Merge pull request #10 from cloudbeds/fix/remove-org-actions

zejd-cicak · web-flow · commit 41cc7bdb954c · 2025-01-31T14:33:41.000+01:00
fix: inline org action that gets a token for aws
diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml
@@ -19,29 +19,51 @@ jobs:
       id-token: write
       contents: read
     steps:
-      - name: Get GH app token
-        id: gh-app-token
-        uses: cloudbeds/composite-actions/gh-app-token@v2
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: arn:aws:iam::048781935247:role/GH-APP-OIDC-CBMyFrontDesk
+          aws-region: us-west-2
+
+      - name: Get app private key from SSM and apply mask
+        id: app-private-key
+        shell: bash
+        run: |
+          aws ssm get-parameter --name /github/app/CBMyFrontDesk/private-key --output text --with-decryption --query Parameter.Value > private.key
+          {
+            echo "key<<EOF"
+            cat private.key
+            echo "EOF"
+          } >> $GITHUB_OUTPUT
+          while read -r line;
+          do
+            if [[ -n "${line}" ]]; then
+              echo "::add-mask::${line}"
+            fi
+          done < private.key
+          rm private.key
+
+      - name: Generate token
+        id: generate-token
+        uses: tibdex/github-app-token@v2
         with:
           app_id: 391670
-          aws_role_arn: arn:aws:iam::048781935247:role/GH-APP-OIDC-CBMyFrontDesk
-          aws_ssm_param_name: /github/app/CBMyFrontDesk/private-key
+          private_key: ${{ steps.app-private-key.outputs.key }}
 
       - name: Checkout code
         uses: actions/checkout@v4
         with:
-          token: ${{ steps.gh-app-token.outputs.github-token }}
+          token: ${{ steps.generate-token.outputs.token }}
 
       - name: Get API docs
         env:
-          GITHUB_TOKEN: ${{ steps.gh-app-token.outputs.github-token }}
+          GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }}
         run: |
           MFD_TAG=$(gh api /repos/cloudbeds/mfd/releases/latest | jq -r '.tag_name')
           echo "Latest MFD tag: $MFD_TAG"
           gh api /repos/cloudbeds/mfd/tarball/$MFD_TAG | tar --strip-components=1 --wildcards -zxf - '*/public_accessa/api'
 
       - name: Get next version
-        id: get_next_version
         run: |
           if [ -n "${{ inputs.version }}" ]; then
             echo "next_version=${{ inputs.version }}" >> $GITHUB_ENV
@@ -122,7 +144,6 @@ jobs:
           path: dist/
 
       - name: Create Release
-        id: create_release
         if: inputs.version == ''
         env:
           GITHUB_TOKEN: ${{ github.token }}
