mirror of
https://github.com/anomalyco/opencode.git
synced 2026-05-27 00:31:00 +00:00
chore: remove gh role from infra
This commit is contained in:
Adam
parent
b0fcba5724
commit
4862c3e765
2 changed files with 0 additions and 44 deletions
|
|
@ -9,49 +9,6 @@ export const zoneID = "430ba34c138cfb5360826c4909f99be8"
|
|||
export const awsStage = $app.stage === "production" ? "production" : "dev"
|
||||
export const deployAws = $app.stage === awsStage
|
||||
|
||||
const githubActionsDeployRole = (() => {
|
||||
if ($app.stage !== "dev" && $app.stage !== "production") return
|
||||
|
||||
const provider = new aws.iam.OpenIdConnectProvider("GithubActionsOidcProvider", {
|
||||
url: "https://token.actions.githubusercontent.com",
|
||||
clientIdLists: ["sts.amazonaws.com"],
|
||||
})
|
||||
const role = new aws.iam.Role("GithubActionsDeployRole", {
|
||||
name: `opencode-${$app.stage}-github-actions-deploy`,
|
||||
maxSessionDuration: 3600,
|
||||
assumeRolePolicy: aws.iam.getPolicyDocumentOutput({
|
||||
statements: [
|
||||
{
|
||||
effect: "Allow",
|
||||
actions: ["sts:AssumeRoleWithWebIdentity"],
|
||||
principals: [{ type: "Federated", identifiers: [provider.arn] }],
|
||||
conditions: [
|
||||
{
|
||||
test: "StringEquals",
|
||||
variable: "token.actions.githubusercontent.com:aud",
|
||||
values: ["sts.amazonaws.com"],
|
||||
},
|
||||
{
|
||||
test: "StringEquals",
|
||||
variable: "token.actions.githubusercontent.com:sub",
|
||||
values: [`repo:anomalyco/opencode:environment:${$app.stage}`],
|
||||
},
|
||||
],
|
||||
},
|
||||
],
|
||||
}).json,
|
||||
})
|
||||
|
||||
new aws.iam.RolePolicyAttachment("GithubActionsDeployRoleAdmin", {
|
||||
role: role.name,
|
||||
policyArn: "arn:aws:iam::aws:policy/AdministratorAccess",
|
||||
})
|
||||
|
||||
return role
|
||||
})()
|
||||
|
||||
export const githubActionsDeployRoleArn = githubActionsDeployRole?.arn
|
||||
|
||||
new cloudflare.RegionalHostname("RegionalHostname", {
|
||||
hostname: domain,
|
||||
regionKey: "us",
|
||||
|
|
|
|||
|
|
@ -51,7 +51,6 @@ export default $config({
|
|||
StatWorkerUrl: stat.url,
|
||||
// StatsUrl: stats.app.url,
|
||||
AwsStage: stage.awsStage,
|
||||
...(stage.githubActionsDeployRoleArn ? { GithubActionsDeployRoleArn: stage.githubActionsDeployRoleArn } : {}),
|
||||
}
|
||||
},
|
||||
})
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue