Skip to content

Get signed installers from Stampy #5

Get signed installers from Stampy

Get signed installers from Stampy #5

name: Get signed installers from Stampy
on:
workflow_dispatch
jobs:
get-signed-from-stampy:
runs-on: ubuntu-latest
environment: Stampy
steps:
- uses: actions/checkout@v3
- name: download signed Windows installer from from Stampy
env:
STAMPY_ARN: ${{ secrets.STAMPY_ARN }}
AWS_ACCESS_KEY_ID: ${{secrets.AWS_ACCESS_KEY_ID}}
AWS_SECRET_ACCESS_KEY: ${{secrets.AWS_SECRET_ACCESS_KEY}}
AWS_EC2_METADATA_DISABLED: true
# switch AWS identity to the one that can access stampy
run: |
ACCOUNT_ID=$(aws sts get-caller-identity | jq -r '.Account')
TEMP_ROLE=$(aws sts assume-role --role-arn $STAMPY_ARN --role-session-name artifact-signing)
export AWS_ACCESS_KEY_ID=$(echo "${TEMP_ROLE}" | jq -r '.Credentials.AccessKeyId')
export AWS_SECRET_ACCESS_KEY=$(echo "${TEMP_ROLE}" | jq -r '.Credentials.SecretAccessKey')
export AWS_SESSION_TOKEN=$(echo "${TEMP_ROLE}" | jq -r '.Credentials.SessionToken')
aws s3 cp --recursive s3://${{ secrets.STAMPY_SIGNED_BUCKET }}/ .
- name: upload signed Windows installer to Heroku CLI s3
env:
AWS_ACCESS_KEY_ID: ${{secrets.AWS_ACCESS_KEY_ID}}
AWS_SECRET_ACCESS_KEY: ${{secrets.AWS_SECRET_ACCESS_KEY}}
AWS_EC2_METADATA_DISABLED: true
run: node ./scripts/stampy/upload-stampy-signed.js