remove reference to secret in actions.yml

segmentio · Oct 18, 2024 · e242eb3 · e242eb3
1 parent aa4e627
commit e242eb3
Show file tree

Hide file tree

Showing 6 changed files with 32 additions and 3 deletions.
diff --git a/.github/actions/build-with-cache/action.yml b/.github/actions/build-with-cache/action.yml
@@ -1,5 +1,13 @@
 name: 'Build'
 description: 'This action builds this project with remote s3 cache.'
+inputs:
+ aws-region:
+ description: 'The AWS region to use for the cache.'
+ required: true
+ default: 'us-west-2'
+ cache-role-to-assume:
+ description: 'The ARN of the role to assume to access the cache.'
+ required: true
 runs:
  using: 'composite'
  steps:
@@ -8,8 +16,8 @@ runs:
  shell: bash
  with:
  audience: sts.amazonaws.com
- aws-region: ${{ secrets.CACHE_AWS_REGION }}
- role-to-assume: ${{ secrets.CACHE_ROLE_TO_ASSUME }}
+ aws-region: ${{ inputs.aws-region }}
+ role-to-assume: ${{ inputs.cache-role-to-assume }}
 
  - name: Build (Affected)
  shell: bash

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -41,6 +41,9 @@ jobs:
 
  - name: Build
  uses: ./.github/actions/build-with-cache
+ with:
+ aws-region: ${{ secrets.AWS_REGION }}
+ cache-role-to-assume: ${{ secrets.CACHE_ROLE_TO_ASSUME }}
 
  - name: Test (Affected)
  run: yarn nx affected -t test --parallel=3 --coverage # nx recipe
@@ -80,6 +83,9 @@ jobs:
 
  - name: Build
  uses: ./.github/actions/build-with-cache
+ with:
+ aws-region: ${{ secrets.AWS_REGION }}
+ cache-role-to-assume: ${{ secrets.CACHE_ROLE_TO_ASSUME }}
 
  - name: Lint
  env:
@@ -117,6 +123,9 @@ jobs:
 
  - name: Build
  uses: ./.github/actions/build-with-cache
+ with:
+ aws-region: ${{ secrets.AWS_REGION }}
+ cache-role-to-assume: ${{ secrets.CACHE_ROLE_TO_ASSUME }}
 
  - name: Validate Definitions
  run: yarn validate

diff --git a/.github/workflows/ext.yml b/.github/workflows/ext.yml
@@ -34,3 +34,6 @@ jobs:
 
  - name: Build
  uses: ./.github/actions/build-with-cache
+ with:
+ aws-region: ${{ secrets.AWS_REGION }}
+ cache-role-to-assume: ${{ secrets.CACHE_ROLE_TO_ASSUME }}
diff --git a/.github/workflows/publish-canary.yml b/.github/workflows/publish-canary.yml
@@ -37,6 +37,9 @@ jobs:
 
  - name: Build
  uses: ./.github/actions/build-with-cache
+ with:
+ aws-region: ${{ secrets.AWS_REGION }}
+ cache-role-to-assume: ${{ secrets.CACHE_ROLE_TO_ASSUME }}
 
  - name: Fetch Latest Tags
  run: |

diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -37,7 +37,10 @@ jobs:
  run: yarn install --frozen-lockfile
 
  - name: Build
- run: NODE_ENV=production yarn build
+ uses: ./.github/actions/build-with-cache
+ with:
+ aws-region: ${{ secrets.AWS_REGION }}
+ cache-role-to-assume: ${{ secrets.CACHE_ROLE_TO_ASSUME }}
 
  - name: Fetch Latest Tags
  run: |

diff --git a/.github/workflows/version-packages.yml b/.github/workflows/version-packages.yml
@@ -65,6 +65,9 @@ jobs:
 
  - name: Build
  uses: ./.github/actions/build-with-cache
+ with:
+ aws-region: ${{ secrets.AWS_REGION }}
+ cache-role-to-assume: ${{ secrets.CACHE_ROLE_TO_ASSUME }}
 
  - name: Version Packages
  run: yarn lerna version minor --yes --allow-branch ${{ github.event.inputs.branch }} --no-git-tag-version --no-commit-hooks --no-private