AWS Images #454
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: AWS Images | |
on: | |
schedule: | |
- cron: "45 3 * * *" | |
# push: | |
# branches: | |
# - main | |
workflow_dispatch: | |
inputs: | |
environment: | |
description: 'Choose your deployment target environment' | |
required: true | |
default: 'staging' | |
type: choice | |
options: | |
- 'production' | |
- 'staging' | |
permissions: | |
actions: write | |
contents: write | |
id-token: write | |
env: | |
AWS_DEFAULT_OUTPUT: json | |
AWS_PAGER: "" | |
jobs: | |
setup: | |
name: Setup workflow envs | |
runs-on: ubuntu-latest | |
outputs: | |
environment: ${{ steps.set-environment.outputs.environment }} | |
bucket: ${{ steps.set-bucket.outputs.bucket }} | |
steps: | |
# Only set target environment to production if the workflow is triggered by | |
# a scheduled execution or workflow_dispatch with production input selected | |
- name: Setup target environment | |
id: set-environment | |
run: | | |
if [ "${{ github.event_name }}" = "schedule" ] || [ "${{ inputs.environment }}" = "production" ]; then | |
echo "environment=production" >> $GITHUB_OUTPUT | |
else | |
echo "environment=staging" >> $GITHUB_OUTPUT | |
fi | |
- name: Setup target bucket | |
# Set target bucket according to target environment | |
id: set-bucket | |
run: | | |
if [ "${{ github.event_name }}" = "schedule" ] || [ "${{ inputs.environment }}" = "production" ]; then | |
echo "bucket=cloudx-json-bucket" >> $GITHUB_OUTPUT | |
else | |
echo "bucket=cid-bucket-staging" >> $GITHUB_OUTPUT | |
fi | |
get_images: | |
name: "Get Images" | |
runs-on: ubuntu-latest | |
needs: setup | |
env: | |
ENVIRONMENT: ${{ needs.setup.outputs.environment }} | |
BUCKET: ${{ needs.setup.outputs.bucket }} | |
steps: | |
- name: Clone repo | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Checkout latest tagged release | |
if: env.ENVIRONMENT == 'production' | |
run: | | |
LATEST_RELEASE=$(git describe --tags `git rev-list --tags --max-count=1`) | |
git checkout $LATEST_RELEASE | |
- name: Install awscli v2 | |
uses: unfor19/install-aws-cli-action@v1 | |
- name: Configure AWS credentials for retrieving regions. | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
role-to-assume: arn:aws:iam::426579533370:role/github_actions_image_retriever | |
role-duration-seconds: 1800 | |
aws-region: us-east-1 | |
- name: Get current list of AWS regions | |
run: | | |
aws ec2 describe-regions \ | |
--filters Name=opt-in-status,Values=opted-in,opt-in-not-required | | |
jq -r '.Regions[].RegionName' | sort > regions.txt | |
- name: Get images from each region | |
run: | | |
mkdir -vp output | |
for REGION in $(cat regions.txt); do | |
echo "Getting images for ${REGION}..." | |
aws --region=${REGION} ec2 describe-images \ | |
--filters "Name=owner-id,Values=309956199498" "Name=is-public,Values=true" | \ | |
jq -c '.Images | sort_by(.ImageId)' | | |
jq ".[] + {\"Region\": \"${REGION}\"}" \ | |
> output/${REGION}.json | |
done | |
- name: Create a single AWS JSON file | |
run: | | |
mkdir -p raw/aws | |
jq -c -s '.' output/*.json > raw/aws/aws.json | |
- name: Configure AWS credentials for production | |
uses: aws-actions/configure-aws-credentials@v4 | |
if: env.ENVIRONMENT == 'production' | |
with: | |
role-to-assume: arn:aws:iam::426579533370:role/github_actions_image_retriever | |
role-duration-seconds: 1800 | |
aws-region: us-east-1 | |
- name: Configure AWS credentials for staging | |
uses: aws-actions/configure-aws-credentials@v4 | |
if: env.ENVIRONMENT == 'staging' | |
with: | |
role-to-assume: arn:aws:iam::426579533370:role/github_actions_cloud_image_directory_staging | |
role-duration-seconds: 1800 | |
aws-region: us-east-1 | |
- name: Upload raw data to S3 | |
run: | | |
aws s3 sync \ | |
--acl public-read \ | |
--delete \ | |
--no-progress \ | |
--content-type application/json \ | |
$(pwd)/raw/aws/ s3://${BUCKET}/raw/aws/ |