Skip to content

Commit

Permalink
fix: give permissions required for jwt validation in github
Browse files Browse the repository at this point in the history
  • Loading branch information
johnrwatson committed Nov 11, 2024
1 parent 19022fd commit 1cc3538
Show file tree
Hide file tree
Showing 11 changed files with 59 additions and 4 deletions.
13 changes: 9 additions & 4 deletions .github/workflows/deploy-auth-api.yml
Original file line number Diff line number Diff line change
Expand Up @@ -6,17 +6,22 @@ env:
AUTH_API_CLUSTER: shared-cluster
AUTH_API_SERVICE: auth-api

# Required for IDP JWT and actions/checkout
permissions:
id-token: write
contents: read

jobs:
deploy:
name: Deploy latest stable image
environment: shared
runs-on: ubuntu-latest
steps:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v1.7.0
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_KEY }}
role-to-assume: ${{ vars.AWS_ASSUME_ROLE_ARN }}
role-session-name: GitHub_to_AWS_via_FederatedOIDC
aws-region: us-east-1
- name: Trigger ECS Deploy
run: |
Expand Down
5 changes: 5 additions & 0 deletions .github/workflows/deploy-module-index.yml
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,11 @@ env:
MODULE_INDEX_CLUSTER: shared-cluster
MODULE_INDEX_SERVICE: module-index

# Required for IDP JWT and actions/checkout
permissions:
id-token: write
contents: read

jobs:
deploy:
name: Deploy latest stable image
Expand Down
5 changes: 5 additions & 0 deletions .github/workflows/down-service.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,11 @@ name: Bring Down Service

run-name: Bringing ${{ inputs.service }} down

# Required for IDP JWT and actions/checkout
permissions:
id-token: write
contents: read

on:
workflow_call:
inputs:
Expand Down
5 changes: 5 additions & 0 deletions .github/workflows/instance-refresh.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,11 @@ name: Instance refresh

run-name: Replacing instances for ${{ inputs.service }}

# Required for IDP JWT and actions/checkout
permissions:
id-token: write
contents: read

on:
workflow_call:
inputs:
Expand Down
5 changes: 5 additions & 0 deletions .github/workflows/invoke-and-check-invalidations.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,11 @@ name: Instigate & Check CDN State

run-name: Instigate & Check CDN State for ${{ inputs.environment }}

# Required for IDP JWT and actions/checkout
permissions:
id-token: write
contents: read

on:
workflow_call:
inputs:
Expand Down
5 changes: 5 additions & 0 deletions .github/workflows/migrate-sdf.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,10 @@
name: Migrate SDF

# Required for IDP JWT and actions/checkout
permissions:
id-token: write
contents: read

on:
workflow_call:
inputs:
Expand Down
5 changes: 5 additions & 0 deletions .github/workflows/set-maintenance-mode.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,10 @@
name: Set maintenance mode

# Required for IDP JWT and actions/checkout
permissions:
id-token: write
contents: read

on:
workflow_call:
inputs:
Expand Down
5 changes: 5 additions & 0 deletions .github/workflows/set-service-version.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,11 @@ name: Set Service Version

run-name: Setting ${{ inputs.service }} to version {{ inputs.version }} for {{ inputs.environment }}

# Required for IDP JWT and actions/checkout
permissions:
id-token: write
contents: read

on:
workflow_call:
inputs:
Expand Down
5 changes: 5 additions & 0 deletions .github/workflows/up-service.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,11 @@ name: Bring Up Service

run-name: Bringing ${{ inputs.service }} up

# Required for IDP JWT and actions/checkout
permissions:
id-token: write
contents: read

on:
workflow_call:
inputs:
Expand Down
5 changes: 5 additions & 0 deletions .github/workflows/upgrade-service.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,11 @@ name: Upgrade Service

run-name: Upgrading ${{ inputs.service }}

# Required for IDP JWT and actions/checkout
permissions:
id-token: write
contents: read

on:
workflow_call:
inputs:
Expand Down
5 changes: 5 additions & 0 deletions .github/workflows/upgrade-web.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,10 @@
name: Upgrade web

# Required for IDP JWT and actions/checkout
permissions:
id-token: write
contents: read

on:
workflow_call:
inputs:
Expand Down

0 comments on commit 1cc3538

Please sign in to comment.