Description:

During the deployment I have encountered an error stating that the OpenID Connect (OIDC) provider or the IAM role already exists. This issue arose when I have set up the OIDC provider and the IAM role for GitHub Actions manually on AWS, because that is what I have understood is expected and it would not work otherwise.

My steps

I have changed the id in sst.yml:

    steps:
      - uses: actions/checkout@v4
      - name: Configure AWS credentials
        uses: aws-actions/configure-aws-credentials@v4
        with:
          role-to-assume: arn:aws:iam::[ID]:role/GitHub
          aws-region: us-east-1

I have received an error:

GitHub/Resource: Received response status [FAILED] from custom resource. Message returned: EntityAlreadyExistsException: Provider with url https://token.actions.githubusercontent.com/ already exists.

using the initial code inProdStack.ts:

const provider = new OpenIdConnectProvider(stack, "GitHub", {
  url: "https://token.actions.githubusercontent.com",
  clientIds: ["sts.amazonaws.com"],
});

new Role(stack, "GitHubActionsRole", {
  assumedBy: new OpenIdConnectPrincipal(provider).withConditions({
    StringLike: {
      "token.actions.githubusercontent.com:sub":
        `repo:daohoangson/bubby:*`,
    },
  }),
  description: "Role assumed for deploying from GitHub CI using AWS CDK",
  managedPolicies: [
    ManagedPolicy.fromAwsManagedPolicyName("AdministratorAccess"),
  ],
  roleName: "GitHub",
});

To resolve the error, I have adjusted the code in ProdStack.ts to use an existing OIDC provider and created a new IAM role:

const existingProviderArn = "arn:aws:iam::[ID]:oidc-provider/token.actions.githubusercontent.com";

const provider = OpenIdConnectProvider.fromOpenIdConnectProviderArn(stack, "GitHub", existingProviderArn);

new Role(stack, "GitHubActionsRole", {
  assumedBy: new OpenIdConnectPrincipal(provider).withConditions({
    StringLike: {
      "token.actions.githubusercontent.com:sub":
        `repo:[NAME]/bubby:*`,
    },
  }),
  description: "Role assumed for deploying from GitHub CI using AWS CDK",
  managedPolicies: [
    ManagedPolicy.fromAwsManagedPolicyName("AdministratorAccess"),
  ],
  roleName: "GitHubNew",
});

With adjusted code I have managed to deploy successfully. However, I am just curious what have I done wrong when setting up the app with the initial code. Thanks in advance. PS Might be useful to describe these steps in readme.

Hi!

I tried your bot and I ended up getting an error when I message the bot:

  Error: Do I know you? #xxxxxxxxxx
       at assistantThreadIdUpsert (/root/bubby/packages/core/src/3rdparty/openai/assistant_thread.ts:46:11)
       at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
       at sendReplies (/root/bubby/packages/core/src/handlers/reply_to_chat.ts:31:20)
       at allReplies (/root/bubby/packages/core/src/3rdparty/telegram/webhook.ts:59:3)
       at <anonymous> (/root/bubby/packages/core/src/3rdparty/telegram/webhook.ts:26:5)
       at execute (/root/bubby/node_modules/.pnpm/[email protected]/node_modules/telegraf/lib/composer.js:501:17)
       at <anonymous> (/root/bubby/node_modules/.pnpm/[email protected]/node_modules/telegraf/lib/composer.js:502:21)
       at execute (/root/bubby/node_modules/.pnpm/[email protected]/node_modules/telegraf/lib/composer.js:501:17)
       at execute (/root/bubby/node_modules/.pnpm/[email protected]/node_modules/telegraf/lib/composer.js:501:17)
       at <anonymous> (/root/bubby/node_modules/.pnpm/[email protected]/node_modules/p-timeout/index.js:50:13)

Where do I configure the whitelist of users, that are allowed to use the bot?

Thanks!

Kamil

Please consider adding support for accessing existing threads via id.

Sending .m4a file from Voice Memos for transcription results in an error: "Invalid file format. Supported formats: ['flac', 'm4a', 'mp3', 'mp4', 'mpeg', 'mpga', 'oga', 'ogg', 'wav', 'webm']".

What is the use case for whisper? I've figured sending a voice message results in tts response, but could not for whisper.