fix: use perms in gh runner for ami publishing prior to establishing

samrose · samrose · commit db2182137afb · 2024-05-06T09:35:19.000-04:00
s3 permissions
diff --git a/.github/workflows/ami-release-nix.yml b/.github/workflows/ami-release-nix.yml
@@ -89,7 +89,18 @@ jobs:
       #     tar xvf /tmp/pg-deb.tar -C ansible/files/postgres --strip-components 1
       #TODO remove this block as deb is build in nix prior to this step
 
-  
+      - name: Build AMI stage 1
+        run: |
+          packer init amazon-arm64-nix.pkr.hcl
+          GIT_SHA=${{github.sha}}
+          packer build -var "git-head-version=${GIT_SHA}" -var "packer-execution-id=${GITHUB_RUN_ID}" -var-file="development-arm.vars.pkr.hcl" -var-file="common-nix.vars.pkr.hcl" -var "ansible_arguments="  amazon-arm64-nix.pkr.hcl
+
+      - name: Build AMI stage 2
+        run: |
+          packer init stage2-nix-psql.pkr.hcl
+          GIT_SHA=${{github.sha}}
+          packer build -var "ami-owner-id=${OWNER}" -var "git-head-version=${GIT_SHA}" -var "packer-execution-id=${GITHUB_RUN_ID}" -var-file="development-arm.vars.pkr.hcl" -var-file="common-nix.vars.pkr.hcl" stage2-nix-psql.pkr.hcl
+
       - name: Grab release version
         id: process_release_version
         run: |
@@ -128,32 +139,6 @@ jobs:
             -e "ami_release_version=${{ steps.process_release_version.outputs.version }}" \
             -e "internal_artifacts_bucket=${{ secrets.PROD_ARTIFACTS_BUCKET }}" \
             manifest-playbook.yml
-
-      - name: Build AMI stage 1
-        run: |
-          packer init amazon-arm64-nix.pkr.hcl
-          GIT_SHA=${{github.sha}}
-          packer build -var "git-head-version=${GIT_SHA}" -var "packer-execution-id=${GITHUB_RUN_ID}" -var-file="development-arm.vars.pkr.hcl" -var-file="common-nix.vars.pkr.hcl" -var "ansible_arguments="  amazon-arm64-nix.pkr.hcl
-
-      - name: Set Environment Variables
-        id: set-env-vars
-        run: |
-          POSTGRES_VERSION=$(grep -oP '(?<=postgres-version = ").*(?=")' common-nix.vars.pkr.hcl)
-          echo "::set-output name=postgres-version::$POSTGRES_VERSION"          
-
-      - name: Get AMI Owner
-        id: get-ami-owner
-        run: |
-          POSTGRES_VERSION="${{ steps.set-env-vars.outputs.postgres-version }}"
-          AMI_NAME="supabase-postgres-$POSTGRES_VERSION-stage-1"
-          OWNER=$(aws ec2 describe-images --filters "Name=name,Values=$AMI_NAME" "Name=state,Values=available" --query 'Images[].OwnerId' --output text)
-          echo "::set-output name=ami-owner::$OWNER"  
-
-      - name: Build AMI stage 2
-        run: |
-          packer init stage2-nix-psql.pkr.hcl
-          GIT_SHA=${{github.sha}}
-          packer build -var "ami-owner-id=${OWNER}" -var "git-head-version=${GIT_SHA}" -var "packer-execution-id=${GITHUB_RUN_ID}" -var-file="development-arm.vars.pkr.hcl" -var-file="common-nix.vars.pkr.hcl" stage2-nix-psql.pkr.hcl
     
       # - name: Upload pg binaries to s3 prod
       #   run: |
