ci: Adding GitHub Action s3 sync mechanism for internal repository (#7)

SilanHe · web-flow · commit f471ed3258ee · 2025-09-19T07:55:32.000-07:00
Adding GitHub Action s3 sync mechanism for internal repository
diff --git a/.github/workflows/upload-build-to-s3.yml b/.github/workflows/upload-build-to-s3.yml
@@ -0,0 +1,57 @@
+name: Upload Build to S3
+
+on:
+  push:
+    branches: [ "main" ]
+env:
+  BUCKET_NAME : "${{ secrets.S3_BUCKET_NAME }}"
+  AWS_REGION : "us-west-2"
+
+# permission can be added at job level or workflow level
+permissions:
+  id-token: write   # This is required for requesting the JWT
+  contents: read    # This is required for actions/checkout
+
+jobs:
+  on-success:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        python-version: ["3.13"]
+
+    steps:
+    - uses: actions/checkout@v5
+    - name: Set up Python ${{ matrix.python-version }}
+      uses: actions/setup-python@v6
+      with:
+        python-version: ${{ matrix.python-version }}
+    - name: Install Hatch 
+      run: |
+        python -m pip install --upgrade hatch
+    - name: Build distribution
+      run: hatch build
+    - name: configure aws credentials
+      uses: aws-actions/configure-aws-credentials@v4
+      with:
+        role-to-assume: "${{ secrets.ACTIONS_SYNC_ROLE_NAME }}"
+        role-session-name: gh-python
+        aws-region: ${{ env.AWS_REGION }}
+    - name: Copy tar gz build file to s3
+      run: |
+        aws s3 cp ./dist/aws_durable_execution_sdk_python-0.0.1.tar.gz \
+          s3://${{ env.BUCKET_NAME }}/
+    - name: commit tar gz to Gitfarm
+      run: |
+        aws lambda invoke \
+          --function-name ${{ secrets.SYNC_LAMBDA_ARN }} \
+          --payload '{"gitFarmRepo":"${{ secrets.GITFARM_LAN_SDK_REPO }}","gitFarmBranch":"${{ secrets.GITFARM_LAN_SDK_BRANCH }}","gitFarmFilepath":"aws_durable_execution_sdk_python-0.0.1.tar.gz","s3Bucket":"${{ secrets.S3_BUCKET_NAME }}","s3FilePath":"aws_durable_execution_sdk_python-0.0.1.tar.gz"}' \
+          --cli-binary-format raw-in-base64-out \
+          output.txt
+    - name: Check for error in lambda invoke
+      id: check_text_tar_gz
+      run: |
+          if grep -q "Error" output.txt; then
+            cat output.txt
+            exit 1
+          fi
