diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 60d7078..f7a562d 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -73,19 +73,21 @@ jobs: TIMESTAMP=$(date +%Y%m%d-%H%M%S) FILENAME="pr-${{ github.event.pull_request.number }}-${TIMESTAMP}.gif" echo "filename=${FILENAME}" >> $GITHUB_OUTPUT + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-access-key-id: ${{ vars.AWS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: 'eu-central-1' - name: Upload to S3 with expiration tag id: upload - uses: ramonpaolo/action-upload-s3@main - with: - AWS_BUCKET_NAME: ${{ vars.AWS_BUCKET }} - AWS_REGION: 'eu-central-1' - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - AWS_ACCESS_KEY_ID: ${{ vars.AWS_KEY_ID }} - local_path_upload: './ui-test.gif' - bucket_path_upload: '/' - name_to_save_on_s3: ${{ steps.filename.outputs.filename }} - tags: 'expiration=90days&Source=github-actions&Type=pr-demo-video' - zip: false + env: + AWS_BUCKET: ${{ vars.AWS_BUCKET }} + FILENAME: ${{ steps.filename.outputs.filename }} + run: | + aws s3 cp ./ui-test.gif s3://${AWS_BUCKET}/${FILENAME} \ + --tagging "expiration=90days&Source=github-actions&Type=pr-demo-video" \ + --acl public-read - name: Generate file URL id: fileurl env: diff --git a/CI_CD.md b/CI_CD.md index 59c65a8..399bd54 100644 --- a/CI_CD.md +++ b/CI_CD.md @@ -75,7 +75,7 @@ Tests the traditional Electron desktop application: 7. Display test results in GitHub summary **Artifacts**: -- UI test video (GIF format) uploaded to S3 +- UI test video (GIF format) uploaded to S3 using AWS CLI - Video is tagged with `expiration=90days` for automatic lifecycle deletion - Video is posted to the PR thread as an embedded image - Videos expire after 90 days via S3 lifecycle policy @@ -262,22 +262,24 @@ aws s3api get-bucket-lifecycle-configuration --bucket YOUR_BUCKET_NAME - `Source=github-actions` - Identifies source of upload - `Type=pr-demo-video` - Categorizes the object type - **S3 lifecycle rule**: Automatically deletes objects tagged with `expiration=90days` after 90 days -- **Upload mechanism**: Uses `ramonpaolo/action-upload-s3@main` GitHub Action with object tagging support +- **Upload mechanism**: Uses official AWS CLI via `aws-actions/configure-aws-credentials@v4` GitHub Action for authentication, then `aws s3 cp` with object tagging support - **gh-pages video**: `video.mp4` in gh-pages branch is served from GitHub Pages, not S3, so it persists indefinitely #### Required AWS Credentials The workflow requires the following secrets/variables: -- `vars.AWS_KEY_ID` - AWS access key ID (requires `s3:PutObject` and `s3:PutObjectTagging` permissions) +- `vars.AWS_KEY_ID` - AWS access key ID (requires `s3:PutObject`, `s3:PutObjectTagging`, and `s3:PutObjectAcl` permissions) - `secrets.AWS_SECRET_ACCESS_KEY` - AWS secret access key - `vars.AWS_BUCKET` - S3 bucket name - AWS region: `eu-central-1` (hardcoded in workflow) The S3 bucket must have: -- Public read access enabled for uploaded objects +- Public read access enabled for uploaded objects (via ACL or bucket policy) - Object tagging enabled - Lifecycle policy configured as described above +The workflow uses the official AWS CLI via `aws-actions/configure-aws-credentials@v4` action for secure credential management. + ## Troubleshooting ### Browser Tests Failing