add permissions #35
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: cloudbabbel | |
| on: | |
| push: | |
| workflow_dispatch: | |
| permissions: | |
| id-token: write # This is required for requesting the JWT | |
| contents: read # This is required for actions/checkout | |
| jobs: | |
| build-image: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: checkout | |
| uses: actions/checkout@v3 | |
| - name: Setup SSH Agent | |
| uses: webfactory/ssh-agent@v0.5.2 | |
| with: | |
| ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }} | |
| - name: Set up Public SSH Key | |
| run: | | |
| path=$(pwd) | |
| echo $path | |
| echo "${{ secrets.SSH_PUBLIC_KEY }}" > $path/id_rsa.pub | |
| - name: install treehouses | |
| run: | | |
| #sudo apt update | |
| sudo apt install tor | |
| sudo npm install -g @treehouses/cli | |
| - name: configure aws credentials | |
| uses: aws-actions/configure-aws-credentials@v1.7.0 | |
| with: | |
| role-to-assume: arn:aws:iam::885416451907:role/GitHubAction-AssumeRoleWithAction | |
| role-session-name: GitHub_to_AWS_via_FederatedOIDC | |
| aws-region: ap-northeast-1 | |
| - name: Sts GetCallerIdentity | |
| run: | | |
| aws sts get-caller-identity | |
| - name: start luftbllon | |
| run: | | |
| sudo bash init.sh -g | |
| - name: open seasame | |
| run: | | |
| #sudo apt update | |
| sudo treehouses tor add 22 | |
| sudo treehouses tor | |
| sudo treehouses tor notice now | |
| sudo treehouses sshkey github adduser dogi | |
| sudo treehouses sshkey github adduser hirotochigi | |
| echo "shh only dreams" | |
| ls -al | |
| echo ------------- | |
| echo ------------- | |
| echo ------------- | |
| ls -alR | |
| sleep 1200 | |
| - name: Cleanup Step | |
| if: cancelled() || failure() | |
| run: | | |
| sudo bash delete.sh luftballon |