chore: fix use github token #1
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Update cache control policy | ||
| on: | ||
| workflow_dispatch: | ||
| inputs: | ||
| policy_type: | ||
| type: choice | ||
| description: Select the cache control policy type | ||
| required: true | ||
| options: | ||
| - no-store | ||
| - max-age=3600 | ||
| workflow_call: | ||
| inputs: | ||
| policy_type: | ||
| type: string | ||
| required: true | ||
| secrets: | ||
| AWS_PROD_ACCOUNT_ID: | ||
| required: true | ||
| AWS_PROD_S3_BUCKET_NAME: | ||
| required: true | ||
| AWS_PROD_S3_SYNC_ROLE: | ||
| required: true | ||
| PAT: | ||
| required: true | ||
| GITHUB_TOKEN: | ||
|
Check failure on line 27 in .github/workflows/update-cache-policy.yml
|
||
| required: true | ||
| permissions: | ||
| id-token: write # allows the JWT to be requested from GitHub's OIDC provider | ||
| contents: read # This is required for actions/checkout | ||
| jobs: | ||
| check-actor: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Check if valid actor | ||
| env: | ||
| ORG_NAME: rudderlabs | ||
| TEAM_NAME: js-sdk | ||
| run: | | ||
| actor=${{ github.actor || github.triggering_actor }} | ||
| response=$(curl -L \ | ||
| -H "Accept: application/vnd.github+json" \ | ||
| -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \ | ||
| -H "X-GitHub-Api-Version: 2022-11-28" \ | ||
| https://api.github.com/orgs/${{ env.ORG_NAME }}/teams/${{ env.TEAM_NAME }}/memberships/$actor) | ||
| echo "Response: $response" | ||
| if echo "$response" | grep -q '"state": "active"'; then | ||
| echo "$actor is a member of $TEAM_NAME" | ||
| else | ||
| echo "$actor is NOT a member of $TEAM_NAME" | ||
| exit 1 | ||
| fi | ||
| update-cache-policy: | ||
| needs: check-actor | ||
| name: Update cache control policy for SDK artifacts | ||
| runs-on: [self-hosted, Linux, X64] | ||
| steps: | ||
| - name: Install AWS CLI | ||
| uses: unfor19/install-aws-cli-action@master | ||
| - name: Configure AWS credentials | ||
| uses: aws-actions/configure-aws-credentials@v4 | ||
| with: | ||
| role-to-assume: arn:aws:iam::${{ secrets.AWS_PROD_ACCOUNT_ID }}:role/${{ secrets.AWS_PROD_S3_SYNC_ROLE }} | ||
| aws-region: us-east-1 | ||
| - name: Determine the cache control policy | ||
| id: determine_policy | ||
| run: | | ||
| echo "cache_control_policy=${{ github.event.inputs.policy_type || inputs.policy_type }}" >> $GITHUB_ENV | ||
| - name: Update cache control policy | ||
| run: | | ||
| # Get the number of CPU cores in the runner and leave one core free | ||
| num_cores=$(nproc --ignore=1 || echo 1) # Default to 1 if nproc is unavailable | ||
| # Use a factor to set the parallel jobs (e.g., number of cores or slightly lower) | ||
| parallel_jobs=$((num_cores * 2)) | ||
| echo "Detected $num_cores cores. Using $parallel_jobs parallel jobs." | ||
| prefixes=("adobe-analytics-js") | ||
| for prefix in "${prefixes[@]}"; do | ||
| echo "Processing prefix: $prefix" | ||
| aws s3api list-objects --bucket ${{ secrets.AWS_PROD_S3_BUCKET_NAME }} --prefix "$prefix" --query "Contents[].Key" --output text | tr '\t' '\n' | \ | ||
| parallel --retries 10 -j "$parallel_jobs" "aws s3api copy-object \ | ||
| --bucket ${{ secrets.AWS_PROD_S3_BUCKET_NAME }} \ | ||
| --copy-source ${{ secrets.AWS_PROD_S3_BUCKET_NAME }}/{} \ | ||
| --key {} \ | ||
| --metadata-directive REPLACE \ | ||
| --cache-control '${{ env.cache_control_policy }}'" | ||
| done | ||
