From dcedf90b03ef505c2a47278926801e404801545c Mon Sep 17 00:00:00 2001 From: Simon Li Date: Wed, 7 Jun 2023 19:18:12 +0100 Subject: [PATCH] Add GH workflow to check EKS access --- .github/workflows/aws-dev.yml | 41 ++++++++++++++++++++++++++ terraform/aws/curvenote/github-oidc.tf | 2 +- 2 files changed, 42 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/aws-dev.yml diff --git a/.github/workflows/aws-dev.yml b/.github/workflows/aws-dev.yml new file mode 100644 index 0000000000..1f057fdba3 --- /dev/null +++ b/.github/workflows/aws-dev.yml @@ -0,0 +1,41 @@ +# This is a temporary workflow to check whether AWS OIDC EKS access is working +name: AWS development + +concurrency: awsdev-eks + +on: + push: + branches: + - aws-curvenote + +# Global environment variables +env: + AWS_REGION: us-east-2 + +jobs: + # In this dedicated job to deploy our staging environment we build and push + # images that the jobs to deploy to the production environments depend on. + awsdev-eks: + runs-on: ubuntu-22.04 + continue-on-error: ${{ matrix.experimental }} + timeout-minutes: 5 + # These permissions are needed to interact with GitHub's OIDC Token endpoint. + permissions: + id-token: write + contents: read + + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v2 + with: + role-to-assume: arn:aws:iam::${{ secrets.AWS_CURVENOTE_ACCOUNT_ID }}:role/binderhub-github-oidc-mybinderorgdeploy + aws-region: us-east-2 + + - name: Check EKS access + run: | + aws sts get-caller-identity + aws eks update-kubeconfig --name binderhub + kubectl get nodes diff --git a/terraform/aws/curvenote/github-oidc.tf b/terraform/aws/curvenote/github-oidc.tf index 3bd0f4f7d9..a6cdf569c0 100644 --- a/terraform/aws/curvenote/github-oidc.tf +++ b/terraform/aws/curvenote/github-oidc.tf @@ -53,4 +53,4 @@ resource "aws_iam_role" "github_oidc_mybinderorgdeploy" { }) } permissions_boundary = local.permissions_boundary_arn -} \ No newline at end of file +}