From 591e636b1d1b63d645527edb653b4a74fefaa0b8 Mon Sep 17 00:00:00 2001 From: Simon Planinschek Date: Thu, 19 Feb 2026 15:59:32 +0100 Subject: [PATCH 1/5] add action to set up S3 preview deployments --- setup-s3-preview/action.yml | 62 ++++++++++++++++++++++++ setup-s3-preview/job-template.yml | 80 +++++++++++++++++++++++++++++++ 2 files changed, 142 insertions(+) create mode 100644 setup-s3-preview/action.yml create mode 100644 setup-s3-preview/job-template.yml diff --git a/setup-s3-preview/action.yml b/setup-s3-preview/action.yml new file mode 100644 index 0000000..c6e3758 --- /dev/null +++ b/setup-s3-preview/action.yml @@ -0,0 +1,62 @@ +name: 'Setup S3 Preview' +description: 'Creates an S3 preview prefix by copying from the main prefix' +inputs: + deployment-name: + description: 'Name of the deployment (used for ConfigMap name)' + required: true + namespace: + description: 'Kubernetes namespace' + required: true + preview-number: + description: 'Preview number (PR number)' + required: true + secret-name: + description: 'Name of the secret containing AWS credentials' + required: false + default: 'app-secrets' + +runs: + using: "composite" + steps: + - name: Prepare setup-s3 job + run: | + JOB_NAME="prepare-s3-preview-${{ inputs.preview-number }}" + CONFIGMAP_NAME="${{ inputs.deployment-name }}-environments" + + # Create a temporary file for the manifest + cp ${{ github.action_path }}/job-template.yml job-setup-s3.yml + + # Replace placeholders + sed -i "s/JOB_NAME_PLACEHOLDER/$JOB_NAME/g" job-setup-s3.yml + sed -i "s/CONFIGMAP_NAME_PLACEHOLDER/$CONFIGMAP_NAME/g" job-setup-s3.yml + sed -i "s/SECRET_NAME_PLACEHOLDER/${{ inputs.secret-name }}/g" job-setup-s3.yml + sed -i "s/PREVIEW_NUMBER_PLACEHOLDER/${{ inputs.preview-number }}/g" job-setup-s3.yml + + echo "Prepared job manifest: job-setup-s3.yml" + shell: bash + + - name: Create setup-s3 job + run: | + kubectl apply --namespace ${{ inputs.namespace }} -f job-setup-s3.yml + shell: bash + + - name: Wait for setup-s3 job to complete + run: | + JOB_NAME="prepare-s3-preview-${{ inputs.preview-number }}" + NAMESPACE="${{ inputs.namespace }}" + + echo "Waiting for job $JOB_NAME in namespace $NAMESPACE..." + + if kubectl wait --namespace $NAMESPACE --for=condition=complete --timeout=10m job/$JOB_NAME; then + echo "Job finished with status: Complete" + kubectl logs job/$JOB_NAME --namespace $NAMESPACE + elif kubectl wait --namespace $NAMESPACE --for=condition=failed --timeout=1s job/$JOB_NAME; then + echo "Job finished with status: Failed" + kubectl logs job/$JOB_NAME --namespace $NAMESPACE + exit 1 + else + echo "Timeout waiting for job to complete." + kubectl logs job/$JOB_NAME --namespace $NAMESPACE || true + exit 1 + fi + shell: bash diff --git a/setup-s3-preview/job-template.yml b/setup-s3-preview/job-template.yml new file mode 100644 index 0000000..039f24e --- /dev/null +++ b/setup-s3-preview/job-template.yml @@ -0,0 +1,80 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: JOB_NAME_PLACEHOLDER +spec: + ttlSecondsAfterFinished: 60 + template: + spec: + restartPolicy: Never + containers: + - name: prepare-s3-preview + image: amazon/aws-cli:2 + command: [ "bash", "-c" ] + args: + - | + set -e + + echo "### START $(date --iso-8601=seconds) ###" + + S3_ARGS="" + if [ -n "$S3_ENDPOINT" ]; then + S3_ARGS="--endpoint-url $S3_ENDPOINT" + fi + + S3_MAIN_PREFIX="s3://$S3_BUCKET/main/" + S3_PREVIEW_PREFIX="s3://$S3_BUCKET/preview-$PREVIEW_NUMBER/" + + echo "Checking if $S3_PREVIEW_PREFIX already exists..." + if [ "$(aws s3 $S3_ARGS ls "$S3_PREVIEW_PREFIX" | wc -l)" -gt 0 ]; then + echo "$S3_PREVIEW_PREFIX already exists. Skipping setup." + echo "Script finished successfully!" + echo "### END $(date --iso-8601=seconds) ###" + exit 0 + fi + + echo "Syncing from $S3_MAIN_PREFIX to $S3_PREVIEW_PREFIX ..." + aws s3 $S3_ARGS sync "$S3_MAIN_PREFIX" "$S3_PREVIEW_PREFIX" + + echo "Script finished successfully!" + echo "### END $(date --iso-8601=seconds) ###" + env: + - name: S3_BUCKET + valueFrom: + configMapKeyRef: + name: CONFIGMAP_NAME_PLACEHOLDER + key: S3_BUCKET + - name: S3_ENDPOINT + valueFrom: + configMapKeyRef: + name: CONFIGMAP_NAME_PLACEHOLDER + key: S3_ENDPOINT + optional: true + - name: AWS_REGION + valueFrom: + configMapKeyRef: + name: CONFIGMAP_NAME_PLACEHOLDER + key: AWS_REGION + - name: AWS_DEFAULT_REGION + valueFrom: + configMapKeyRef: + name: CONFIGMAP_NAME_PLACEHOLDER + key: AWS_REGION + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + name: SECRET_NAME_PLACEHOLDER + key: AWS_ACCESS_KEY_ID + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + name: SECRET_NAME_PLACEHOLDER + key: AWS_SECRET_ACCESS_KEY + - name: AWS_SESSION_TOKEN + valueFrom: + secretKeyRef: + name: SECRET_NAME_PLACEHOLDER + key: AWS_SESSION_TOKEN + optional: true + - name: PREVIEW_NUMBER + value: "PREVIEW_NUMBER_PLACEHOLDER" From 0b43955cca51e0ff5b0aa7c2df8eb658047efc49 Mon Sep 17 00:00:00 2001 From: Simon Planinschek Date: Thu, 19 Feb 2026 15:59:37 +0100 Subject: [PATCH 2/5] add action to teardown S3 preview deployments --- teardown-s3-preview/action.yml | 62 ++++++++++++++++++++++ teardown-s3-preview/job-template.yml | 79 ++++++++++++++++++++++++++++ 2 files changed, 141 insertions(+) create mode 100644 teardown-s3-preview/action.yml create mode 100644 teardown-s3-preview/job-template.yml diff --git a/teardown-s3-preview/action.yml b/teardown-s3-preview/action.yml new file mode 100644 index 0000000..fe9e667 --- /dev/null +++ b/teardown-s3-preview/action.yml @@ -0,0 +1,62 @@ +name: 'Teardown S3 Preview' +description: 'Deletes the S3 preview prefix' +inputs: + deployment-name: + description: 'Name of the deployment (used for ConfigMap name)' + required: true + namespace: + description: 'Kubernetes namespace' + required: true + preview-number: + description: 'Preview number (PR number)' + required: true + secret-name: + description: 'Name of the secret containing AWS credentials' + required: false + default: 'app-secrets' + +runs: + using: "composite" + steps: + - name: Prepare teardown-s3 job + run: | + JOB_NAME="teardown-s3-preview-${{ inputs.preview-number }}" + CONFIGMAP_NAME="${{ inputs.deployment-name }}-environments" + + # Create a temporary file for the manifest + cp ${{ github.action_path }}/job-template.yml job-teardown-s3.yml + + # Replace placeholders + sed -i "s/JOB_NAME_PLACEHOLDER/$JOB_NAME/g" job-teardown-s3.yml + sed -i "s/CONFIGMAP_NAME_PLACEHOLDER/$CONFIGMAP_NAME/g" job-teardown-s3.yml + sed -i "s/SECRET_NAME_PLACEHOLDER/${{ inputs.secret-name }}/g" job-teardown-s3.yml + sed -i "s/PREVIEW_NUMBER_PLACEHOLDER/${{ inputs.preview-number }}/g" job-teardown-s3.yml + + echo "Prepared job manifest: job-teardown-s3.yml" + shell: bash + + - name: Create teardown-s3 job + run: | + kubectl apply --namespace ${{ inputs.namespace }} -f job-teardown-s3.yml + shell: bash + + - name: Wait for teardown-s3 job to complete + run: | + JOB_NAME="teardown-s3-preview-${{ inputs.preview-number }}" + NAMESPACE="${{ inputs.namespace }}" + + echo "Waiting for job $JOB_NAME in namespace $NAMESPACE..." + + if kubectl wait --namespace $NAMESPACE --for=condition=complete --timeout=5m job/$JOB_NAME; then + echo "Job finished with status: Complete" + kubectl logs job/$JOB_NAME --namespace $NAMESPACE + elif kubectl wait --namespace $NAMESPACE --for=condition=failed --timeout=1s job/$JOB_NAME; then + echo "Job finished with status: Failed" + kubectl logs job/$JOB_NAME --namespace $NAMESPACE + exit 1 + else + echo "Timeout waiting for job to complete." + kubectl logs job/$JOB_NAME --namespace $NAMESPACE || true + exit 1 + fi + shell: bash diff --git a/teardown-s3-preview/job-template.yml b/teardown-s3-preview/job-template.yml new file mode 100644 index 0000000..48a61c0 --- /dev/null +++ b/teardown-s3-preview/job-template.yml @@ -0,0 +1,79 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: JOB_NAME_PLACEHOLDER +spec: + ttlSecondsAfterFinished: 60 + template: + spec: + restartPolicy: Never + containers: + - name: teardown-s3-preview + image: amazon/aws-cli:2 + command: [ "bash", "-c" ] + args: + - | + set -e + + echo "### START $(date --iso-8601=seconds) ###" + + S3_ARGS="" + if [ -n "$S3_ENDPOINT" ]; then + S3_ARGS="--endpoint-url $S3_ENDPOINT" + fi + + S3_PREVIEW_PREFIX="s3://$S3_BUCKET/preview-$PREVIEW_NUMBER/" + + echo "Checking if $S3_PREVIEW_PREFIX exists..." + if [ "$(aws s3 $S3_ARGS ls "$S3_PREVIEW_PREFIX" | wc -l)" -eq 0 ]; then + echo "$S3_PREVIEW_PREFIX does not exist or is empty. Skipping teardown." + echo "Script finished successfully!" + echo "### END $(date --iso-8601=seconds) ###" + exit 0 + fi + + echo "Removing $S3_PREVIEW_PREFIX recursively..." + aws s3 $S3_ARGS rm "$S3_PREVIEW_PREFIX" --recursive + + echo "Script finished successfully!" + echo "### END $(date --iso-8601=seconds) ###" + env: + - name: S3_BUCKET + valueFrom: + configMapKeyRef: + name: CONFIGMAP_NAME_PLACEHOLDER + key: S3_BUCKET + - name: S3_ENDPOINT + valueFrom: + configMapKeyRef: + name: CONFIGMAP_NAME_PLACEHOLDER + key: S3_ENDPOINT + optional: true + - name: AWS_REGION + valueFrom: + configMapKeyRef: + name: CONFIGMAP_NAME_PLACEHOLDER + key: AWS_REGION + - name: AWS_DEFAULT_REGION + valueFrom: + configMapKeyRef: + name: CONFIGMAP_NAME_PLACEHOLDER + key: AWS_REGION + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + name: SECRET_NAME_PLACEHOLDER + key: AWS_ACCESS_KEY_ID + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + name: SECRET_NAME_PLACEHOLDER + key: AWS_SECRET_ACCESS_KEY + - name: AWS_SESSION_TOKEN + valueFrom: + secretKeyRef: + name: SECRET_NAME_PLACEHOLDER + key: AWS_SESSION_TOKEN + optional: true + - name: PREVIEW_NUMBER + value: "PREVIEW_NUMBER_PLACEHOLDER" From 0069d516e47a445f7a204f8fc5714aeaf70829bd Mon Sep 17 00:00:00 2001 From: Simon Planinschek Date: Thu, 26 Feb 2026 12:10:20 +0100 Subject: [PATCH 3/5] parametrize S3 setup and teardown actions with configurable keys --- setup-s3-preview/action.yml | 79 +++++++++++++++++++++------- setup-s3-preview/job-template.yml | 39 +++++++------- teardown-s3-preview/action.yml | 73 ++++++++++++++++++------- teardown-s3-preview/job-template.yml | 37 +++++++------ 4 files changed, 157 insertions(+), 71 deletions(-) diff --git a/setup-s3-preview/action.yml b/setup-s3-preview/action.yml index c6e3758..9e0d16c 100644 --- a/setup-s3-preview/action.yml +++ b/setup-s3-preview/action.yml @@ -1,9 +1,10 @@ name: 'Setup S3 Preview' description: 'Creates an S3 preview prefix by copying from the main prefix' inputs: - deployment-name: - description: 'Name of the deployment (used for ConfigMap name)' - required: true + configmap-name: + description: 'Name of the ConfigMap' + required: false + default: 'app-spring-deployment-env' namespace: description: 'Kubernetes namespace' required: true @@ -14,24 +15,66 @@ inputs: description: 'Name of the secret containing AWS credentials' required: false default: 'app-secrets' + s3-bucket-key: + description: 'Key for S3_BUCKET in ConfigMap' + required: false + default: 'S3_BUCKET' + s3-endpoint-key: + description: 'Key for S3_ENDPOINT in ConfigMap' + required: false + default: 'S3_ENDPOINT' + aws-region-key: + description: 'Key for AWS_REGION in ConfigMap' + required: false + default: 'AWS_REGION' + aws-access-key-id-key: + description: 'Key for AWS_ACCESS_KEY_ID in Secret' + required: false + default: 'AWS_ACCESS_KEY_ID' + aws-secret-access-key-key: + description: 'Key for AWS_SECRET_ACCESS_KEY in Secret' + required: false + default: 'AWS_SECRET_ACCESS_KEY' + aws-session-token-key: + description: 'Key for AWS_SESSION_TOKEN in Secret' + required: false + default: 'AWS_SESSION_TOKEN' + base-prefix: + description: 'Base prefix to copy from' + required: false + default: 'main' runs: using: "composite" steps: - name: Prepare setup-s3 job + env: + JOB_NAME: "prepare-s3-preview-${{ inputs.preview-number }}" + CONFIGMAP_NAME: "${{ inputs.configmap-name }}" + SECRET_NAME: "${{ inputs.secret-name }}" + S3_BUCKET_KEY: "${{ inputs.s3-bucket-key }}" + S3_ENDPOINT_KEY: "${{ inputs.s3-endpoint-key }}" + AWS_REGION_KEY: "${{ inputs.aws-region-key }}" + AWS_ACCESS_KEY_ID_KEY: "${{ inputs.aws-access-key-id-key }}" + AWS_SECRET_ACCESS_KEY_KEY: "${{ inputs.aws-secret-access-key-key }}" + AWS_SESSION_TOKEN_KEY: "${{ inputs.aws-session-token-key }}" + PREVIEW_NUMBER: "${{ inputs.preview-number }}" + BASE_PREFIX: "${{ inputs.base-prefix }}" run: | - JOB_NAME="prepare-s3-preview-${{ inputs.preview-number }}" - CONFIGMAP_NAME="${{ inputs.deployment-name }}-environments" - - # Create a temporary file for the manifest - cp ${{ github.action_path }}/job-template.yml job-setup-s3.yml - - # Replace placeholders - sed -i "s/JOB_NAME_PLACEHOLDER/$JOB_NAME/g" job-setup-s3.yml - sed -i "s/CONFIGMAP_NAME_PLACEHOLDER/$CONFIGMAP_NAME/g" job-setup-s3.yml - sed -i "s/SECRET_NAME_PLACEHOLDER/${{ inputs.secret-name }}/g" job-setup-s3.yml - sed -i "s/PREVIEW_NUMBER_PLACEHOLDER/${{ inputs.preview-number }}/g" job-setup-s3.yml - + envsubst ' + $JOB_NAME + $CONFIGMAP_NAME + $SECRET_NAME + $S3_BUCKET_KEY + $S3_ENDPOINT_KEY + $AWS_REGION_KEY + $AWS_ACCESS_KEY_ID_KEY + $AWS_SECRET_ACCESS_KEY_KEY + $AWS_SESSION_TOKEN_KEY + $PREVIEW_NUMBER + $BASE_PREFIX + ' < ${{ github.action_path }}/job-template.yml > job-setup-s3.yml + echo "Prepared job manifest: job-setup-s3.yml" shell: bash @@ -41,10 +84,10 @@ runs: shell: bash - name: Wait for setup-s3 job to complete + env: + JOB_NAME: "prepare-s3-preview-${{ inputs.preview-number }}" + NAMESPACE: "${{ inputs.namespace }}" run: | - JOB_NAME="prepare-s3-preview-${{ inputs.preview-number }}" - NAMESPACE="${{ inputs.namespace }}" - echo "Waiting for job $JOB_NAME in namespace $NAMESPACE..." if kubectl wait --namespace $NAMESPACE --for=condition=complete --timeout=10m job/$JOB_NAME; then diff --git a/setup-s3-preview/job-template.yml b/setup-s3-preview/job-template.yml index 039f24e..f1ffda1 100644 --- a/setup-s3-preview/job-template.yml +++ b/setup-s3-preview/job-template.yml @@ -1,7 +1,10 @@ apiVersion: batch/v1 kind: Job metadata: - name: JOB_NAME_PLACEHOLDER + name: ${JOB_NAME} + labels: + app.kubernetes.io/managed-by: github-actions + app.kubernetes.io/component: s3-preview-setup spec: ttlSecondsAfterFinished: 60 template: @@ -22,8 +25,8 @@ spec: S3_ARGS="--endpoint-url $S3_ENDPOINT" fi - S3_MAIN_PREFIX="s3://$S3_BUCKET/main/" - S3_PREVIEW_PREFIX="s3://$S3_BUCKET/preview-$PREVIEW_NUMBER/" + S3_MAIN_PREFIX="s3://$S3_BUCKET/${BASE_PREFIX}/" + S3_PREVIEW_PREFIX="s3://$S3_BUCKET/preview-${PREVIEW_NUMBER}/" echo "Checking if $S3_PREVIEW_PREFIX already exists..." if [ "$(aws s3 $S3_ARGS ls "$S3_PREVIEW_PREFIX" | wc -l)" -gt 0 ]; then @@ -42,39 +45,39 @@ spec: - name: S3_BUCKET valueFrom: configMapKeyRef: - name: CONFIGMAP_NAME_PLACEHOLDER - key: S3_BUCKET + name: ${CONFIGMAP_NAME} + key: ${S3_BUCKET_KEY} - name: S3_ENDPOINT valueFrom: configMapKeyRef: - name: CONFIGMAP_NAME_PLACEHOLDER - key: S3_ENDPOINT + name: ${CONFIGMAP_NAME} + key: ${S3_ENDPOINT_KEY} optional: true - name: AWS_REGION valueFrom: configMapKeyRef: - name: CONFIGMAP_NAME_PLACEHOLDER - key: AWS_REGION + name: ${CONFIGMAP_NAME} + key: ${AWS_REGION_KEY} - name: AWS_DEFAULT_REGION valueFrom: configMapKeyRef: - name: CONFIGMAP_NAME_PLACEHOLDER - key: AWS_REGION + name: ${CONFIGMAP_NAME} + key: ${AWS_REGION_KEY} - name: AWS_ACCESS_KEY_ID valueFrom: secretKeyRef: - name: SECRET_NAME_PLACEHOLDER - key: AWS_ACCESS_KEY_ID + name: ${SECRET_NAME} + key: ${AWS_ACCESS_KEY_ID_KEY} - name: AWS_SECRET_ACCESS_KEY valueFrom: secretKeyRef: - name: SECRET_NAME_PLACEHOLDER - key: AWS_SECRET_ACCESS_KEY + name: ${SECRET_NAME} + key: ${AWS_SECRET_ACCESS_KEY_KEY} - name: AWS_SESSION_TOKEN valueFrom: secretKeyRef: - name: SECRET_NAME_PLACEHOLDER - key: AWS_SESSION_TOKEN + name: ${SECRET_NAME} + key: ${AWS_SESSION_TOKEN_KEY} optional: true - name: PREVIEW_NUMBER - value: "PREVIEW_NUMBER_PLACEHOLDER" + value: "${PREVIEW_NUMBER}" diff --git a/teardown-s3-preview/action.yml b/teardown-s3-preview/action.yml index fe9e667..170f85a 100644 --- a/teardown-s3-preview/action.yml +++ b/teardown-s3-preview/action.yml @@ -1,9 +1,10 @@ name: 'Teardown S3 Preview' description: 'Deletes the S3 preview prefix' inputs: - deployment-name: - description: 'Name of the deployment (used for ConfigMap name)' - required: true + configmap-name: + description: 'Name of the ConfigMap' + required: false + default: 'app-spring-deployment-env' namespace: description: 'Kubernetes namespace' required: true @@ -14,24 +15,60 @@ inputs: description: 'Name of the secret containing AWS credentials' required: false default: 'app-secrets' + s3-bucket-key: + description: 'Key for S3_BUCKET in ConfigMap' + required: false + default: 'S3_BUCKET' + s3-endpoint-key: + description: 'Key for S3_ENDPOINT in ConfigMap' + required: false + default: 'S3_ENDPOINT' + aws-region-key: + description: 'Key for AWS_REGION in ConfigMap' + required: false + default: 'AWS_REGION' + aws-access-key-id-key: + description: 'Key for AWS_ACCESS_KEY_ID in Secret' + required: false + default: 'AWS_ACCESS_KEY_ID' + aws-secret-access-key-key: + description: 'Key for AWS_SECRET_ACCESS_KEY in Secret' + required: false + default: 'AWS_SECRET_ACCESS_KEY' + aws-session-token-key: + description: 'Key for AWS_SESSION_TOKEN in Secret' + required: false + default: 'AWS_SESSION_TOKEN' runs: using: "composite" steps: - name: Prepare teardown-s3 job + env: + JOB_NAME: "teardown-s3-preview-${{ inputs.preview-number }}" + CONFIGMAP_NAME: "${{ inputs.configmap-name }}" + SECRET_NAME: "${{ inputs.secret-name }}" + S3_BUCKET_KEY: "${{ inputs.s3-bucket-key }}" + S3_ENDPOINT_KEY: "${{ inputs.s3-endpoint-key }}" + AWS_REGION_KEY: "${{ inputs.aws-region-key }}" + AWS_ACCESS_KEY_ID_KEY: "${{ inputs.aws-access-key-id-key }}" + AWS_SECRET_ACCESS_KEY_KEY: "${{ inputs.aws-secret-access-key-key }}" + AWS_SESSION_TOKEN_KEY: "${{ inputs.aws-session-token-key }}" + PREVIEW_NUMBER: "${{ inputs.preview-number }}" run: | - JOB_NAME="teardown-s3-preview-${{ inputs.preview-number }}" - CONFIGMAP_NAME="${{ inputs.deployment-name }}-environments" - - # Create a temporary file for the manifest - cp ${{ github.action_path }}/job-template.yml job-teardown-s3.yml - - # Replace placeholders - sed -i "s/JOB_NAME_PLACEHOLDER/$JOB_NAME/g" job-teardown-s3.yml - sed -i "s/CONFIGMAP_NAME_PLACEHOLDER/$CONFIGMAP_NAME/g" job-teardown-s3.yml - sed -i "s/SECRET_NAME_PLACEHOLDER/${{ inputs.secret-name }}/g" job-teardown-s3.yml - sed -i "s/PREVIEW_NUMBER_PLACEHOLDER/${{ inputs.preview-number }}/g" job-teardown-s3.yml - + envsubst ' + $JOB_NAME + $CONFIGMAP_NAME + $SECRET_NAME + $S3_BUCKET_KEY + $S3_ENDPOINT_KEY + $AWS_REGION_KEY + $AWS_ACCESS_KEY_ID_KEY + $AWS_SECRET_ACCESS_KEY_KEY + $AWS_SESSION_TOKEN_KEY + $PREVIEW_NUMBER + ' < ${{ github.action_path }}/job-template.yml > job-teardown-s3.yml + echo "Prepared job manifest: job-teardown-s3.yml" shell: bash @@ -41,10 +78,10 @@ runs: shell: bash - name: Wait for teardown-s3 job to complete + env: + JOB_NAME: "teardown-s3-preview-${{ inputs.preview-number }}" + NAMESPACE: "${{ inputs.namespace }}" run: | - JOB_NAME="teardown-s3-preview-${{ inputs.preview-number }}" - NAMESPACE="${{ inputs.namespace }}" - echo "Waiting for job $JOB_NAME in namespace $NAMESPACE..." if kubectl wait --namespace $NAMESPACE --for=condition=complete --timeout=5m job/$JOB_NAME; then diff --git a/teardown-s3-preview/job-template.yml b/teardown-s3-preview/job-template.yml index 48a61c0..4281d32 100644 --- a/teardown-s3-preview/job-template.yml +++ b/teardown-s3-preview/job-template.yml @@ -1,7 +1,10 @@ apiVersion: batch/v1 kind: Job metadata: - name: JOB_NAME_PLACEHOLDER + name: ${JOB_NAME} + labels: + app.kubernetes.io/managed-by: github-actions + app.kubernetes.io/component: s3-preview-teardown spec: ttlSecondsAfterFinished: 60 template: @@ -22,7 +25,7 @@ spec: S3_ARGS="--endpoint-url $S3_ENDPOINT" fi - S3_PREVIEW_PREFIX="s3://$S3_BUCKET/preview-$PREVIEW_NUMBER/" + S3_PREVIEW_PREFIX="s3://$S3_BUCKET/preview-${PREVIEW_NUMBER}/" echo "Checking if $S3_PREVIEW_PREFIX exists..." if [ "$(aws s3 $S3_ARGS ls "$S3_PREVIEW_PREFIX" | wc -l)" -eq 0 ]; then @@ -41,39 +44,39 @@ spec: - name: S3_BUCKET valueFrom: configMapKeyRef: - name: CONFIGMAP_NAME_PLACEHOLDER - key: S3_BUCKET + name: ${CONFIGMAP_NAME} + key: ${S3_BUCKET_KEY} - name: S3_ENDPOINT valueFrom: configMapKeyRef: - name: CONFIGMAP_NAME_PLACEHOLDER - key: S3_ENDPOINT + name: ${CONFIGMAP_NAME} + key: ${S3_ENDPOINT_KEY} optional: true - name: AWS_REGION valueFrom: configMapKeyRef: - name: CONFIGMAP_NAME_PLACEHOLDER - key: AWS_REGION + name: ${CONFIGMAP_NAME} + key: ${AWS_REGION_KEY} - name: AWS_DEFAULT_REGION valueFrom: configMapKeyRef: - name: CONFIGMAP_NAME_PLACEHOLDER - key: AWS_REGION + name: ${CONFIGMAP_NAME} + key: ${AWS_REGION_KEY} - name: AWS_ACCESS_KEY_ID valueFrom: secretKeyRef: - name: SECRET_NAME_PLACEHOLDER - key: AWS_ACCESS_KEY_ID + name: ${SECRET_NAME} + key: ${AWS_ACCESS_KEY_ID_KEY} - name: AWS_SECRET_ACCESS_KEY valueFrom: secretKeyRef: - name: SECRET_NAME_PLACEHOLDER - key: AWS_SECRET_ACCESS_KEY + name: ${SECRET_NAME} + key: ${AWS_SECRET_ACCESS_KEY_KEY} - name: AWS_SESSION_TOKEN valueFrom: secretKeyRef: - name: SECRET_NAME_PLACEHOLDER - key: AWS_SESSION_TOKEN + name: ${SECRET_NAME} + key: ${AWS_SESSION_TOKEN_KEY} optional: true - name: PREVIEW_NUMBER - value: "PREVIEW_NUMBER_PLACEHOLDER" + value: "${PREVIEW_NUMBER}" From c382b75221e7df2e5ab7426b289823c46c7cc5e5 Mon Sep 17 00:00:00 2001 From: Simon Planinschek Date: Thu, 26 Feb 2026 12:10:45 +0100 Subject: [PATCH 4/5] update readme with S3 preview setup and teardown examples --- readme.md | 63 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 63 insertions(+) diff --git a/readme.md b/readme.md index b02af90..884a546 100644 --- a/readme.md +++ b/readme.md @@ -90,6 +90,69 @@ The following inputs can be used as `step.with` keys: | `timeout` | `5m` | The timeout for the Helm command | | `working-directory` | `.` | The working directory where the action commands will operate | +### Setup S3 Preview + +Creates an S3 preview prefix by copying from the main prefix. + +#### Example + +```yaml + - uses: aboutbits/github-actions-kubernetes/setup-s3-preview@v3 + with: + configmap-name: my-app-environments + namespace: my-namespace + preview-number: ${{ github.event.number }} +``` + +#### Inputs + +The following inputs can be used as `step.with` keys: + +| Name | Required/Default | Description | +|-----------------------------|-----------------------------|-----------------------------------------------------| +| `configmap-name` | `app-spring-deployment-env` | Name of the ConfigMap | +| `namespace` | required | Kubernetes namespace | +| `preview-number` | required | Preview number (PR number) | +| `secret-name` | `app-secrets` | Name of the secret containing AWS credentials | +| `s3-bucket-key` | `S3_BUCKET` | Key for S3_BUCKET in ConfigMap | +| `s3-endpoint-key` | `S3_ENDPOINT` | Key for S3_ENDPOINT in ConfigMap | +| `aws-region-key` | `AWS_REGION` | Key for AWS_REGION in ConfigMap | +| `aws-access-key-id-key` | `AWS_ACCESS_KEY_ID` | Key for AWS_ACCESS_KEY_ID in Secret | +| `aws-secret-access-key-key` | `AWS_SECRET_ACCESS_KEY` | Key for AWS_SECRET_ACCESS_KEY in Secret | +| `aws-session-token-key` | `AWS_SESSION_TOKEN` | Key for AWS_SESSION_TOKEN in Secret | +| `base-prefix` | `main` | Base prefix to copy from | + +### Teardown S3 Preview + +Deletes the S3 preview prefix. + +#### Example + +```yaml + - uses: aboutbits/github-actions-kubernetes/teardown-s3-preview@v3 + with: + configmap-name: my-app-environments + namespace: my-namespace + preview-number: ${{ github.event.number }} +``` + +#### Inputs + +The following inputs can be used as `step.with` keys: + +| Name | Required/Default | Description | +|-----------------------------|-----------------------------|-----------------------------------------------------| +| `configmap-name` | `app-spring-deployment-env` | Name