diff --git a/.github/aws/template.yml b/.github/aws/template.yml index bc4e233..34062ed 100644 --- a/.github/aws/template.yml +++ b/.github/aws/template.yml @@ -66,6 +66,20 @@ Resources: - "s3:PutObject*" Resource: - !Sub "arn:aws:s3:::${SarArtifactsBucket}/*" + - PolicyName: "PublishToSar" + PolicyDocument: + Version: "2012-10-17" + Statement: + - Effect: Allow + Action: + - "serverlessrepo:CreateApplication" + - "serverlessrepo:UpdateApplication" + - "serverlessrepo:ListApplicationVersions" + - "serverlessrepo:CreateApplicationVersion" + - "serverlessrepo:GetApplicationPolicy" + - "serverlessrepo:PutApplicationPolicy" + Resource: + - !Sub "arn:aws:serverlessrepo:*:${AWS::AccountId}:applications/oidc-authorizer" Outputs: SarArtifactsBucket: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 7692a40..2925926 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,8 +1,9 @@ name: Release on: - # TODO: add on release creation workflow_dispatch: {} + release: + types: [created] env: AWS_REGION: eu-west-1 @@ -60,5 +61,20 @@ jobs: sam build sam package --output-template-file .aws-sam/packaged.yml --s3-bucket ${{ secrets.SAR_ARTIFACT_BUCKET }} - - name: Sam publish + - name: Compress bootstrap + working-directory: .aws-sam/build/OidcAuthorizer + run: | + zip -9 bootstrap.zip bootstrap + + - name: Upload bootstrap.zip to GitHub release + uses: xresloader/upload-to-github-release@v1 + if: github.event.release + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + file: ".aws-sam/build/OidcAuthorizer/bootstrap.zip" + tags: true + draft: true + + - name: Sam publish to SAR run: sam publish --template .aws-sam/packaged.yml --region eu-west-1