Skip to content

feat: use token not installation id (#170) #102

feat: use token not installation id (#170)

feat: use token not installation id (#170) #102

Workflow file for this run

name: Deploy Backend to Product ECS
on:
push:
branches: ['main']
env:
AWS_REGION: ap-northeast-1
ECR_REPOSITORY: petercat-lambda
ECR_REGISTRY: 654654285942.dkr.ecr.ap-northeast-1.amazonaws.com
permissions:
id-token: write # This is required for requesting the JWT
contents: read # This is required for actions/checkout
jobs:
deploy:
runs-on: ubuntu-latest
environment: production
strategy:
fail-fast: true
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws:iam::654654285942:role/Github-OIDC
audience: sts.amazonaws.com
aws-region: ${{ env.AWS_REGION }}
# Build inside Docker containers
- run: sam build --use-container --config-file .aws/petercat-prod.toml
# Prevent prompts and failure when the stack is unchanged
- run: |
sam deploy \
--no-confirm-changeset \
--no-fail-on-empty-changeset \
--config-file .aws/petercat-prod.toml \
--parameter-overrides GitHubAppID=${{ secrets.X_GITHUB_APP_ID }} \
GithubAppsClientId=${{ secrets.X_GITHUB_APPS_CLIENT_ID }} \
GithubAppsClientSecret=${{ secrets.X_GITHUB_APPS_CLIENT_SECRET }} \
OpenAIAPIKey=${{ secrets.OPENAI_API_KEY }} \
SupabaseServiceKey=${{ secrets.SUPABASE_SERVICE_KEY }} \
SupabaseUrl=${{ secrets.SUPABASE_URL }} \
TavilyAPIKey=${{ secrets.TAVILY_API_KEY }} \
APIIdentifier=${{ secrets.API_IDENTIFIER }} \
FastAPISecretKey=${{ secrets.FASTAPI_SECRET_KEY }} \
GithubInstallationId=${{ secrets.X_GITHUB_INSTALLATION_ID }}