of the ConfigMap | +| `namespace` | required | Kubernetes namespace | +| `preview-number` | required | Preview number (PR number) | +| `secret-name` | `app-secrets` | Name of the secret containing AWS credentials | +| `s3-bucket-key` | `S3_BUCKET` | Key for S3_BUCKET in ConfigMap | +| `s3-endpoint-key` | `S3_ENDPOINT` | Key for S3_ENDPOINT in ConfigMap | +| `aws-region-key` | `AWS_REGION` | Key for AWS_REGION in ConfigMap | +| `aws-access-key-id-key` | `AWS_ACCESS_KEY_ID` | Key for AWS_ACCESS_KEY_ID in Secret | +| `aws-secret-access-key-key` | `AWS_SECRET_ACCESS_KEY` | Key for AWS_SECRET_ACCESS_KEY in Secret | +| `aws-session-token-key` | `AWS_SESSION_TOKEN` | Key for AWS_SESSION_TOKEN in Secret | + ### Setup PostgreSQL Preview Schema Sets up a PostgreSQL preview schema by cloning a base schema. From f7bebcc7a5ded10777c79a491afed8846b636956 Mon Sep 17 00:00:00 2001 From: Simon Planinschek Date: Fri, 6 Mar 2026 16:11:59 +0100 Subject: [PATCH 5/5] update S3 preview setup and teardown to support configurable keys --- readme.md | 26 +++++++------- setup-s3-preview/action.yml | 54 ++++++++++++++-------------- setup-s3-preview/job-template.yml | 41 +++++++++++++-------- teardown-s3-preview/action.yml | 44 +++++++++++------------ teardown-s3-preview/job-template.yml | 23 ++++++------ 5 files changed, 99 insertions(+), 89 deletions(-) diff --git a/readme.md b/readme.md index 2812b10..f0a5c2a 100644 --- a/readme.md +++ b/readme.md @@ -110,17 +110,17 @@ The following inputs can be used as `step.with` keys: | Name | Required/Default | Description | |-----------------------------|-----------------------------|-----------------------------------------------------| -| `configmap-name` | `app-spring-deployment-env` | Name of the ConfigMap | +| `configmap-name` | `app-spring-deployment-environments` | Name of the ConfigMap | | `namespace` | required | Kubernetes namespace | | `preview-number` | required | Preview number (PR number) | -| `secret-name` | `app-secrets` | Name of the secret containing AWS credentials | +| `secret-name` | `app-secrets` | Name of the secret containing credentials | | `s3-bucket-key` | `S3_BUCKET` | Key for S3_BUCKET in ConfigMap | | `s3-endpoint-key` | `S3_ENDPOINT` | Key for S3_ENDPOINT in ConfigMap | -| `aws-region-key` | `AWS_REGION` | Key for AWS_REGION in ConfigMap | -| `aws-access-key-id-key` | `AWS_ACCESS_KEY_ID` | Key for AWS_ACCESS_KEY_ID in Secret | -| `aws-secret-access-key-key` | `AWS_SECRET_ACCESS_KEY` | Key for AWS_SECRET_ACCESS_KEY in Secret | -| `aws-session-token-key` | `AWS_SESSION_TOKEN` | Key for AWS_SESSION_TOKEN in Secret | -| `base-prefix` | `main` | Base prefix to copy from | +| `s3-region-key` | `S3_REGION` | Key for S3_REGION in ConfigMap | +| `s3-root-folder-key` | `S3_ROOT_FOLDER` | Key for S3_ROOT_FOLDER in ConfigMap | +| `s3-force-path-style-access-key` | `S3_FORCE_PATH_STYLE_ACCESS` | Key for S3_FORCE_PATH_STYLE_ACCESS in ConfigMap | +| `s3-access-key-key` | `S3_ACCESS_KEY` | Key for S3_ACCESS_KEY in Secret | +| `s3-secret-key-key` | `S3_SECRET_KEY` | Key for S3_SECRET_KEY in Secret | ### Teardown S3 Preview @@ -142,16 +142,16 @@ The following inputs can be used as `step.with` keys: | Name | Required/Default | Description | |-----------------------------|-----------------------------|-----------------------------------------------------| -| `configmap-name` | `app-spring-deployment-env` | Name of the ConfigMap | +| `configmap-name` | `app-spring-deployment-environments` | Name of the ConfigMap | | `namespace` | required | Kubernetes namespace | | `preview-number` | required | Preview number (PR number) | -| `secret-name` | `app-secrets` | Name of the secret containing AWS credentials | +| `secret-name` | `app-secrets` | Name of the secret containing credentials | | `s3-bucket-key` | `S3_BUCKET` | Key for S3_BUCKET in ConfigMap | | `s3-endpoint-key` | `S3_ENDPOINT` | Key for S3_ENDPOINT in ConfigMap | -| `aws-region-key` | `AWS_REGION` | Key for AWS_REGION in ConfigMap | -| `aws-access-key-id-key` | `AWS_ACCESS_KEY_ID` | Key for AWS_ACCESS_KEY_ID in Secret | -| `aws-secret-access-key-key` | `AWS_SECRET_ACCESS_KEY` | Key for AWS_SECRET_ACCESS_KEY in Secret | -| `aws-session-token-key` | `AWS_SESSION_TOKEN` | Key for AWS_SESSION_TOKEN in Secret | +| `s3-region-key` | `S3_REGION` | Key for S3_REGION in ConfigMap | +| `s3-force-path-style-access-key` | `S3_FORCE_PATH_STYLE_ACCESS` | Key for S3_FORCE_PATH_STYLE_ACCESS in ConfigMap | +| `s3-access-key-key` | `S3_ACCESS_KEY` | Key for S3_ACCESS_KEY in Secret | +| `s3-secret-key-key` | `S3_SECRET_KEY` | Key for S3_SECRET_KEY in Secret | ### Setup PostgreSQL Preview Schema diff --git a/setup-s3-preview/action.yml