use aws secrets instead

2026-06-08 11:17:27 +00:00 · 2026-02-03 12:08:36 +00:00 · 2026-02-03 12:08:36 +00:00 · 33811cbb9a
commit 33811cbb9a
parent 7b1ebca790
2 changed files with 11 additions and 10 deletions
--- a/.github/workflows/_build_image.yml
+++ b/.github/workflows/_build_image.yml
@ -8,11 +8,6 @@ on:
        required: true
        type: string

-      aws_region:
-        description: "AWS region"
-        required: true
-        type: string
-
      dockerfile_path:
        description: "Path to Dockerfile"
        required: true
@ -36,6 +31,8 @@ on:
        required: true
      AWS_ACCOUNT_ID:
        required: true
+      AWS_REGION:
+          required: true

 jobs:
  build:
@ -47,18 +44,19 @@ jobs:
    steps:
      - uses: actions/checkout@v4

-      - uses: aws-actions/configure-aws-credentials@v4
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          aws-region: ${{ inputs.aws_region }}
+          aws-region: ${{ secrets.AWS_REGION }}

      - uses: aws-actions/amazon-ecr-login@v2

      - name: Build & push image
        run: |
          IMAGE_TAG=${GITHUB_SHA}
-          IMAGE_URI=${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ inputs.aws_region }}.amazonaws.com/${{ inputs.ecr_repo }}:${IMAGE_TAG}
+          IMAGE_URI=${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ secrets.AWS_REGION }}.amazonaws.com/${{ inputs.ecr_repo }}:${IMAGE_TAG}

          docker build \
            -f ${{ inputs.dockerfile_path }} \
@ -76,4 +74,4 @@ jobs:
            --query 'imageDetails[0].imageDigest' \
            --output text)

-          echo "image_digest=$DIGEST" >> $GITHUB_OUTPUT
+          echo "image_digest=$DIGEST" >> $GITHUB_OUTPUT
--- a/.github/workflows/deploy_terraform.yml
+++ b/.github/workflows/deploy_terraform.yml
@ -76,13 +76,16 @@ jobs:
    uses: ./.github/workflows/_build_docker_image.yml
    with:
      ecr_repo: address2uprn-${{ needs.determine_stage.outputs.stage }}
-      aws_region: ${{ secrets.DEV_AWS_REGION }}
      dockerfile_path: backend/address2UPRN/Dockerfile
      build_context: backend/address2UPRN
    secrets:
      AWS_ACCESS_KEY_ID: ${{ secrets.DEV_AWS_ACCESS_KEY_ID }}
      AWS_SECRET_ACCESS_KEY: ${{ secrets.DEV_AWS_SECRET_ACCESS_KEY }}
      AWS_ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID }}
+      AWS_REGION: ${{ secrets.DEV_AWS_REGION }}
+
+
+

  # # # ============================================================
  # # # 3️⃣ Deploy Lambda (Terraform, immutable digest)