88 build :
99 name : Build Storybook
1010 runs-on : ubuntu-latest
11+ permissions :
12+ contents : read
13+ id-token : write
1114
1215 steps :
1316 - uses : docker://quay.csssr.cloud/csssr/kuberta-init-workflow:v1
@@ -19,23 +22,26 @@ jobs:
1922 ssh-key : ${{ secrets.DOWNLOAD_ACTIONS_SSH_KEY }}
2023 path : actions
2124
22- - uses : actions/checkout@v2
25+ - name : Import secrets
26+ id : secrets
27+ uses : hashicorp/vault-action@v2.4.0
2328 with :
24- path : core-design
25-
26- - uses : actions/setup-node@v1
27- with :
28- node-version : ' 12.x'
29-
30- - run : yarn install --freeze-lockfile --no-interactive
31- working-directory : core-design/packages/core-design
32-
33- - run : yarn run build-storybook -o static
34- working-directory : core-design/packages/core-design
35-
36- - uses : ./actions/upload-static/v1beta1
29+ url : https://vault.csssr.com:8200
30+ jwtGithubAudience : ${{secrets.VAULT_JWT_KEY}}
31+ role : s3-cdn-upload
32+ method : jwt
33+ exportEnv : false
34+ secrets : |
35+ aws/sts/s3-cdn-upload access_key | AWS_ACCESS_KEY_ID ;
36+ aws/sts/s3-cdn-upload secret_key | AWS_SECRET_ACCESS_KEY ;
37+ aws/sts/s3-cdn-upload security_token | AWS_SESSION_TOKEN
38+
39+ name : Build and push storybook
40+ uses : ./actions/build-and-deploy-static-site/v1beta1
3741 with :
38- project-id : core-design-storybook
39- files : ./core-design/packages/core-design/static
40- auth : ${{ secrets.CDN_UPLOAD_SECRET }}
41- token : ${{ secrets.GITHUB_TOKEN }}
42+ project-id : core-design-storybook
43+ install : cd packages/core-design && yarn install --freeze-lockfile --no-interactive
44+ build : cd packages/core-design && yarn run build-storybook -o static
45+ files : ./packages/core-design/static
46+ node-version : " 12.x"
47+ auth : " aws:${{steps.secrets.outputs.AWS_ACCESS_KEY_ID}}:${{steps.secrets.outputs.AWS_SECRET_ACCESS_KEY}}:${{steps.secrets.outputs.AWS_SESSION_TOKEN}}"
0 commit comments