Markus Opahle
5d6b2ce81b
Some checks failed
validate-shared-actions / validate-shared-actions (pull_request) Has been cancelled
45 lines
1.7 KiB
YAML
45 lines
1.7 KiB
YAML
name: aws-configure
|
|
description: Authenticate with AWS via OIDC
|
|
|
|
inputs:
|
|
role-arn:
|
|
description: Full IAM role ARN
|
|
required: true
|
|
aws-profile:
|
|
description: Profile name written to ~/.aws/config
|
|
required: false
|
|
default: default
|
|
region:
|
|
description: AWS region
|
|
required: false
|
|
default: eu-central-1
|
|
|
|
runs:
|
|
using: composite
|
|
steps:
|
|
- run: |
|
|
OIDC_TOKEN=$(curl -sf \
|
|
-H "Authorization: bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" \
|
|
"$ACTIONS_ID_TOKEN_REQUEST_URL&audience=sts.amazonaws.com" | jq -r .value)
|
|
|
|
CREDS=$(aws sts assume-role-with-web-identity \
|
|
--role-arn "$INPUT_ROLE_ARN" \
|
|
--role-session-name forgejo-ci \
|
|
--web-identity-token "$OIDC_TOKEN" \
|
|
--region "$INPUT_REGION" \
|
|
--query 'Credentials' --output json)
|
|
|
|
mkdir -p ~/.aws
|
|
|
|
echo "AWS_ACCESS_KEY_ID=$(echo $CREDS | jq -r .AccessKeyId)" >> $FORGEJO_ENV
|
|
echo "AWS_SECRET_ACCESS_KEY=$(echo $CREDS | jq -r .SecretAccessKey)" >> $FORGEJO_ENV
|
|
echo "AWS_SESSION_TOKEN=$(echo $CREDS | jq -r .SessionToken)" >> $FORGEJO_ENV
|
|
echo "AWS_DEFAULT_REGION=$INPUT_REGION" >> $FORGEJO_ENV
|
|
|
|
if [ "$INPUT_AWS_PROFILE" != "default" ]; then
|
|
aws configure set aws_access_key_id "$(echo $CREDS | jq -r .AccessKeyId)" --profile "$INPUT_AWS_PROFILE"
|
|
aws configure set aws_secret_access_key "$(echo $CREDS | jq -r .SecretAccessKey)" --profile "$INPUT_AWS_PROFILE"
|
|
aws configure set aws_session_token "$(echo $CREDS | jq -r .SessionToken)" --profile "$INPUT_AWS_PROFILE"
|
|
aws configure set region "$INPUT_REGION" --profile "$INPUT_AWS_PROFILE"
|
|
fi
|
|
shell: bash
|