amazonaws.com/v1/repos/${RepositoryName}" + +git config --global --add safe.directory /github/workspace +git config --global credential.'https://git-codecommit.*.amazonaws.com'.helper '!aws codecommit credential-helper $@' +git config --global credential.UseHttpPath true +git remote add sync ${CodeCommitUrl} +git push sync --mirror \ No newline at end of file From c2e6d09e500a4fc0b52798749e19b17547c80482 Mon Sep 17 00:00:00 2001 From: Aron Price Date: Thu, 23 May 2024 20:06:09 +0000 Subject: [PATCH 08/10] combined action --- .github/workflows/github_codecommit.yml | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/.github/workflows/github_codecommit.yml b/.github/workflows/github_codecommit.yml index 15410c5..7116d8b 100644 --- a/.github/workflows/github_codecommit.yml +++ b/.github/workflows/github_codecommit.yml @@ -33,6 +33,21 @@ jobs: aws-region: ${{ env.AWS_REGION }} - name: Sync up to CodeCommit - run: - using: 'docker' - image: './Dockerfile' \ No newline at end of file + run: | + apt-get update && \ + apt-get install -y \ + python3 \ + python3-pip \ + python3-setuptools \ + groff \ + less \ + && pip3 install --upgrade pip \ + && apt-get clean + pip3 --no-cache-dir install --upgrade awscli + git config --global --add safe.directory /github/workspace + git config --global credential.'https://git-codecommit.*.amazonaws.com'.helper '!aws codecommit credential-helper $@' + git config --global credential.UseHttpPath true + git remote add sync "https://git-codecommit.us-east-1.amazonaws.com/v1/repos/${GITHUB_REPOSITORY}" + # run: + # using: 'docker' + # image: './Dockerfile' \ No newline at end of file From d176071c1169db3c1c68f100042ae021f0a5110b Mon Sep 17 00:00:00 2001 From: Aron Price Date: Thu, 23 May 2024 20:15:38 +0000 Subject: [PATCH 09/10] commit and install steps --- .github/workflows/github_codecommit.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/github_codecommit.yml b/.github/workflows/github_codecommit.yml index 7116d8b..0f4c12b 100644 --- a/.github/workflows/github_codecommit.yml +++ b/.github/workflows/github_codecommit.yml @@ -32,7 +32,7 @@ jobs: role-session-name: GitHub_to_AWS_via_FederatedOIDC aws-region: ${{ env.AWS_REGION }} - - name: Sync up to CodeCommit + - name: Install AWS run: | apt-get update && \ apt-get install -y \ @@ -44,6 +44,9 @@ jobs: && pip3 install --upgrade pip \ && apt-get clean pip3 --no-cache-dir install --upgrade awscli + + - name: Sync up to CodeCommit + run: | git config --global --add safe.directory /github/workspace git config --global credential.'https://git-codecommit.*.amazonaws.com'.helper '!aws codecommit credential-helper $@' git config --global credential.UseHttpPath true From c2e39b31c13fa30cdde0c28cd74a4e696b659ebb Mon Sep 17 00:00:00 2001 From: Aron Price Date: Thu, 23 May 2024 20:20:09 +0000 Subject: [PATCH 10/10] mirror --- .github/workflows/github_codecommit.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/workflows/github_codecommit.yml b/.github/workflows/github_codecommit.yml index 0f4c12b..ee80e64 100644 --- a/.github/workflows/github_codecommit.yml +++ b/.github/workflows/github_codecommit.yml @@ -51,6 +51,4 @@ jobs: git config --global credential.'https://git-codecommit.*.amazonaws.com'.helper '!aws codecommit credential-helper $@' git config --global credential.UseHttpPath true git remote add sync "https://git-codecommit.us-east-1.amazonaws.com/v1/repos/${GITHUB_REPOSITORY}" - # run: - # using: 'docker' - # image: './Dockerfile' \ No newline at end of file + git push sync --mirror \ No newline at end of file