actions: try another role

PedroJorge148 · Sep 20, 2024 · eaaeef4 · eaaeef4
1 parent 19b6c97
commit eaaeef4
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 46 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -44,12 +44,12 @@ jobs:
       - name: Configure AWS credentials
         uses: aws-actions/configure-aws-credentials@v4
         with:
-          role-to-assume: arn:aws:iam::327649228912:role/ecr-role
+          role-to-assume: arn:aws:iam::327649228912:role/ecr-role-nest-clean
           aws-region: us-east-1
 
-      - name: Login to AWS ECR
-        id: login-ecr
-        uses: aws-actions/amazon-ecr-login@v2
+      # - name: Login to AWS ECR
+      #   id: login-ecr
+      #   uses: aws-actions/amazon-ecr-login@v2
 
       # - name: Login into the container registry
       #   uses: docker/login-action@v3

diff --git a/infra/ecr.tf b/infra/ecr.tf
@@ -1,12 +1,12 @@
-resource "aws_ecr_repository" "nest-clean" {
-  name = "nest-clean"
-  image_tag_mutability = "MUTABLE"
+# resource "aws_ecr_repository" "nest-clean" {
+#   name = "nest-clean"
+#   image_tag_mutability = "MUTABLE"
 
-  image_scanning_configuration {
-    scan_on_push = true
-  }
+#   image_scanning_configuration {
+#     scan_on_push = true
+#   }
 
-  tags = {
-    Iac = "True"
-  }
-}
+#   tags = {
+#     Iac = "True"
+#   }
+# }
diff --git a/infra/iam.tf b/infra/iam.tf
@@ -1,4 +1,4 @@
-resource "aws_iam_openid_connect_provider" "oidc-git" {
+resource "aws_iam_openid_connect_provider" "oidc-git-nest-clean" {
   url = "https://token.actions.githubusercontent.com"
 
   client_id_list = [
@@ -14,11 +14,9 @@ resource "aws_iam_openid_connect_provider" "oidc-git" {
   }
 }
 
-resource "aws_iam_role" "ecr-role" {
-  name = "ecr-role"
+resource "aws_iam_role" "ecr-role-nest-clean" {
+  name = "ecr-role-nest-clean"
 
-  # Terraform's "jsonencode" function converts a
-  # Terraform expression result to valid JSON syntax.
   assume_role_policy = jsonencode({
     Version : "2012-10-17",
     Statement : [
@@ -34,42 +32,17 @@ resource "aws_iam_role" "ecr-role" {
               "sts.amazonaws.com"
             ],
             "token.actions.githubusercontent.com:sub" : [
-              "repo:pedrojorge148/05-nest-clean:ref:refs/heads/main"
+              "repo:PedroJorge148/05-nest-clean:ref:refs/heads/main"
             ]
           }
         }
       }
     ]
   })
 
-  # inline_policy {
-  #   name = "ecr-app-permission"
-
-  #   policy = jsonencode({
-  #     Version : "2012-10-17",
-  #     Statement : [
-  #       {
-  #         Sid : "Statement1"
-  #         Action : [
-  #           "ecr:GetDownloadUrlForLayer",
-  #           "ecr:BatchGetImage",
-  #           "ecr:BatchCheckLayerAvailability",
-  #           "ecr:PutImage",
-  #           "ecr:InitiateLayerUpload",
-  #           "ecr:UploadLayerPart",
-  #           "ecr:CompleteLayerUpload",
-  #           "ecr:GetAuthorizationToken",
-  #         ],
-  #         Effect : "Allow",
-  #         Resource : "*"
-  #       }
-  #     ]
-  #   })
-  # }
-
   tags = {
     Iac = "True"
   }
 
-  depends_on = [ aws_iam_openid_connect_provider.oidc-git ]
+  depends_on = [aws_iam_openid_connect_provider.oidc-git-nest-clean]
 }