ai-space/opencode
3
0
Fork 0
mirror of https://github.com/anomalyco/opencode.git synced 2026-06-02 06:16:48 +02:00
Code Issues Packages Projects Releases Wiki Activity

chore: remove gh role from infra

Browse Source
This commit is contained in:
Adam
2026-05-25 20:35:40 -05:00
parent b0fcba5724
commit 4862c3e765
2 changed files with 0 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files
infra/stage.ts
-43
View File
@@ -9,49 +9,6 @@ export const zoneID = "430ba34c138cfb5360826c4909f99be8"
export const awsStage = $app.stage === "production" ? "production" : "dev" export const awsStage = $app.stage === "production" ? "production" : "dev"
export const deployAws = $app.stage === awsStage export const deployAws = $app.stage === awsStage
const githubActionsDeployRole = (() => {
if ($app.stage !== "dev" && $app.stage !== "production") return
const provider = new aws.iam.OpenIdConnectProvider("GithubActionsOidcProvider", {
url: "https://token.actions.githubusercontent.com",
clientIdLists: ["sts.amazonaws.com"],
})
const role = new aws.iam.Role("GithubActionsDeployRole", {
name: `opencode-${$app.stage}-github-actions-deploy`,
maxSessionDuration: 3600,
assumeRolePolicy: aws.iam.getPolicyDocumentOutput({
statements: [
{
effect: "Allow",
actions: ["sts:AssumeRoleWithWebIdentity"],
principals: [{ type: "Federated", identifiers: [provider.arn] }],
conditions: [
{
test: "StringEquals",
variable: "token.actions.githubusercontent.com:aud",
values: ["sts.amazonaws.com"],
},
{
test: "StringEquals",
variable: "token.actions.githubusercontent.com:sub",
values: [`repo:anomalyco/opencode:environment:${$app.stage}`],
},
],
},
],
}).json,
})
new aws.iam.RolePolicyAttachment("GithubActionsDeployRoleAdmin", {
role: role.name,
policyArn: "arn:aws:iam::aws:policy/AdministratorAccess",
})
return role
})()
export const githubActionsDeployRoleArn = githubActionsDeployRole?.arn
new cloudflare.RegionalHostname("RegionalHostname", { new cloudflare.RegionalHostname("RegionalHostname", {
hostname: domain, hostname: domain,
regionKey: "us", regionKey: "us",
sst.config.ts
-1
View File
@@ -51,7 +51,6 @@ export default $config({
StatWorkerUrl: stat.url, StatWorkerUrl: stat.url,
// StatsUrl: stats.app.url, // StatsUrl: stats.app.url,
AwsStage: stage.awsStage, AwsStage: stage.awsStage,
...(stage.githubActionsDeployRoleArn ? { GithubActionsDeployRoleArn: stage.githubActionsDeployRoleArn } : {}),
} }
}, },
}) })