🚀 Maven Flow for Unibeam

2025-12-172025-12-17

This page describes the Maven build and artifact retrieval process for Unibeam, leveraging GitHub Actions and AWS S3 with IAM AssumeRole for secure access.

TOC

• 🛠️ Build & Artifact Flow

---

🏗️ Maven Build & Artifact Flow

Build & Artifact Flow

flowchart LR
    GH_Action["GitHub Actions Workflow"] -->|Assume IAM Role| AWS_S3["AWS S3 (Artifact Repo)"]
    AWS_S3 -->|Fetch Artifacts| Maven_Build["Maven Build"]
    Maven_Build -->|Deploy| Unibeam_Env["Unibeam Environment"]

Artifact Storage

All Maven build artifacts are stored in the AWS S3 bucket:
s3://unibeam-maven-repo

---

🔑 IAM Policy for Artifact Access

To enable GitHub Actions to fetch artifacts from S3, attach the following IAM policy to the role being assumed:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:GetObject",
                "s3:ListBucket"
            ],
            "Resource": [
                "arn:aws:s3:::unibeam-maven-repo",
                "arn:aws:s3:::unibeam-maven-repo/*"
            ]
        }
    ]
}

AssumeRole Usage

The GitHub Actions workflow uses AWS credentials with AssumeRole to securely access the S3 bucket and retrieve Maven artifacts.

---

📚 Reference

• AWS S3 Documentation