My YML so far, kept adding bits based on other stackoverflow threads + docs:
name: Node install, build and test
on: [push]
jobs:
build:
runs-on: ubuntu-latest
strategy:
matrix:
node-version: [12.x]
steps:
- uses: actions/checkout#v1
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node#v1
with:
node-version: ${{ matrix.node-version }}
- name: Create NPMRC
run: echo "//registry.npmjs.org/:_authToken=${{ secrets.GITHUB_TOKEN }}" > ~/.npmrc
env:
NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN}}
- name: Publish to Github Packages
run: |
npm config set _auth $NODE_AUTH_TOKEN
npm publish
env:
NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN}}
In my package.json I have:
"publishConfig": {
"registry": "https://npm.pkg.github.com/"
},
And with the above config I keep getting
E400 Bad Request
Your request could not be authenticated by the Github Pacakges service. Please ensure your access token is valid and has the appropriate scopes configured.
You are writing the wrong content to the ~/.npmrc file.
It should be //npm.pkg.github.com/:_authToken=${{ secrets.GITHUB_TOKEN }} but you are doing //registry.npmjs.org/:_authToken=${{ secrets.GITHUB_TOKEN }}
Related
I am working on syncing my GitHub repo with S3 bucket and I don't want to pass my AWS credentials as GitHub secrets. I already tried passing my credentials through GitHub secret and the code works. However, when I try to get GitHub to assume a role to perform the operations, I keep getting errors. Please see the code and images below.
GitHub main.yml
name: Upload Website
on:
push:
branches:
- main
jobs:
deploy:
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
steps:
- name: Git checkout
uses: actions/checkout#v3
- name: Configure AWS credentials from AWS account
uses: aws-actions/configure-aws-credentials#v1
with:
role-to-assume: ${{ secrets.AWS_ROLE }}[
aws-region: ${{ secrets.AWS_REGION }}
role-session-name: GitHub-OIDC-frontend
- uses: actions/checkout#master
- uses: jakejarvis/s3-sync-action#master
with:
args: --follow-symlinks --exclude '.git/*' --exclude '.github/*'
env:
AWS_REGION: ${{ secrets.AWS_REGION }}
AWS_S3_BUCKET: ${{ secrets.AWS_S3_BUCKET }}
- name: Invalidate CloudFront
uses: chetan/invalidate-cloudfront-action#v2
env:
DISTRIBUTION: ${{ secrets.AWS_CF_DISTRIBUTION_ID }}
PATHS: "/index.html"
AWS ROLE POLICY
{
"Version": "2008-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Federated": "arn:aws:iam::************:oidc-provider/token.actions.githubusercontent.com"
},
"Action": "sts:AssumeRoleWithWebIdentity",
"Condition": {
"StringEquals": {
"token.actions.githubusercontent.com:sub": [
"repo:ACCOUNT_ID/REPO_NAME:*",
"repo:ACCOUNT_ID/REPO_NAME:*"
],
"token.actions.githubusercontent.com:aud": "sts.amazonaws.com"
}
}
}
]
}
GITHUB ERROR
Run aws-actions/configure-aws-credentials#v1
with:
role-to-assume: ***
aws-region: ***
role-session-name: GitHub-OIDC-frontend
audience: sts.amazonaws.com
Error: Not authorized to perform sts:AssumeRoleWithWebIdentity
Did you set the claim_keys via the Github REST API?
If you are using the github cli, it looks something like this
gh api /repos/ACCOUNT_ID/REPO_NAME/actions/oidc/customization/sub --method PUT --input ./body.txt
where body.txt looks like
{"use_default":false,"include_claim_keys":["repo"]}
Im also curious if there is an issue with your token.actions.githubusercontent.com:sub values. Is that star just explicitly allowing any other claims in? You may want (or need) to knock that down to just repo:ACCOUNT_ID/REPO_NAME.
Why not create an user? Here is a solution similar to the problem described.
