ECR PW Refresh (Dev Support) #1594
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This workflow refreshes on the 37th minutes every 4 hours. It is used to refresh the ECR password for the test workflow. | |
| # It leverages the `gh` CLI to set the secrets for the dev support repo for testing purpose (DEV_SUPPORT_ECR_REPO_PW). | |
| name: ECR PW Refresh (Dev Support) | |
| on: | |
| schedule: | |
| - cron: '0 */6 * * *' | |
| workflow_dispatch: | |
| permissions: | |
| id-token: write | |
| contents: read | |
| jobs: | |
| refresh-ecr-pw: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Install GitHub CLI | |
| run: | | |
| sudo apt update | |
| sudo apt install -y gh | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: ${{ secrets.DEV_AWS_ROLE_ARN }} | |
| role-session-name: tempSession | |
| aws-region: us-east-1 | |
| - name: Login GH with Token | |
| run: | | |
| echo "Logging into GH with Token" | |
| gh auth login --with-token <<< ${{ secrets.GH_TOKEN }} | |
| - name: Grab and Set ECR PW | |
| run: | | |
| DEV_SUPPORT_ECR_REPO_PW=$(aws ecr get-login-password --region us-east-1 --output text) | |
| gh secret set DEV_SUPPORT_ECR_PW --body "$DEV_SUPPORT_ECR_REPO_PW" |