Skip to content

Commit 3b82011

Browse files
harshavemula-uaharshavemula-ua
committed
Revert workflow to AWS secret key authentication (keep Lambda fixes)
Keep the Lambda improvements: - Pricing API retry logic with exponential backoff and fallback - Stopper Lambda error handling for missing InstanceId/volume_id Only revert the workflow authentication method back to AWS secret keys to test if credentials are properly configured in GitHub Secrets.
1 parent 3a2b67b commit 3b82011

File tree

1 file changed

+18
-26
lines changed

1 file changed

+18
-26
lines changed

.github/workflows/infra_deploy_val.yaml

Lines changed: 18 additions & 26 deletions
Original file line numberDiff line numberDiff line change
@@ -30,7 +30,6 @@ jobs:
3030
name: Generate VPU Execution Files
3131
runs-on: ubuntu-latest
3232
permissions:
33-
id-token: write
3433
contents: read
3534
steps:
3635
- name: Checkout code
@@ -49,12 +48,12 @@ jobs:
4948
pip install --upgrade awscli
5049
pip install --upgrade awscli boto3 pandas
5150
52-
- name: Configure AWS Credentials (OIDC)
51+
- name: Configure AWS Credentials
5352
uses: aws-actions/configure-aws-credentials@v4
5453
with:
55-
role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
54+
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
55+
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
5656
aws-region: ${{ env.AWS_REGION }}
57-
role-session-name: GitHubActions-GenerateExecutions
5857

5958

6059
- name: Generate execution files
@@ -83,7 +82,6 @@ jobs:
8382
permissions:
8483
contents: read
8584
pull-requests: write
86-
id-token: write
8785
security-events: write
8886

8987
steps:
@@ -103,12 +101,12 @@ jobs:
103101
pip install --upgrade awscli
104102
pip install --upgrade awscli boto3 pandas
105103
106-
- name: Configure AWS Credentials (OIDC)
104+
- name: Configure AWS Credentials
107105
uses: aws-actions/configure-aws-credentials@v4
108106
with:
109-
role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
107+
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
108+
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
110109
aws-region: ${{ env.AWS_REGION }}
111-
role-session-name: GitHubActions-TerraformCheck
112110

113111
- name: Setup Terraform
114112
uses: hashicorp/setup-terraform@v3
@@ -237,7 +235,6 @@ jobs:
237235

238236
permissions:
239237
contents: read
240-
id-token: write
241238

242239
steps:
243240
- name: Checkout code
@@ -255,12 +252,12 @@ jobs:
255252
pip install --upgrade pip
256253
pip install --upgrade awscli boto3 pandas
257254
258-
- name: Configure AWS Credentials (OIDC)
255+
- name: Configure AWS Credentials
259256
uses: aws-actions/configure-aws-credentials@v4
260257
with:
261-
role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
258+
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
259+
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
262260
aws-region: ${{ env.AWS_REGION }}
263-
role-session-name: GitHubActions-TerraformApply
264261

265262
- name: Generate execution files
266263
working-directory: infra/aws
@@ -342,7 +339,6 @@ jobs:
342339
matrix:
343340
vpu: ["01", "02", "03N", "03S", "03W", "04", "05", "06", "07", "08", "09", "10L", "10U", "11", "12", "13", "14", "15", "16", "17", "18"]
344341
permissions:
345-
id-token: write
346342
contents: read
347343

348344
env:
@@ -355,13 +351,12 @@ jobs:
355351
- name: Checkout repository
356352
uses: actions/checkout@v4
357353

358-
- name: Configure AWS Credentials (OIDC)
354+
- name: Configure AWS Credentials
359355
uses: aws-actions/configure-aws-credentials@v4
360356
with:
361-
role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
357+
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
358+
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
362359
aws-region: ${{ env.AWS_REGION }}
363-
role-session-name: GitHubActions-TestVPU-${{ matrix.vpu }}
364-
role-duration-seconds: 7200 # 2 hours
365360

366361
- name: Set up Python
367362
uses: actions/setup-python@v5
@@ -536,7 +531,6 @@ jobs:
536531
matrix:
537532
vpu: ["01", "02", "03N", "03S", "03W", "04", "05", "06", "07", "08", "09", "10L", "10U", "11", "12", "13", "14", "15", "16", "17", "18"]
538533
permissions:
539-
id-token: write
540534
contents: read
541535

542536
env:
@@ -549,13 +543,12 @@ jobs:
549543
- name: Checkout repository
550544
uses: actions/checkout@v4
551545

552-
- name: Configure AWS Credentials (OIDC)
546+
- name: Configure AWS Credentials
553547
uses: aws-actions/configure-aws-credentials@v4
554548
with:
555-
role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
549+
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
550+
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
556551
aws-region: ${{ env.AWS_REGION }}
557-
role-session-name: GitHubActions-TestVPU-${{ matrix.vpu }}
558-
role-duration-seconds: 7200 # 2 hours
559552

560553
- name: Set up Python
561554
uses: actions/setup-python@v5
@@ -731,18 +724,17 @@ jobs:
731724

732725
permissions:
733726
contents: read
734-
id-token: write
735727

736728
steps:
737729
- name: Checkout code
738730
uses: actions/checkout@v4
739731

740-
- name: Configure AWS Credentials (OIDC)
732+
- name: Configure AWS Credentials
741733
uses: aws-actions/configure-aws-credentials@v4
742734
with:
743-
role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
735+
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
736+
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
744737
aws-region: ${{ env.AWS_REGION }}
745-
role-session-name: GitHubActions-TerraformDestroy
746738

747739
- name: Setup Terraform
748740
uses: hashicorp/setup-terraform@v3

0 commit comments

Comments
 (0)