0

Just want to ask for your help on how I can add the condition here. I have this GitHub Actions YAML that receives an input whether it is poc or non-poc. I would like to add a condition on the role-to-assume: section that if I choose poc it should assign 123456789, else it will assign 098765432.

name: Deploy
on:
  workflow_dispatch:
    inputs:
      environment:
        description: "Environment"
        required: true
        default: "poc"
        type: choice
        options:
          - poc
          - non-poc

defaults:
  run:
    shell: bash -leo pipefail {0} 

jobs:
  build:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout
        uses: actions/checkout@v3

      - name: AWS STS Assume Role 
        id: assume-role
        uses: aws-actions/configure-aws-credentials@v1
        with:
          aws-region: us-east-1
          role-to-assume: arn:aws:iam::{{ how to place my condition here }}:role/MY-ROLE
          role-duration-seconds: 5000
          role-skip-session-tagging: true
          role-session-name: abcabcabc

That would be like this in the complete value:

poc = arn:aws:iam::123456789:role/MY-ROLE
non-poc = arn:aws:iam::098765432:role/MY-ROLE
Azeem
  • 11,148
  • 4
  • 27
  • 40
Lagot
  • 639
  • 1
  • 9
  • 26

1 Answers1

0

You can use AND && and OR || operators like this:

${{ inputs.environment == 'poc' && '123456789' || '098765432' }}

i.e.

role-to-assume: arn:aws:iam::${{ inputs.environment == 'poc' && '123456789' || '098765432' }}:role/MY-ROLE

Alternatively, you may add a separate step to evaluate and assign value to an environment variable or an output parameter and use that later.

Here's an example with an env var:

- name: Check inputs and set env var
  env:
    ENVIRONMENT: ${{ inputs.environment }}
  run: |
    local ENVIRONMENT_VALUE=''
    if [[ $ENVIRONMENT == 'poc' ]]; then
      ENVIRONMENT_VALUE='123456789'
    elif [[ $ENVIRONMENT == 'non-poc' ]]; then
      ENVIRONMENT_VALUE='098765432'
    fi
    echo "ENVIRONMENT_VALUE=$ENVIRONMENT_VALUE" >> $GITHUB_ENV

and, then:

role-to-assume: arn:aws:iam::${{ env.ENVIRONMENT_VALUE }}:role/MY-ROLE
Azeem
  • 11,148
  • 4
  • 27
  • 40