# Workflow name
name: S3 Deploy
on:
workflow_dispatch:
push:
paths:
- 'app/**'
- '.github/workflows/deploy.yml'
jobs:
build-and-deploy:
runs-on: ubuntu-latest
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: sa-east-1
BUCKET_NAME: caiogomes.me
steps:
- name: Install hugo
run: sudo apt install hugo
- name: Install aws cli
id: install-aws-cli
uses: unfor19/install-aws-cli-action#v1
with:
version: 2
verbose: false
arch: amd64
rootdir: ""
workdir: ""
- name: Set AWS credentials
run: export AWS_ACCESS_KEY_ID=${{ secrets.AWS_ACCESS_KEY_ID }} && export AWS_SECRET_ACCESS_KEY=${{ secrets.AWS_SECRET_ACCESS_KEY }}
- name: Checkout repository
uses: actions/checkout#v3
with:
submodules: 'true'
- name: Build
run: cd app/ && hugo
- name: Upload files to S3
run: aws s3 sync app/public/ s3://${{ env.BUCKET_NAME }}/ --exact-timestamps --delete
create-cloudfront-invalidation:
needs: build-and-deploy
runs-on: ubuntu-latest
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: sa-east-1
CLOUDFRONT_DISTRIBUTION_ID: ${{ secrets.CLOUDFRONT_DISTRIBUTION_ID }}
steps:
- name: Install aws cli
id: install-aws-cli
uses: unfor19/install-aws-cli-action#v1
with:
version: 2
verbose: false
arch: amd64
rootdir: ""
workdir: ""
- name: Set AWS credentials
run: export AWS_ACCESS_KEY_ID=${{ secrets.AWS_ACCESS_KEY_ID }} && export AWS_SECRET_ACCESS_KEY=${{ secrets.AWS_SECRET_ACCESS_KEY }}
- name: Invalidate clodufront distribution
run: aws cloudfront create-invalidation --distribution-id ${{ secrets.CLOUDFRONT_DISTRIBUTION_ID }} --paths "/*"
Here is the repo: https://github.com/caiocsgomes/caiogomes.me
I am trying to do ci/cd with github actions and aws code deploy to the ec2 instance.
I have one ec2 instance and three github repositories(each repository has their own gitflow as well)
name: Deployment
on:
push:
branches:
- main
pull_request:
branches:
- main
jobs:
buildAndTest:
name: CI Pipeline
runs-on: ubuntu-latest
strategy:
matrix:
node-version: [ '14.x' ]
steps:
- uses: actions/checkout#v2
# Initialize Node.js
- name: Install Node.js ${{ matrix.node-version }}
uses: actions/setup-node#v1
with:
node-version: ${{ matrix.node-version }}
# Install project dependencies, test and build
- name: Install dependencies
run: yarn
- name: Run build
run: yarn build
deploy:
runs-on: ubuntu-latest
strategy:
matrix:
node-version: ['14.x']
appname: ['app_name']
deploy-group: ['group_name']
region: ['region']
needs: [buildAndTest]
if: github.ref == 'refs/heads/main'
steps:
- uses: actions/checkout#v2
# Initialize Node.js
- name: Install Node.js ${{ matrix.node-version }}
uses: actions/setup-node#v1
with:
node-version: ${{ matrix.node-version }}
# Step 1
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials#v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ matrix.region }}
# Step 2
- name: Create CodeDeploy Deployment
id: deploy
run: |
aws deploy create-deployment \
--application-name ${{ matrix.appname }} \
--deployment-group-name ${{ matrix.deploy-group }} \
--deployment-config-name CodeDeployDefault.OneAtATime \
--github-location repository=${{ github.repository }},commitId=${{ github.sha }}
It works good when I push or do pull request to one repo, but when I push two repo at once which means I am gonna push and deploy concurrently, only one is success and another one is failed.
version: 0.0
os: linux
files:
- source: .
destination: /var/www/source
hooks:
ApplicationStart:
- location: deploy.sh // yarn install and restart server.
timeout: 300
runas: root
What is really curious is that except main location(in ec2), some files excluding build or so in other repos(two) are removed ???
I am using the same application and group id for three repositories and Is it a problem?
Any help would be super helpful :)
AWS CodeDeploy application group can not make two deployments at the same time.
I'm using GitHub actions for deploy. And i need to build vuejs app, every time when pushing. Now all working coorectly, but every time i spend action minutes for npm install.
