New Aws auth via Identity provider

shaiq-dev · Mar 10, 2024 · c39eb61 · c39eb61
1 parent ca640b3
commit c39eb61
Show file tree

Hide file tree

Showing 6 changed files with 76 additions and 89 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
diff --git a/.github/workflows/upload-to-s3.yml b/.github/workflows/upload-to-s3.yml
@@ -0,0 +1,43 @@
+name: Upload To S3
+
+on:
+  push:
+    branches:
+      - main
+
+permissions:
+  id-token: write
+  contents: read    
+
+jobs:
+  UploadResumeToS3:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      # - name: Prepare Build
+      #   run: |
+      #     sudo apt update && sudo apt install -y texlive-latex-base texlive-latex-extra texlive-fonts-extra texlive-bibtex-extra
+
+      - name: Add Version
+        run: |
+          sudo apt-get install uuid-runtime -y
+          v=$(uuidgen | rev | cut -d- -f1 | rev)
+          echo "VERSION=$v" >> "$GITHUB_ENV"
+          sed -i -e "s/__VERSION__/$v/" src/resume.tex
+      
+      # - name: Build
+      #   run: cd src && pdflatex resume.tex
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v3
+        with:
+          role-to-assume: arn:aws:iam::654654198429:role/RoleForResumeGithubActions
+          role-session-name: SessionResumeGithubActions
+          aws-region: ${{ secrets.AWS_REGION }}
+
+      - name: Upload to S3
+        run: |
+          sudo chmod +x ./deploy/deploy.sh
+          ./deploy/deploy.sh --version $VERSION
diff --git a/README.md b/README.md
@@ -1,10 +1 @@
-# DResume
-
-[![Publish Resume](https://github.com/shaiq-dev/Resume/actions/workflows/publish.yml/badge.svg?branch=main)](https://github.com/shaiq-dev/Resume/actions/workflows/build.yml)
-
-The resume is written in latex and uses **`Alta CV`** template. Devops part is based on the following architecture.
-
-![AWS Architecture](https://miro.medium.com/v2/resize:fit:1400/format:webp/1*Gz9X2QurWw4B9gvroJgHYA.jpeg)
-
-
-I have written a complete tutorial on [medium](https://shaiqkar.medium.com/) for this project. [Check that out](https://shaiqkar.medium.com/build-a-devopsified-resume-with-github-and-aws-21c0e38df1c4)
+# Resume
diff --git a/deploy/deploy.sh b/deploy/deploy.sh
@@ -2,51 +2,29 @@
 
 set -euo pipefail
 
-while [[ $# -gt 0 ]]; do
-    case $1 in
-        -v|--version)
-            VERSION="$2"
-            shift # argument
-            shift # value
-            ;;
-        -o|--origins)
-            ALLOWED_ORIGINS="$2"
-            shift # argument
-            shift # value
-            ;;
-        -b|--bucket)
-            S3_BUCKET="$2"
-            shift # argument
-            shift # value
-            ;;
-        *)
-            echo "Error: Invalid command line argument $1"
-            exit 255
-            ;;
-    esac
-done
+VERSION=$(git rev-parse --short HEAD)
 
+# Deploy the Bucket stack to store the lambda code
+aws cloudformation deploy --template-file "deploy/stacks/storage.yml" --capabilities CAPABILITY_IAM CAPABILITY_NAMED_IAM --stack-name resume-storage --no-fail-on-empty-changeset
+BUCKET_NAME=$(aws cloudformation describe-stacks --stack-name resume-storage | jq --raw-output --arg OUTPUT_KEY BucketName '.Stacks[].Outputs[] | select(.OutputKey == $OUTPUT_KEY) | .OutputValue')
 
-# For creating the lambda, cloudformation requires the lambbda code.
-# We will deploy the lambda code first to an S3 bucket and later
-# refrence it from the cloudformation template.
-
+# Zip and upload the lambda to bucket
 pushd .
 cd handlers
-zip -r dresume-${VERSION}.zip index.js
-aws s3 cp ./dresume-${VERSION}.zip s3://${S3_BUCKET}/lambda/
+zip -r resume-${VERSION}.zip index.js
+aws s3 cp ./resume-${VERSION}.zip s3://${BUCKET_NAME}/lambda/
 popd
 
-# Deploy the build resume to S3
-pushd .
-cd src
-mv ./resume.pdf ./resume-${VERSION}.pdf
-aws s3 cp ./resume-${VERSION}.pdf s3://${S3_BUCKET}/resumes/
-popd
+# # Deploy the build resume to S3
+# pushd .
+# cd src
+# mv ./resume.pdf ./resume-${VERSION}.pdf
+# aws s3 cp ./resume-${VERSION}.pdf s3://${S3_BUCKET}/resumes/
+# popd
 
-# Deploy the stack
-STACK_NAME=dresume
-STACK_PARAMETERS="BucketName=${S3_BUCKET} LambdaCodeKey=lambda/dresume-${VERSION}.zip AllowedOrigins=${ALLOWED_ORIGINS}"
-STACK_TEMPLATE="deploy/stack.yml"
+# # Deploy the stack
+# STACK_NAME=dresume
+# STACK_PARAMETERS="BucketName=${S3_BUCKET} LambdaCodeKey=lambda/dresume-${VERSION}.zip AllowedOrigins=${ALLOWED_ORIGINS}"
+# STACK_TEMPLATE="deploy/stack.yml"
 
-aws cloudformation deploy --template-file ${STACK_TEMPLATE} --capabilities CAPABILITY_IAM CAPABILITY_NAMED_IAM --stack-name ${STACK_NAME} --no-fail-on-empty-changeset --parameter-overrides ${STACK_PARAMETERS}
+# aws cloudformation deploy --template-file ${STACK_TEMPLATE} --capabilities CAPABILITY_IAM CAPABILITY_NAMED_IAM --stack-name ${STACK_NAME} --no-fail-on-empty-changeset --parameter-overrides ${STACK_PARAMETERS}
diff --git a/deploy/stack.yml → deploy/stacks/lambda.yml b/deploy/stack.yml → deploy/stacks/lambda.yml
diff --git a/deploy/stacks/storage.yml b/deploy/stacks/storage.yml
@@ -0,0 +1,14 @@
+AWSTemplateFormatVersion: "2010-09-09"
+
+Resources:
+
+  Bucket:
+    Type: "AWS::S3::Bucket"
+    Properties:
+      BucketName: "resume-shaiqkar-dev"
+
+Outputs:
+
+  BucketName:
+    Value: !Ref Bucket
+    Description: "Name of the S3 bucket created"