schmalz/shared-actions
15
0
Fork 0
Code Issues Pull requests 1 Releases Packages Activity Actions

feat: add aws configure action

Browse source
This commit is contained in:
Markus.Opahle@schmalz.de 2026-04-24 16:00:20 +02:00
parent 03b8c38053
commit 6e4477c9a5
2 changed files with 70 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

25
aws-configure copy/README.md Normal file
View file

@ -0,0 +1,25 @@
# aws-configure
Authenticate with AWS via OIDC and export credentials to the environment.
## Inputs
| Input | Required | Default | Description |
|-------|----------|---------|-------------|
| `role-arn` | Yes | | Full IAM role ARN |
| `aws-profile` | No | `default` | Profile name written to `~/.aws/config` |
| `region` | No | `eu-central-1` | AWS region |
## Usage
```yaml
- uses: schmalz/shared-actions/.github/actions/aws-configure@v1
with:
role-arn: arn:aws:iam::123456789012:role/my-role
```
## Notes
- Requires `enable-openid-connect: true` on the Forgejo runner job.
- Credentials are exported via `$FORGEJO_ENV` so subsequent steps can use them.
- When `aws-profile` is not `default`, a named AWS CLI profile is also configured.

45
aws-configure copy/action.yml Normal file
View file

@ -0,0 +1,45 @@
name: aws-configure
description: Authenticate with AWS via OIDC
inputs:
role-arn:
description: Full IAM role ARN
required: true
aws-profile:
description: Profile name written to ~/.aws/config
required: false
default: default
region:
description: AWS region
required: false
default: eu-central-1
runs:
using: composite
steps:
- run: |
OIDC_TOKEN=$(curl -sf \
-H "Authorization: bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" \
"$ACTIONS_ID_TOKEN_REQUEST_URL&audience=sts.amazonaws.com" | jq -r .value)
CREDS=$(aws sts assume-role-with-web-identity \
--role-arn "$INPUT_ROLE_ARN" \
--role-session-name forgejo-ci \
--web-identity-token "$OIDC_TOKEN" \
--region "$INPUT_REGION" \
--query 'Credentials' --output json)
mkdir -p ~/.aws
echo "AWS_ACCESS_KEY_ID=$(echo $CREDS | jq -r .AccessKeyId)" >> $FORGEJO_ENV
echo "AWS_SECRET_ACCESS_KEY=$(echo $CREDS | jq -r .SecretAccessKey)" >> $FORGEJO_ENV
echo "AWS_SESSION_TOKEN=$(echo $CREDS | jq -r .SessionToken)" >> $FORGEJO_ENV
echo "AWS_DEFAULT_REGION=$INPUT_REGION" >> $FORGEJO_ENV
if [ "$INPUT_AWS_PROFILE" != "default" ]; then
aws configure set aws_access_key_id "$(echo $CREDS | jq -r .AccessKeyId)" --profile "$INPUT_AWS_PROFILE"
aws configure set aws_secret_access_key "$(echo $CREDS | jq -r .SecretAccessKey)" --profile "$INPUT_AWS_PROFILE"
aws configure set aws_session_token "$(echo $CREDS | jq -r .SessionToken)" --profile "$INPUT_AWS_PROFILE"
aws configure set region "$INPUT_REGION" --profile "$INPUT_AWS_PROFILE"
fi
shell: bash