ci: wire aws cli credentials for rainyun s3

2026-06-20 23:54:26 +08:00 · 2026-04-20 18:05:32 +08:00
parent a553f2f7aa
commit f487a32149
1 changed files with 19 additions and 3 deletions
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -733,6 +733,11 @@ jobs:
      UPDATE_PRIVATE_KEY_PEM: ${{ secrets.UPDATE_PRIVATE_KEY_PEM }}
      S3_ACCESS_KEY: ${{ secrets.S3_ACCESS_KEY }}
      S3_SECRET_KEY: ${{ secrets.S3_SECRET_KEY }}
+      AWS_ACCESS_KEY_ID: ${{ secrets.S3_ACCESS_KEY }}
+      AWS_SECRET_ACCESS_KEY: ${{ secrets.S3_SECRET_KEY }}
+      AWS_DEFAULT_REGION: ${{ vars.S3_REGION }}
+      AWS_REGION: ${{ vars.S3_REGION }}
+      AWS_EC2_METADATA_DISABLED: "true"
    steps:
      - name: Checkout
        uses: actions/checkout@v4
@@ -817,6 +822,14 @@ jobs:
        shell: pwsh
        run: |
          $ErrorActionPreference = "Stop"
+
+          function Invoke-AwsChecked([string[]]$Arguments) {
+            & aws @Arguments
+            if ($LASTEXITCODE -ne 0) {
+              throw "aws command failed: aws $($Arguments -join ' ')"
+            }
+          }
+
          $probeDir = Join-Path $PWD "pdc-work"
          New-Item -ItemType Directory -Path $probeDir -Force | Out-Null

@@ -824,8 +837,8 @@ jobs:
          Set-Content -Path $probeFile -Value "lanmountain pdc probe $(Get-Date -Format o)" -NoNewline

          $probeKey = "lanmountain/update/probe/$($env:GITHUB_RUN_ID)-$($env:GITHUB_RUN_ATTEMPT).txt"
-          aws --endpoint-url "$env:S3_ENDPOINT" s3 cp $probeFile "s3://$env:S3_BUCKET/$probeKey" --only-show-errors
-          aws --endpoint-url "$env:S3_ENDPOINT" s3 rm "s3://$env:S3_BUCKET/$probeKey" --only-show-errors
+          Invoke-AwsChecked @("--endpoint-url", "$env:S3_ENDPOINT", "--region", "$env:S3_REGION", "s3", "cp", $probeFile, "s3://$env:S3_BUCKET/$probeKey", "--only-show-errors")
+          Invoke-AwsChecked @("--endpoint-url", "$env:S3_ENDPOINT", "--region", "$env:S3_REGION", "s3", "rm", "s3://$env:S3_BUCKET/$probeKey", "--only-show-errors")
          Write-Host "S3 probe succeeded."

      - name: Bootstrap PDC Endpoint and Token
@@ -1033,7 +1046,10 @@ jobs:
          }

          if (Test-Path (Join-Path $stageRoot "installers")) {
-            aws --endpoint-url "$env:S3_ENDPOINT" s3 sync (Join-Path $stageRoot "installers") "s3://$env:S3_BUCKET/lanmountain/update/installers/" --only-show-errors
+            & aws --endpoint-url "$env:S3_ENDPOINT" --region "$env:S3_REGION" s3 sync (Join-Path $stageRoot "installers") "s3://$env:S3_BUCKET/lanmountain/update/installers/" --only-show-errors
+            if ($LASTEXITCODE -ne 0) {
+              throw "aws s3 sync failed for installer mirror upload."
+            }
          }

      - name: Upload PDC Assets