b/setup-s3-preview/action.yml index 9e0d16c..f49def2 100644 --- a/setup-s3-preview/action.yml +++ b/setup-s3-preview/action.yml @@ -4,7 +4,7 @@ inputs: configmap-name: description: 'Name of the ConfigMap' required: false - default: 'app-spring-deployment-env' + default: 'app-spring-deployment-environments' namespace: description: 'Kubernetes namespace' required: true @@ -12,7 +12,7 @@ inputs: description: 'Preview number (PR number)' required: true secret-name: - description: 'Name of the secret containing AWS credentials' + description: 'Name of the secret containing credentials' required: false default: 'app-secrets' s3-bucket-key: @@ -23,26 +23,26 @@ inputs: description: 'Key for S3_ENDPOINT in ConfigMap' required: false default: 'S3_ENDPOINT' - aws-region-key: - description: 'Key for AWS_REGION in ConfigMap' + s3-region-key: + description: 'Key for S3_REGION in ConfigMap' required: false - default: 'AWS_REGION' - aws-access-key-id-key: - description: 'Key for AWS_ACCESS_KEY_ID in Secret' + default: 'S3_REGION' + s3-root-folder-key: + description: 'Key for S3_ROOT_FOLDER in ConfigMap' required: false - default: 'AWS_ACCESS_KEY_ID' - aws-secret-access-key-key: - description: 'Key for AWS_SECRET_ACCESS_KEY in Secret' + default: 'S3_ROOT_FOLDER' + s3-force-path-style-access-key: + description: 'Key for S3_FORCE_PATH_STYLE_ACCESS in ConfigMap' required: false - default: 'AWS_SECRET_ACCESS_KEY' - aws-session-token-key: - description: 'Key for AWS_SESSION_TOKEN in Secret' + default: 'S3_FORCE_PATH_STYLE_ACCESS' + s3-access-key-key: + description: 'Key for S3_ACCESS_KEY in Secret' required: false - default: 'AWS_SESSION_TOKEN' - base-prefix: - description: 'Base prefix to copy from' + default: 'S3_ACCESS_KEY' + s3-secret-key-key: + description: 'Key for S3_SECRET_KEY in Secret' required: false - default: 'main' + default: 'S3_SECRET_KEY' runs: using: "composite" @@ -54,12 +54,12 @@ runs: SECRET_NAME: "${{ inputs.secret-name }}" S3_BUCKET_KEY: "${{ inputs.s3-bucket-key }}" S3_ENDPOINT_KEY: "${{ inputs.s3-endpoint-key }}" - AWS_REGION_KEY: "${{ inputs.aws-region-key }}" - AWS_ACCESS_KEY_ID_KEY: "${{ inputs.aws-access-key-id-key }}" - AWS_SECRET_ACCESS_KEY_KEY: "${{ inputs.aws-secret-access-key-key }}" - AWS_SESSION_TOKEN_KEY: "${{ inputs.aws-session-token-key }}" + S3_REGION_KEY: "${{ inputs.s3-region-key }}" + S3_ROOT_FOLDER_KEY: "${{ inputs.s3-root-folder-key }}" + S3_FORCE_PATH_STYLE_ACCESS_KEY: "${{ inputs.s3-force-path-style-access-key }}" + S3_ACCESS_KEY_KEY: "${{ inputs.s3-access-key-key }}" + S3_SECRET_KEY_KEY: "${{ inputs.s3-secret-key-key }}" PREVIEW_NUMBER: "${{ inputs.preview-number }}" - BASE_PREFIX: "${{ inputs.base-prefix }}" run: | envsubst ' $JOB_NAME @@ -67,12 +67,12 @@ runs: $SECRET_NAME $S3_BUCKET_KEY $S3_ENDPOINT_KEY - $AWS_REGION_KEY - $AWS_ACCESS_KEY_ID_KEY - $AWS_SECRET_ACCESS_KEY_KEY - $AWS_SESSION_TOKEN_KEY + $S3_REGION_KEY + $S3_ROOT_FOLDER_KEY + $S3_FORCE_PATH_STYLE_ACCESS_KEY + $S3_ACCESS_KEY_KEY + $S3_SECRET_KEY_KEY $PREVIEW_NUMBER - $BASE_PREFIX ' < ${{ github.action_path }}/job-template.yml > job-setup-s3.yml echo "Prepared job manifest: job-setup-s3.yml" diff --git a/setup-s3-preview/job-template.yml b/setup-s3-preview/job-template.yml index f1ffda1..8bd5cab 100644 --- a/setup-s3-preview/job-template.yml +++ b/setup-s3-preview/job-template.yml @@ -20,12 +20,22 @@ spec: echo "### START $(date --iso-8601=seconds) ###" + if [ "$S3_FORCE_PATH_STYLE_ACCESS" = "true" ]; then + aws configure set default.s3.addressing_style path + fi + S3_ARGS="" if [ -n "$S3_ENDPOINT" ]; then S3_ARGS="--endpoint-url $S3_ENDPOINT" fi - S3_MAIN_PREFIX="s3://$S3_BUCKET/${BASE_PREFIX}/" + S3_SOURCE_PREFIX="" + if [ -n "$S3_ROOT_FOLDER" ]; then + S3_SOURCE_PREFIX="s3://$S3_BUCKET/${S3_ROOT_FOLDER%/}/" + else + S3_SOURCE_PREFIX="s3://$S3_BUCKET/" + fi + S3_PREVIEW_PREFIX="s3://$S3_BUCKET/preview-${PREVIEW_NUMBER}/" echo "Checking if $S3_PREVIEW_PREFIX already exists..." @@ -36,8 +46,8 @@ spec: exit 0 fi - echo "Syncing from $S3_MAIN_PREFIX to $S3_PREVIEW_PREFIX ..." - aws s3 $S3_ARGS sync "$S3_MAIN_PREFIX" "$S3_PREVIEW_PREFIX" + echo "Syncing from $S3_SOURCE_PREFIX to $S3_PREVIEW_PREFIX ..." + aws s3 $S3_ARGS sync "$S3_SOURCE_PREFIX" "$S3_PREVIEW_PREFIX" echo "Script finished successfully!" echo "### END $(date --iso-8601=seconds) ###" @@ -53,31 +63,32 @@ spec: name: ${CONFIGMAP_NAME} key: ${S3_ENDPOINT_KEY} optional: true - - name: AWS_REGION + - name: AWS_DEFAULT_REGION valueFrom: configMapKeyRef: name: ${CONFIGMAP_NAME} - key: ${AWS_REGION_KEY} - - name: AWS_DEFAULT_REGION + key: ${S3_REGION_KEY} + - name: S3_ROOT_FOLDER valueFrom: configMapKeyRef: name: ${CONFIGMAP_NAME} - key: ${AWS_REGION_KEY} + key: ${S3_ROOT_FOLDER_KEY} + optional: true + - name: