Move authentication towards the end to avoid credential leak

deepjavalibrary · Jul 29, 2024 · 7f335c4 · 7f335c4
1 parent 77e3950
commit 7f335c4
Showing 1 changed file with 20 additions and 21 deletions.
diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml
@@ -46,29 +46,11 @@ permissions:
 jobs:    
   documentation:
     # Change line below 
-    if: github.repository == 'Varun-Dutta/djl'  
     runs-on: ubuntu-latest
     steps:
 
     #Phase I: Set-up
-    #This phase sets up all of the necessary dependencies. This includes authenticating the workflow, installing Java and Python, and adding the tools used to build the documentation website.  
-      - name: Configure AWS Test Credentials
-        if: ${{ github.event.inputs.testing == 'true' }}
-        uses: aws-actions/configure-aws-credentials@v4
-        with: 
-          audience: sts.amazonaws.com
-          aws-region: us-east-1
-          role-to-assume: arn:aws:iam::185921645874:role/UpdateWebsite
-          role-session-name: UpdateWebsite
-
-      - name: Configure Deployment AWS Credentials
-        if: ${{ github.event_name != 'pull_request' && github.event.inputs.testing != 'true' }}
-        uses: aws-actions/configure-aws-credentials@v4
-        with:
-          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          aws-region: us-east-2
-
+    #This phase sets up all of the necessary dependencies. This includes installing Java, Python, and adding the tools used to build the documentation website. 
       - name: Set up JDK 17
         uses: actions/setup-java@v4
         with:
@@ -164,8 +146,25 @@ jobs:
           bash test_notebook.sh
 
       #Phase III: Retrive Current Website
-      #This phase retrieves the current version of the website that is stored in S3. The key pieces are the index.html and versions.json which serve as the landing page and the tracker of previous versions. 
-      #Potential Improvement: See if mike still works if only downloading the index.html file and versions.json rather than the entire previous website. 
+      #This phase handles authentication with AWS then retrieves the current version of the website that is stored in S3. The key pieces are the index.html and versions.json which serve as the landing page and the tracker of previous versions. 
+      #Potential Improvement: See if mike still works if only downloading the index.html file and versions.json rather than the entire previous website.
+      - name: Configure AWS Test Credentials
+        if: ${{ github.event.inputs.testing == 'true' }}
+        uses: aws-actions/configure-aws-credentials@v4
+        with: 
+          audience: sts.amazonaws.com
+          aws-region: us-east-1
+          role-to-assume: arn:aws:iam::185921645874:role/UpdateWebsite
+          role-session-name: UpdateWebsite
+
+      - name: Configure Deployment AWS Credentials
+        if: ${{ github.event_name != 'pull_request' && github.event.inputs.testing != 'true' }}
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: us-east-2
+
       - name: Sync gh-pages
         env: 
           TESTING: ${{ github.event.inputs.testing }}