Can i install modules 1 time, and not reinstall it after every deploy?
on: push
name: 🚀 Deploy website on push
jobs:
web-deploy:
name: 🎉 Deploy
runs-on: ubuntu-latest
strategy:
matrix:
node-version: [15.x]
steps:
- name: 🚚 Get latest code
uses: actions/checkout#v2.3.2
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node#v1
with:
node-version: ${{ matrix.node-version }}
- run: npm install --legacy-peer-deps
- run: npm run build
- name: 📂 Sync files
uses: SamKirkland/FTP-Deploy-Action#4.0.0
with:
server: ${{ secrets.host}}
username: ${{ secrets.user}}
password: ${{ secrets.pass }}
local-dir: dist/
dangerous-clean-slate: true
I'm learning CI CD to deploy REST API to VPS using Github Actions.
I am confused about how to make a dotenv file so that it is on the VPS server using Github Actions, because this REST API requires a Jsonwebtoken key and I have to insert it in the .env file. I've tried several ways but nothing works.
If you have the answer, please modify my .yml file below and include your answer so I can understand it clearly.
I really appreciate any answer.
name: Node.js CICD
on:
push:
branches: [master]
pull_request:
branches: [master]
jobs:
test:
runs-on: ubuntu-latest
strategy:
matrix:
node-version: [14.x]
steps:
- name: Checkout
uses: actions/checkout#v2
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node#v1
with:
node-version: ${{ matrix.node-version }}
- name: create env file
run: |
touch .env
echo JWT_ACCESS_TOKEN_SECRET=${{ secrets.JWT_ACCESS_TOKEN_SECRET }} >> .env
- name: install and test
run: |
npm i
npm run build --if-present
npm run test
env:
CI: true
deploy:
needs: [test]
runs-on: ubuntu-latest
steps:
- name: deploy with SSH
uses: appleboy/ssh-action#master
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
key: ${{ secrets.PRIVATE_KEY }}
port: 22
script: |
cd ~/apps/routeros-api
git pull origin master
npm i --production
pm2 restart routeros-api
I have a github action which is building the React app (based on create-react-app) and deploying it to AWS S3. I have to pass some environment variables to correctly run yarn build command.
I could hold them directly in .env file, but I don't want to hold them inside the repository. Currently I'm just adding environment variables right before the yarn build command, but it's annoying solution and seems to be a bit hacky. Ideally, I'd like to inject .env.local file with my own configuration, but I don't have any good idea how to do it.
Here's my build.yml file:
name: Build
on:
push:
branches:
- master
jobs:
build:
runs-on: ubuntu-latest
strategy:
matrix:
node-version: [12.13.1]
steps:
- uses: actions/checkout#v1
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node#v1
with:
node-version: ${{ matrix.node-version }}
- name: Yarn install
run: yarn install
- name: Build
run: REACT_APP_GRAPHQL_URL=https://some.url/graphql CI=false yarn build
- name: Deploy to S3
uses: jakejarvis/s3-sync-action#master
with:
args: --acl public-read --delete
env:
AWS_S3_BUCKET: my-bucket-name
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_REGION: ${{ secrets.AWS_REGION }}
SOURCE_DIR: "build"
So as you can see the magic happens here:
run: REACT_APP_GRAPHQL_URL=https://some.url/graphql CI=false yarn build
How can I make it look nicer? It's quite ok when I have two variables, but what if I'll have dozens of them?
By the way - it's a private repository, if it makes any difference.
And I don't want to use another CI solution, currently Github Actions seems to be enough for me.
you can do magic like this,
name: Build
on:
push:
branches:
- master
env:
CI : false
REACT_APP_GRAPHQL_URL : https://some.url/graphql
jobs:
build:
runs-on: ubuntu-latest
strategy:
matrix:
node-version: [12.13.1]
steps:
- uses: actions/checkout#v1
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node#v1
with:
node-version: ${{ matrix.node-version }}
- name: Yarn install
run: yarn install
- name: Build
run: yarn build
- name: Deploy to S3
uses: jakejarvis/s3-sync-action#master
with:
args: --acl public-read --delete
env:
AWS_S3_BUCKET: my-bucket-name
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_REGION: ${{ secrets.AWS_REGION }}
SOURCE_DIR: "build"
I think it makes look nicer