Push to S3 #53
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Push to S3 | |
| on: | |
| release: | |
| types: [published, created] | |
| workflow_dispatch: | |
| permissions: | |
| id-token: write | |
| contents: read | |
| jobs: | |
| upload-to-s3: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Verify release is from main branch | |
| if: github.event_name == 'release' || github.event_name == 'workflow_dispatch' | |
| run: | | |
| if [ "${{ github.event_name }}" = "release" ]; then | |
| # Get the commit SHA for the release tag | |
| TAG_COMMIT=$(git rev-list -n 1 ${{ github.event.release.tag_name }}) | |
| # Check if this commit is on the main branch | |
| if git merge-base --is-ancestor $TAG_COMMIT origin/main; then | |
| echo "Tag ${{ github.event.release.tag_name }} is on main branch" | |
| else | |
| echo "Tag ${{ github.event.release.tag_name }} is NOT on main branch, skipping S3 push" | |
| exit 1 | |
| fi | |
| elif [ "${{ github.event_name }}" = "workflow_dispatch" ]; then | |
| if [ "${{ github.ref }}" = "refs/heads/main" ]; then | |
| echo "workflow_dispatch triggered from main branch" | |
| else | |
| echo "workflow_dispatch must be run from main branch, not ${{ github.ref }}" | |
| exit 1 | |
| fi | |
| fi | |
| - name: Configure AWS credentials using OIDC | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: arn:aws:iam::${{ vars.AWS_ACCOUNT_ID }}:role/GitHubActionsS3Role | |
| aws-region: us-east-1 | |
| - name: Create and upload template.tar.gz | |
| run: | | |
| # Create tarball excluding .git and target directories | |
| # Write to /tmp to avoid modifying the source directory during archiving | |
| tar -czvf /tmp/template.tar.gz \ | |
| --exclude='.git' \ | |
| --exclude='target' \ | |
| . | |
| # Upload to S3 | |
| aws s3 cp /tmp/template.tar.gz s3://helix-repo/template.tar.gz | |
| - name: Upload completion notification | |
| if: success() | |
| run: | | |
| echo "Successfully uploaded template.tar.gz to S3 bucket: helix-repo" | |
| echo "Upload triggered by: ${{ github.event_name }}" | |
| echo "Reference: ${{ github.ref }}" |