From ac7ab7ee7172f93bec5d6a8a872f83b9def6ec49 Mon Sep 17 00:00:00 2001 From: Jover Lee Date: Mon, 8 Apr 2024 17:09:41 -0700 Subject: [PATCH] ingest-to-phylo: Test aws-role-policies Testing upstream changes in pathogen-repo-build from https://github.com/nextstrain/.github/commit/e0e79dc3cb38b5fb873c412bd0e12917f169d2bd This allows us to exclude the secrets for AWS credentials. --- .github/workflows/ingest-to-phylogenetic.yaml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ingest-to-phylogenetic.yaml b/.github/workflows/ingest-to-phylogenetic.yaml index 690e4f3..aab6a6e 100644 --- a/.github/workflows/ingest-to-phylogenetic.yaml +++ b/.github/workflows/ingest-to-phylogenetic.yaml @@ -42,22 +42,23 @@ jobs: ingest: permissions: id-token: write - uses: nextstrain/.github/.github/workflows/pathogen-repo-build.yaml@master - secrets: inherit + uses: nextstrain/.github/.github/workflows/pathogen-repo-build.yaml@e0e79dc3cb38b5fb873c412bd0e12917f169d2bd with: # Starting with the default docker runtime # We can migrate to AWS Batch when/if we need to for more resources or if # the job runs longer than the GH Action limit of 6 hours. - runtime: docker + runtime: aws-batch env: | NEXTSTRAIN_DOCKER_IMAGE: ${{ inputs.ingest_image }} run: | nextstrain build \ --env AWS_ACCESS_KEY_ID \ --env AWS_SECRET_ACCESS_KEY \ + --env AWS_SESSION_TOKEN \ ingest \ upload_all \ - --configfile build-configs/nextstrain-automation/config.yaml + --configfile build-configs/nextstrain-automation/config.yaml \ + --config s3_dst="s3://nextstrain-data/files/workflows/zika/trial/aws-role-policies" # Specifying artifact name to differentiate ingest build outputs from # the phylogenetic build outputs artifact-name: ingest-build-output