Use configure-aws-credentials
workflow instead of passing secret_access_key
#15
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build Release Packages | |
on: | |
release: | |
types: [published] | |
pull_request: | |
paths: | |
- '.github/workflows/build-release-packages.yml' | |
- '.github/workflows/call-build-linux-arm-packages.yml' | |
- '.github/workflows/call-build-linux-x86_64-packages.yml' | |
- 'utils/releasetools/**' | |
workflow_dispatch: | |
inputs: | |
version: | |
description: Version of Valkey to build | |
required: true | |
permissions: | |
id-token: write | |
contents: read | |
jobs: | |
# This job provides the version metadata from the tag for the other jobs to use. | |
release-build-get-meta: | |
name: Get metadata to build | |
runs-on: ubuntu-latest | |
outputs: | |
version: ${{ steps.get_version.outputs.VERSION }} | |
is_test: ${{ steps.check-env.outputs.IS_TEST }} | |
steps: | |
- run: | | |
echo "Version: ${{ inputs.version || github.ref_name }}" | |
shell: bash | |
# This step is to consolidate the three different triggers into a single "version" | |
# 1. If manual dispatch - use the version provided. | |
# 3. If tag trigger, use that tag. | |
- name: Get the version | |
id: get_version | |
run: | | |
if [[ "${{ github.event_name }}" == "pull_request" ]]; then | |
VERSION="unstable" | |
else | |
VERSION="${INPUT_VERSION}" | |
fi | |
if [ -z "${VERSION}" ]; then | |
echo "Error: No version specified" | |
exit 1 | |
fi | |
echo "VERSION=$VERSION" >> $GITHUB_OUTPUT | |
shell: bash | |
env: | |
# Use the dispatch variable in preference, if empty use the context ref_name which should | |
# only ever be a tag | |
INPUT_VERSION: ${{ inputs.version || github.ref_name }} | |
- name: Set bucket name | |
id: check-env | |
run: | | |
if [[ "${{ github.event_name }}" == "pull_request" ]]; then | |
echo "IS_TEST=true" >> $GITHUB_OUTPUT | |
else | |
echo "IS_TEST=false" >> $GITHUB_OUTPUT | |
fi | |
shell: bash | |
generate-build-matrix: | |
name: Generating build matrix | |
runs-on: ubuntu-latest | |
outputs: | |
x86_64-build-matrix: ${{ steps.set-matrix.outputs.x86_64-build-matrix }} | |
arm64-build-matrix: ${{ steps.set-matrix.outputs.arm64-build-matrix }} | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
# Set up the list of target to build so we can pass the JSON to the reusable job | |
- uses: ./.github/actions/generate-package-build-matrix | |
id: set-matrix | |
with: | |
ref: ${{ needs.release-build-get-meta.outputs.version }} | |
release-build-linux-x86-packages: | |
needs: | |
- release-build-get-meta | |
- generate-build-matrix | |
uses: ./.github/workflows/call-build-linux-x86-packages.yml | |
with: | |
version: ${{ needs.release-build-get-meta.outputs.version }} | |
ref: ${{ inputs.version || github.ref_name }} | |
build_matrix: ${{ needs.generate-build-matrix.outputs.x86_64-build-matrix }} | |
region: us-west-2 | |
secrets: | |
bucket_name: ${{ needs.release-build-get-meta.outputs.is_test == 'true' && secrets.AWS_TEST_BUCKET || secrets.AWS_S3_BUCKET }} | |
role_to_assume: ${{ secrets.AWS_ROLE_TO_ASSUME }} | |
release-build-linux-arm-packages: | |
needs: | |
- release-build-get-meta | |
- generate-build-matrix | |
uses: ./.github/workflows/call-build-linux-arm-packages.yml | |
with: | |
version: ${{ needs.release-build-get-meta.outputs.version }} | |
ref: ${{ inputs.version || github.ref_name }} | |
build_matrix: ${{ needs.generate-build-matrix.outputs.arm64-build-matrix }} | |
region: us-west-2 | |
secrets: | |
bucket_name: ${{ needs.release-build-get-meta.outputs.is_test == 'true' && secrets.AWS_TEST_BUCKET || secrets.AWS_S3_BUCKET }} | |
role_to_assume: ${{ secrets.AWS_ROLE_TO_ASSUME }} |