[NRL-1179] Fix naming in daily-build for codebuild runner. Fix perms for pat token access

mattdean3-nhs · mattdean3-nhs · commit 2f5fb4b37b7f · 2025-04-16T16:37:00.000+01:00
diff --git a/.github/workflows/daily-build.yml b/.github/workflows/daily-build.yml
@@ -19,7 +19,7 @@ on:
 jobs:
   build:
     name: Build - ${{ github.ref }}
-    runs-on: codebuild-nhsd-nrlf--ci-build-project-${{ github.run_id }}-${{ github.run_attempt }}
+    runs-on: codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }}
 
     steps:
       - name: Git clone - ${{ github.ref }}
diff --git a/terraform/account-wide-infrastructure/mgmt/codebuild.tf b/terraform/account-wide-infrastructure/mgmt/codebuild.tf
@@ -56,7 +56,7 @@ data "aws_iam_policy_document" "codebuild_policy" {
       "secretsmanager:ListSecretVersionIds"
     ]
     resources = [
-      "arn:aws:secretsmanager:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:secret:${local.project}--codebuild-github-pat",
+      "arn:aws:secretsmanager:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:secret:${local.project}--codebuild-github-pat-*",
     ]
   }
 

Original file line number	Diff line number	Diff line change
`@@ -56,7 +56,7 @@ data "aws_iam_policy_document" "codebuild_policy" {`
`56`	`56`	`"secretsmanager:ListSecretVersionIds"`
`57`	`57`	`]`
`58`	`58`	`resources = [`
`59`		`- "arn:aws:secretsmanager:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:secret:${local.project}--codebuild-github-pat",`
	`59`	`+ "arn:aws:secretsmanager:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:secret:${local.project}--codebuild-github-pat-*",`
`60`	`60`	`]`
`61`	`61`	`}`
`62`	`62`