Commit 613e0c14 authored by Harley Watson's avatar Harley Watson
Browse files

.gitlab-ci: YAML anchors for OIDC

parent 2ff12b13
Pipeline #142 passed with stage
in 1 minute and 7 seconds
......@@ -8,6 +8,19 @@ variables:
BUCKET_NAME: as211244.net
ROLE_ARN: arn:aws:iam::127091214013:role/gitlab-s3upload-as211244.net
.aws-sts-assume-role: &aws-sts-assume-role
- >
STS=($(aws sts assume-role-with-web-identity
--role-arn ${ROLE_ARN}
--role-session-name "GitLabRunner-${CI_PROJECT_ID}-${CI_PIPELINE_ID}"
--web-identity-token $CI_JOB_JWT_V2
--duration-seconds 3600
--query 'Credentials.[AccessKeyId,SecretAccessKey,SessionToken]'
--output text))
- export AWS_ACCESS_KEY_ID="${STS[0]}"
- export AWS_SECRET_ACCESS_KEY="${STS[1]}"
- export AWS_SESSION_TOKEN="${STS[2]}"
workflow:
rules:
- if: $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH
......@@ -16,18 +29,7 @@ deploy-s3:
image: "registry.gitlab.com/gitlab-org/cloud-deploy/aws-base:latest"
stage: deploy
script:
- >
STS=($(aws sts assume-role-with-web-identity
--role-arn ${ROLE_ARN}
--role-session-name "GitLabRunner-${CI_PROJECT_ID}-${CI_PIPELINE_ID}"
--web-identity-token $CI_JOB_JWT_V2
--duration-seconds 3600
--query 'Credentials.[AccessKeyId,SecretAccessKey,SessionToken]'
--output text))
- export AWS_ACCESS_KEY_ID="${STS[0]}"
- export AWS_SECRET_ACCESS_KEY="${STS[1]}"
- export AWS_SESSION_TOKEN="${STS[2]}"
- *aws-sts-assume-role
- aws s3 cp site s3://${BUCKET_NAME} --recursive
environment:
name: main
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment