.github/workflows/empty-stampy-buckets.yml

name: Empty Stampy signed and unsigned buckets
on:
  workflow_dispatch

jobs:
  empty-stampy-buckets:
    runs-on: ubuntu-latest
    environment: Stampy
    steps:
      - uses: actions/checkout@v3
      - name: Empty Stampy signed and unsigned buckets
        env:
          STAMPY_ARN: ${{ secrets.STAMPY_ARN }}
          STAMPY_UNSIGNED_BUCKET: ${{ secrets.STAMPY_UNSIGNED_BUCKET }}
          STAMPY_SIGNED_BUCKET: ${{ secrets.STAMPY_SIGNED_BUCKET }}
          AWS_ACCESS_KEY_ID: ${{secrets.AWS_ACCESS_KEY_ID}}
          AWS_SECRET_ACCESS_KEY: ${{secrets.AWS_SECRET_ACCESS_KEY}}
          AWS_EC2_METADATA_DISABLED: true
        run: |
          ACCOUNT_ID=$(aws sts get-caller-identity | jq -r '.Account')
          TEMP_ROLE=$(aws sts assume-role --role-arn $STAMPY_ARN --role-session-name artifact-signing)
          export AWS_ACCESS_KEY_ID=$(echo "${TEMP_ROLE}" | jq -r '.Credentials.AccessKeyId')
          export AWS_SECRET_ACCESS_KEY=$(echo "${TEMP_ROLE}" | jq -r '.Credentials.SecretAccessKey')
          export AWS_SESSION_TOKEN=$(echo "${TEMP_ROLE}" | jq -r '.Credentials.SessionToken')
          node ./scripts/stampy/empty-stampy-buckets.js