Skip to content

patch aws-auth configmap #46

patch aws-auth configmap

patch aws-auth configmap #46

Workflow file for this run

---
name: Flowzone
on:
pull_request:
types: [opened, synchronize, closed]
branches: [main, master]
# allow external contributions to use secrets within trusted code
pull_request_target:
types: [opened, synchronize, closed]
branches: [main, master]
# https://docs.github.com/en/actions/security-guides/automatic-token-authentication
# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
# https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#adding-permissions-settings
permissions:
actions: read
checks: read
contents: read
deployments: read
id-token: write # AWS GitHub OIDC required: write
issues: read
discussions: read
packages: write
pages: read
pull-requests: read
repository-projects: read
security-events: read
statuses: read
jobs:
flowzone:
name: Flowzone
uses: product-os/flowzone/.github/workflows/flowzone.yml@master
# prevent duplicate workflow executions for pull_request and pull_request_target
if: |
(
github.event.pull_request.head.repo.full_name == github.repository &&
github.event_name == 'pull_request'
) || (
github.event.pull_request.head.repo.full_name != github.repository &&
github.event_name == 'pull_request_target'
)
secrets:
DOCKERHUB_USER: ${{ secrets.DOCKERHUB_USER }}
DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
GH_APP_PRIVATE_KEY: ${{ secrets.GH_APP_PRIVATE_KEY }}
with:
working_directory: generic_provider
repo_config: true
repo_homepage: "https://anton.belodedenko.me/generic-custom-resource-provider"
repo_description: "CloudFormation generic custom resource provider."
# .. AWS::Lambda::Function:Code:ImageUri can't be public :/
# https://stackoverflow.com/a/67389055/1559300
# https://stackoverflow.com/a/69997191/1559300
docker_images: |
ghcr.io/belodetek/cfn-generic-provider,
public.ecr.aws/k4v3r5y6/cfn-generic-provider,
312433241086.dkr.ecr.us-east-1.amazonaws.com/cfn-generic-provider
# .. or multi-arch :/
# https://stackoverflow.com/a/76323686/1559300
# https://github.com/docker/buildx/issues/1533
# https://repost.aws/questions/QUIZjd2sL_TtCuoqtg5Q30LA/does-lambda-not-support-multi-architecture-container-images-manifests
docker_runs_on: >
{
"linux/arm64": ["ubuntu-latest"],
"linux/amd64": ["ubuntu-latest"]
}