✨ feat: Add www to cloudflare pages (#105)

Co-authored-by: --global <--global> Add our website to cloudflare pages
2025-12-12 16:55:37 +02:00 · 2024-09-03 06:55:51 +03:00
parent 62b7a841ed
commit e2e5497c62
44 changed files with 243 additions and 47 deletions
--- a/infra/github.ts
+++ b/infra/github.ts
@@ -0,0 +1,38 @@
+import { isPermanentStage } from "./stage";
+
+if (isPermanentStage) {
+  const github = new aws.iam.OpenIdConnectProvider("GithubProvider", {
+    url: "https://token.actions.githubusercontent.com",
+    clientIdLists: ["sts.amazonaws.com"],
+    thumbprintLists: [
+      "6938fd4d98bab03faadb97b34396831e3780aea1",
+      "1c58a3a8518e8759bf075b76b750d4f2df264fcd",
+    ],
+  });
+
+  const githubRole = new aws.iam.Role("GithubRole", {
+    name: [$app.name, $app.stage, "github"].join("-"),
+    assumeRolePolicy: {
+      Version: "2012-10-17",
+      Statement: [
+        {
+          Effect: "Allow",
+          Principal: {
+            Federated: github.arn,
+          },
+          Action: "sts:AssumeRoleWithWebIdentity",
+          Condition: {
+            StringLike: github.url.apply((url) => ({
+              [`${url}:sub`]: "repo:nestriness/nestri:*",
+            })),
+          },
+        },
+      ],
+    },
+  });
+  
+  new aws.iam.RolePolicyAttachment("GithubRolePolicy", {
+    policyArn: "arn:aws:iam::aws:policy/AdministratorAccess",
+    role: githubRole.name,
+  });
+}