diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index 8038361..8619330 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -12,6 +12,9 @@ jobs: build: name: Build Docker Image runs-on: ubuntu-latest + permissions: + id-token: write + contents: read steps: - name: Check out code @@ -20,13 +23,12 @@ jobs: - name: Configure AWS credentials uses: aws-actions/configure-aws-credentials@v4 with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws-region: us-east-1 + role-to-assume: ${{ secrets.AWS_DEV_GITHUB_ACTION_ROLE }} + aws-region: ${{ secrets.AWS_REGION }} - name: Log in to Amazon ECR run: | - aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin ${{ secrets.AWS_ECR_REPOSITORY }} + aws ecr get-login-password --region ${{ secrets.AWS_REGION }} | docker login --username AWS --password-stdin ${{ secrets.AWS_ECR_REPOSITORY }} - name: Build and Push Docker Image to ECR run: | @@ -43,6 +45,7 @@ jobs: uses: appleboy/ssh-action@v1.0.3 env: AWS_ECR_REPOSITORY: ${{ secrets.AWS_ECR_REPOSITORY }} + AWS_REGION: ${{ secrets.AWS_REGION }} with: host: ${{ secrets.EC2_HOST_IP }} username: ${{ secrets.EC2_USER }} @@ -53,7 +56,7 @@ jobs: cd /opt/app/ButakeroMusicBotGo git pull # Autenticarse en ECR - aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin $AWS_ECR_REPOSITORY + aws ecr get-login-password --region $AWS_REGION | docker login --username AWS --password-stdin $AWS_ECR_REPOSITORY docker-compose -f production-docker-compose.yml down docker-compose -f production-docker-compose.yml pull docker-compose -f production-docker-compose.yml up -d --build diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 2a17077..0de83e2 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -68,7 +68,7 @@ jobs: sudo cp venv/bin/yt-dlp /usr/local/bin/ sudo chmod +x /usr/local/bin/yt-dlp - + # Instalar yt-dlp y el paquete oauth2 dentro del entorno virtual pip install -U yt-dlp pip install -U https://github.com/coletdjnz/yt-dlp-youtube-oauth2/archive/refs/heads/master.zip @@ -89,6 +89,9 @@ jobs: integration-tests: runs-on: ubuntu-latest + permissions: + id-token: write + contents: read steps: - name: Checkout code uses: actions/checkout@v4 @@ -106,15 +109,18 @@ jobs: restore-keys: | ${{ runner.os }}-go- + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ secrets.AWS_DEV_GITHUB_ACTION_ROLE }} + aws-region: ${{ secrets.AWS_REGION }} + - name: Run integration tests env: YOUTUBE_API_KEY: ${{ secrets.YOUTUBE_API_KEY }} BUCKET_NAME: ${{ secrets.BUCKET_NAME }} - REGION: ${{ secrets.REGION }} DYNAMODB_TABLE_NAME_SONGS: ${{ secrets.DYNAMODB_TABLE_NAME_SONGS }} DYNAMODB_TABLE_NAME_OPERATION: ${{ secrets.DYNAMODB_TABLE_NAME_OPERATION }} - ACCESS_KEY: ${{ secrets.AWS_ACCESS_KEY_ID }} - SECRET_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} SQS_QUEUE_URL: ${{ secrets.SQS_QUEUE_URL }} run: make integration-test @@ -128,16 +134,3 @@ jobs: with: name: integration-coverage-report path: integration-coverage.html - - notify: - needs: [lint, unit-tests, integration-tests] - runs-on: ubuntu-latest - steps: - - name: Notify success or failure - run: | - if [ "${{ job.status }}" = "success" ]; then - echo "All tests and lint checks passed successfully!" - else - echo "Some tests or lint checks failed. Please check the logs for more details." - exit 1 - fi