S3_FORCE_PATH_STYLE_ACCESS + valueFrom: + configMapKeyRef: + name: ${CONFIGMAP_NAME} + key: ${S3_FORCE_PATH_STYLE_ACCESS_KEY} + optional: true - name: AWS_ACCESS_KEY_ID valueFrom: secretKeyRef: name: ${SECRET_NAME} - key: ${AWS_ACCESS_KEY_ID_KEY} + key: ${S3_ACCESS_KEY_KEY} - name: AWS_SECRET_ACCESS_KEY valueFrom: secretKeyRef: name: ${SECRET_NAME} - key: ${AWS_SECRET_ACCESS_KEY_KEY} - - name: AWS_SESSION_TOKEN - valueFrom: - secretKeyRef: - name: ${SECRET_NAME} - key: ${AWS_SESSION_TOKEN_KEY} - optional: true + key: ${S3_SECRET_KEY_KEY} - name: PREVIEW_NUMBER value: "${PREVIEW_NUMBER}" diff --git a/teardown-s3-preview/action.yml b/teardown-s3-preview/action.yml index 170f85a..f1292a2 100644 --- a/teardown-s3-preview/action.yml +++ b/teardown-s3-preview/action.yml @@ -4,7 +4,7 @@ inputs: configmap-name: description: 'Name of the ConfigMap' required: false - default: 'app-spring-deployment-env' + default: 'app-spring-deployment-environments' namespace: description: 'Kubernetes namespace' required: true @@ -12,7 +12,7 @@ inputs: description: 'Preview number (PR number)' required: true secret-name: - description: 'Name of the secret containing AWS credentials' + description: 'Name of the secret containing credentials' required: false default: 'app-secrets' s3-bucket-key: @@ -23,22 +23,22 @@ inputs: description: 'Key for S3_ENDPOINT in ConfigMap' required: false default: 'S3_ENDPOINT' - aws-region-key: - description: 'Key for AWS_REGION in ConfigMap' + s3-region-key: + description: 'Key for S3_REGION in ConfigMap' required: false - default: 'AWS_REGION' - aws-access-key-id-key: - description: 'Key for AWS_ACCESS_KEY_ID in Secret' + default: 'S3_REGION' + s3-force-path-style-access-key: + description: 'Key for S3_FORCE_PATH_STYLE_ACCESS in ConfigMap' required: false - default: 'AWS_ACCESS_KEY_ID' - aws-secret-access-key-key: - description: 'Key for AWS_SECRET_ACCESS_KEY in Secret' + default: 'S3_FORCE_PATH_STYLE_ACCESS' + s3-access-key-key: + description: 'Key for S3_ACCESS_KEY in Secret' required: false - default: 'AWS_SECRET_ACCESS_KEY' - aws-session-token-key: - description: 'Key for AWS_SESSION_TOKEN in Secret' + default: 'S3_ACCESS_KEY' + s3-secret-key-key: + description: 'Key for S3_SECRET_KEY in Secret' required: false - default: 'AWS_SESSION_TOKEN' + default: 'S3_SECRET_KEY' runs: using: "composite" @@ -50,10 +50,10 @@ runs: SECRET_NAME: "${{ inputs.secret-name }}" S3_BUCKET_KEY: "${{ inputs.s3-bucket-key }}" S3_ENDPOINT_KEY: "${{ inputs.s3-endpoint-key }}" - AWS_REGION_KEY: "${{ inputs.aws-region-key }}" - AWS_ACCESS_KEY_ID_KEY: "${{ inputs.aws-access-key-id-key }}" - AWS_SECRET_ACCESS_KEY_KEY: "${{ inputs.aws-secret-access-key-key }}" - AWS_SESSION_TOKEN_KEY: "${{ inputs.aws-session-token-key }}" + S3_REGION_KEY: "${{ inputs.s3-region-key }}" + S3_FORCE_PATH_STYLE_ACCESS_KEY: "${{ inputs.s3-force-path-style-access-key }}" + S3_ACCESS_KEY_KEY: "${{ inputs.s3-access-key-key }}" + S3_SECRET_KEY_KEY: "${{ inputs.s3-secret-key-key }}" PREVIEW_NUMBER: "${{ inputs.preview-number }}" run: | envsubst ' @@ -62,10 +62,10 @@ runs: $SECRET_NAME $S3_BUCKET_KEY $S3_ENDPOINT_KEY - $AWS_REGION_KEY - $AWS_ACCESS_KEY_ID_KEY - $AWS_SECRET_ACCESS_KEY_KEY - $AWS_SESSION_TOKEN_KEY + $S3_REGION_KEY + $S3_FORCE_PATH_STYLE_ACCESS_KEY + $S3_ACCESS_KEY_KEY + $S3_SECRET_KEY_KEY $PREVIEW_NUMBER ' < ${{ github.action_path }}/job-template.yml > job-teardown-s3.yml diff --git a/teardown-s3-preview/job-template.yml b/teardown-s3-preview/job-template.yml index 4281d32..5fcb37b 100644 --- a/teardown-s3-preview/job-template.yml +++ b/teardown-s3-preview/job-template.yml @@ -20,6 +20,10 @@ spec: echo "### START $(date --iso-8601=seconds) ###" + if [ "$S3_FORCE_PATH_STYLE_ACCESS" = "true" ]; then + aws configure set default.s3.addressing_style path + fi + S3_ARGS="" if [ -n "$S3_ENDPOINT" ]; then S3_ARGS="--endpoint-url $S3_ENDPOINT" @@ -52,31 +56,26 @@ spec: name: ${CONFIGMAP_NAME} key: ${S3_ENDPOINT_KEY} optional: true - - name: AWS_REGION + - name: AWS_DEFAULT_REGION valueFrom: configMapKeyRef: name: ${CONFIGMAP_NAME} - key: ${AWS_REGION_KEY} - - name: AWS_DEFAULT_REGION + key: ${S3_REGION_KEY} + - name: S3_FORCE_PATH_STYLE_ACCESS valueFrom: configMapKeyRef: name: ${CONFIGMAP_NAME} - key: ${AWS_REGION_KEY} + key: ${S3_FORCE_PATH_STYLE_ACCESS_KEY} + optional: true - name: AWS_ACCESS_KEY_ID valueFrom: secretKeyRef: name: ${SECRET_NAME} - key: ${AWS_ACCESS_KEY_ID_KEY} + key: ${S3_ACCESS_KEY_KEY} - name: AWS_SECRET_ACCESS_KEY valueFrom: secretKeyRef: name: ${SECRET_NAME} - key: ${AWS_SECRET_ACCESS_KEY_KEY} - - name: AWS_SESSION_TOKEN - valueFrom: - secretKeyRef: - name: ${SECRET_NAME} - key: ${AWS_SESSION_TOKEN_KEY} - optional: true + key: ${S3_SECRET_KEY_KEY} - name: PREVIEW_NUMBER value: "${PREVIEW_NUMBER}"