pipeline fails when executing the script part (role-arn)
Hello,
I followed your tutorial but when I want to deploy it, I'm getting an arror:
Running with gitlab-runner 15.9.0~beta.115.g598a7c91 (598a7c91) on xxxxxxxx feature flags: FF_USE_IMPROVED_URL_MASKING:true Resolving secrets 00:00 Preparing the "docker+machine" executor Using Docker executor with image amazon/aws-cli:latest ... Pulling docker image amazon/aws-cli:latest ... Using docker image sha256:782f07dc091a8d5efbb239c782542806eb084c15e3529b302ffcf0dd269f597d for amazon/aws-cli:latest with digest amazon/aws-cli@sha256:b3cb20eb88efa5d5042de22dbaeb7089ef47b7ec5c0639a0e222d90dbc5b9ec1 ... Preparing environment 00:02 Running on xxxxxx via xxxxxxx... Getting source from Git repository 00:02 $ eval "$CI_PRE_CLONE_SCRIPT" Fetching changes with git depth set to 20... Initialized empty Git repository in xxxxxxxx Created fresh repository. Checking out 3c40a607 as detached HEAD (ref is master)... Skipping Git submodules setup Executing "step_script" stage of the job script 00:01 Using docker image sha256:782f07dc091a8d5efbb239c782542806eb084c15e3529b302ffcf0dd269f597d for amazon/aws-cli:latest with digest amazon/aws-cli@sha256:b3cb20eb88efa5d5042de22dbaeb7089ef47b7ec5c0639a0e222d90dbc5b9ec1 ... $ STS=($(aws sts assume-role-with-web-identity --role-arn ${ROLE_ARN} --role-session-name "GitLabRunner-${CI_PROJECT_ID}-${CI_PIPELINE_ID}" --web-identity-token $ID_TOKEN --duration-seconds 3600 --query 'Credentials.[AccessKeyId,SecretAccessKey,SessionToken]' --output text)) usage: aws [options] <command> <subcommand> [<subcommand> ...] [parameters] To see help text, you can run: aws help aws <command> help aws <command> <subcommand> help aws: error: argument --role-arn: expected one argument Cleaning up project directory and file based variables 00:01 ERROR: Job failed: exit code 1
(adding an image for readability):
I just need the deploy part as I am using aws amplify associated to the bucket.
This is my .gitlab-ci.yml file:
stages:
- deploy
.assume_role: &assume_role
- >
STS=($(aws sts assume-role-with-web-identity
--role-arn ${ROLE_ARN}
--role-session-name "GitLabRunner-${CI_PROJECT_ID}-${CI_PIPELINE_ID}"
--web-identity-token $ID_TOKEN
--duration-seconds 3600
--query 'Credentials.[AccessKeyId,SecretAccessKey,SessionToken]'
--output text))
- export AWS_ACCESS_KEY_ID="${STS[0]}"
- export AWS_SECRET_ACCESS_KEY="${STS[1]}"
- export AWS_SESSION_TOKEN="${STS[2]}"
deploy s3:
stage: deploy
image:
name: amazon/aws-cli:latest
entrypoint:
- '/usr/bin/env'
id_tokens:
ID_TOKEN:
aud: audiencedatahiddenxxxxx
script:
- *assume_role
- aws s3 sync build/ s3://$S3_BUCKET
rules:
- if: '$CI_COMMIT_REF_NAME == "master"'
when: alwaysMaybe the aws-cli image changed in this 2 months?
Can I provide more info to be more helpful?
Thank you very much and regards, Daniel