@@ -203,7 +203,7 @@ jobs:
203
203
echo "is-nightly=$is_nightly" >> $GITHUB_OUTPUT
204
204
echo "channel-name=$channel_name" >> $GITHUB_OUTPUT
205
205
# Only attempt upload to Amazon S3 if the credentials are available.
206
- echo "publish-to-s3=${{ secrets.AWS_SECRET_ACCESS_KEY != '' }}" >> $GITHUB_OUTPUT
206
+ echo "publish-to-s3=${{ secrets.AWS_ROLE_ARN != '' }}" >> $GITHUB_OUTPUT
207
207
208
208
select-targets :
209
209
needs : build-type-determination
@@ -284,8 +284,6 @@ jobs:
284
284
- build-type-determination
285
285
- select-targets
286
286
env :
287
- # https://github.blog/changelog/2024-03-07-github-actions-all-actions-will-run-on-node20-instead-of-node16-by-default/
288
- ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION : true
289
287
# Location of artifacts generated by build.
290
288
BUILD_ARTIFACTS_PATH : electron-app/dist/build-artifacts
291
289
# to skip passing signing credentials to electron-builder
@@ -360,11 +358,6 @@ jobs:
360
358
- name : Package
361
359
env :
362
360
GITHUB_TOKEN : ${{ secrets.GITHUB_TOKEN }}
363
- AC_USERNAME : ${{ secrets.AC_USERNAME }}
364
- AC_PASSWORD : ${{ secrets.AC_PASSWORD }}
365
- AC_TEAM_ID : ${{ secrets.AC_TEAM_ID }}
366
- AWS_ACCESS_KEY_ID : ${{ secrets.AWS_ACCESS_KEY_ID }}
367
- AWS_SECRET_ACCESS_KEY : ${{ secrets.AWS_SECRET_ACCESS_KEY }}
368
361
IS_NIGHTLY : ${{ needs.build-type-determination.outputs.is-nightly }}
369
362
IS_RELEASE : ${{ needs.build-type-determination.outputs.is-release }}
370
363
CAN_SIGN : ${{ secrets[matrix.config.certificate-secret] != '' }}
@@ -588,6 +581,10 @@ jobs:
588
581
env :
589
582
ARTIFACTS_FOLDER : build-artifacts
590
583
584
+ permissions :
585
+ id-token : write
586
+ contents : read
587
+
591
588
steps :
592
589
- name : Download all job transfer artifacts
593
590
uses : actions/download-artifact@v4
@@ -596,15 +593,15 @@ jobs:
596
593
path : ${{ env.ARTIFACTS_FOLDER }}
597
594
pattern : ${{ env.JOB_TRANSFER_ARTIFACT_PREFIX }}*
598
595
596
+ - name : Configure AWS Credentials for Nightly [S3]
597
+ uses : aws-actions/configure-aws-credentials@v4
598
+ with :
599
+ role-to-assume : ${{ secrets.AWS_ROLE_ARN }}
600
+ aws-region : us-east-1
601
+
599
602
- name : Publish Nightly [S3]
600
- uses : docker://plugins/s3
601
- env :
602
- PLUGIN_SOURCE : ' ${{ env.ARTIFACTS_FOLDER }}/*'
603
- PLUGIN_STRIP_PREFIX : ' ${{ env.ARTIFACTS_FOLDER }}/'
604
- PLUGIN_TARGET : ' /arduino-ide/nightly'
605
- PLUGIN_BUCKET : ${{ secrets.DOWNLOADS_BUCKET }}
606
- AWS_ACCESS_KEY_ID : ${{ secrets.AWS_ACCESS_KEY_ID }}
607
- AWS_SECRET_ACCESS_KEY : ${{ secrets.AWS_SECRET_ACCESS_KEY }}
603
+ run : |
604
+ aws s3 sync ${{ env.ARTIFACTS_FOLDER }} s3://${{ secrets.DOWNLOADS_BUCKET }}/arduino-ide/nightly
608
605
609
606
release :
610
607
needs :
@@ -625,6 +622,10 @@ jobs:
625
622
env :
626
623
ARTIFACTS_FOLDER : build-artifacts
627
624
625
+ permissions :
626
+ id-token : write
627
+ contents : read
628
+
628
629
steps :
629
630
- name : Download all job transfer artifacts
630
631
uses : actions/download-artifact@v4
@@ -648,16 +649,17 @@ jobs:
648
649
file_glob : true
649
650
body : ${{ needs.changelog.outputs.BODY }}
650
651
652
+ - name : Configure AWS Credentials for Release [S3]
653
+ if : needs.build-type-determination.outputs.publish-to-s3 == 'true'
654
+ uses : aws-actions/configure-aws-credentials@v4
655
+ with :
656
+ role-to-assume : ${{ secrets.AWS_ROLE_ARN }}
657
+ aws-region : us-east-1
658
+
651
659
- name : Publish Release [S3]
652
660
if : needs.build-type-determination.outputs.publish-to-s3 == 'true'
653
- uses : docker://plugins/s3
654
- env :
655
- PLUGIN_SOURCE : ' ${{ env.ARTIFACTS_FOLDER }}/*'
656
- PLUGIN_STRIP_PREFIX : ' ${{ env.ARTIFACTS_FOLDER }}/'
657
- PLUGIN_TARGET : ' /arduino-ide'
658
- PLUGIN_BUCKET : ${{ secrets.DOWNLOADS_BUCKET }}
659
- AWS_ACCESS_KEY_ID : ${{ secrets.AWS_ACCESS_KEY_ID }}
660
- AWS_SECRET_ACCESS_KEY : ${{ secrets.AWS_SECRET_ACCESS_KEY }}
661
+ run : |
662
+ aws s3 sync ${{ env.ARTIFACTS_FOLDER }} s3://${{ secrets.DOWNLOADS_BUCKET }}/arduino-ide
661
663
662
664
clean :
663
665
# This job must run after all jobs that use the transfer artifact.
0 commit comments