Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CI: Use GitHub org variable for AWS region #818

Merged
merged 1 commit into from
Apr 9, 2024
Merged

CI: Use GitHub org variable for AWS region #818

merged 1 commit into from
Apr 9, 2024

Conversation

victorlin
Copy link
Member

@victorlin victorlin commented Apr 9, 2024
edited
Loading

Organization variable was recently added in nextstrain/zika#54.

Checklist

  • Checks pass
  • Post-merge: Remove AWS_DEFAULT_REGION repo secret

@victorlin victorlin self-assigned this Apr 9, 2024
@nextstrain-bot nextstrain-bot temporarily deployed to nextstrain-s-victorlin--rabkmq April 9, 2024 23:03 Inactive
@victorlin victorlin changed the title Use GitHub org variable for AWS region CI: Use GitHub org variable for AWS region Apr 9, 2024
victorlin
victorlin commented Apr 9, 2024
View reviewed changes
.github/workflows/ci.yml
@@ -34,7 +34,7 @@ jobs:
# configure AWS to run dev server necessary for `npm run test:ci`
- uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{ secrets.AWS_DEFAULT_REGION }}
aws-region: ${{ vars.AWS_DEFAULT_REGION }}
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

On one hand, this reduces redundancy in having multiple AWS_DEFAULT_REGIONs defined. On the other hand, this moves AWS_DEFAULT_REGION away from other related variables, some of which must be kept as secrets:

image

Thoughts? Based on code search, this applies to nextstrain.org and forecasts-ncov.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We've had to remove AWS_DEFAULT_REGION from secrets for any repo that uses the pathogen-repo-build workflow to prevent the AWS batch link from being borked (e.g. nextstrain/rsv#53 (comment)). I think this move will match expectations that only "real" secrets should be kept as secrets and other shared values can be the unmasked variables.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the added context! I agree better to properly scope usage of the secrets store. I'll follow through with the move here and in forecasts-ncov.

@victorlin victorlin requested a review from a team April 9, 2024 23:09
@victorlin victorlin merged commit fda4071 into master Apr 9, 2024
5 checks passed
@victorlin victorlin deleted the victorlin/github-org-var branch April 9, 2024 23:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@joverlee521 joverlee521 joverlee521 left review comments

Assignees

@victorlin victorlin

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@victorlin @joverlee521 @nextstrain-bot