Support multiple profiles

aws-actions · Jan 25, 2023 · 6237a9c · 6237a9c
1 parent 3654529
commit 6237a9c
Show file tree

Hide file tree

Showing 11 changed files with 6,556 additions and 1,170 deletions.
diff --git a/.prettierrc b/.prettierrc
@@ -0,0 +1,8 @@
+{
+  "singleQuote": false,
+  "arrowParens": "always",
+  "trailingComma": "all",
+  "printWidth": 120,
+  "bracketSpacing": true,
+  "semi": true
+}
diff --git a/README.md b/README.md
diff --git a/__snapshots__/index.test.js.snap b/__snapshots__/index.test.js.snap
@@ -0,0 +1,74 @@
+// Jest Snapshot v1, https://goo.gl/fbAQLP
+
+exports[`Configure AWS Credentials Profile Support add new profile if credentials file already exists 1`] = `
+"[profile default]
+region=fake-region-1
+
+[profile test-profile]
+region=fake-region-1
+role_arn=arn:aws:iam::111111111111:role/MY-ROLE
+role_session_name=GitHubActions
+"
+`;
+
+exports[`Configure AWS Credentials Profile Support add new profile if credentials file already exists 2`] = `
+"[default]
+aws_access_key=STS-AWS-ACCESS-KEY-ID
+aws_secret_access_key=STS-AWS-SECRET-ACCESS-KEY
+aws_session_token=STS-AWS-SESSION-TOKEN
+
+[test-profile]
+aws_access_key_id=STS-AWS-ACCESS-KEY-ID
+aws_secret_access_key=STS-AWS-SECRET-ACCESS-KEY
+aws_session_token=STS-AWS-SESSION-TOKEN
+"
+`;
+
+exports[`Configure AWS Credentials Profile Support only role arn and region provided to use GH OIDC Token 1`] = `
+"[profile test-profile]
+region=fake-region-1
+role_arn=arn:aws:iam::111111111111:role/MY-ROLE
+role_session_name=GitHubActions
+"
+`;
+
+exports[`Configure AWS Credentials Profile Support only role arn and region provided to use GH OIDC Token 2`] = `
+"[test-profile]
+aws_access_key_id=STS-AWS-ACCESS-KEY-ID
+aws_secret_access_key=STS-AWS-SECRET-ACCESS-KEY
+aws_session_token=STS-AWS-SESSION-TOKEN
+"
+`;
+
+exports[`Configure AWS Credentials Profile Support use profile and save credentials file 1`] = `
+"[profile test-profile]
+region=fake-region-1
+role_arn=arn:aws:iam::111111111111:role/MY-ROLE
+role_session_name=GitHubActions
+"
+`;
+
+exports[`Configure AWS Credentials Profile Support use profile and save credentials file 2`] = `
+"[test-profile]
+aws_access_key_id=STS-AWS-ACCESS-KEY-ID
+aws_secret_access_key=STS-AWS-SECRET-ACCESS-KEY
+aws_session_token=STS-AWS-SESSION-TOKEN
+"
+`;
+
+exports[`Configure AWS Credentials Profile Support web identity token file provided with relative path 1`] = `
+"[profile test-profile]
+region=fake-region-1
+web_identity_token_file=fake/token/file
+role_arn=arn:aws:iam::111111111111:role/MY-ROLE
+role_session_name=GitHubActions
+"
+`;
+
+exports[`Configure AWS Credentials Profile Support web identity token file provided with relative path 2`] = `
+"[test-profile]
+aws_access_key_id=STS-AWS-ACCESS-KEY-ID
+aws_secret_access_key=STS-AWS-SECRET-ACCESS-KEY
+aws_session_token=STS-AWS-SESSION-TOKEN
+"
+`;
diff --git a/action.yml b/action.yml
@@ -1,12 +1,12 @@
 name: '"Configure AWS Credentials" Action For GitHub Actions'
-description: 'Configure AWS credential and region environment variables for use with the AWS CLI and AWS SDKs'
+description: "Configure AWS credential and region environment variables for use with the AWS CLI and AWS SDKs"
 branding:
-  icon: 'cloud'
-  color: 'orange'
+  icon: "cloud"
+  color: "orange"
 inputs:
   audience:
-    default: 'sts.amazonaws.com'
-    description: 'The audience to use for the OIDC provider'
+    default: "sts.amazonaws.com"
+    description: "The audience to use for the OIDC provider"
     required: false
   aws-access-key-id:
     description: >-
@@ -20,11 +20,14 @@ inputs:
       It is optional if running in a self-hosted environment that already has AWS credentials,
       for example on an EC2 instance.
     required: false
+  aws-profile:
+    description: "AWS Profile"
+    required: false
   aws-session-token:
-    description: 'AWS Session Token'
+    description: "AWS Session Token"
     required: false
   aws-region:
-    description: 'AWS Region, e.g. us-east-2'
+    description: "AWS Region, e.g. us-east-2"
     required: true
   mask-aws-account-id:
     description: >-
@@ -47,20 +50,20 @@ inputs:
     description: "Role duration in seconds (default: 6 hours, 1 hour for OIDC/specified aws-session-token)"
     required: false
   role-session-name:
-    description: 'Role session name (default: GitHubActions)'
+    description: "Role session name (default: GitHubActions)"
     required: false
   role-external-id:
-    description: 'The external ID of the role to assume'
+    description: "The external ID of the role to assume"
     required: false
   role-skip-session-tagging:
-    description: 'Skip session tagging during role assumption'
+    description: "Skip session tagging during role assumption"
     required: false
   http-proxy:
-    description: 'Proxy to use for the AWS SDK agent'
+    description: "Proxy to use for the AWS SDK agent"
     required: false
 outputs:
   aws-account-id:
-    description: 'The AWS account ID for the provided credentials'
+    description: "The AWS account ID for the provided credentials"
 runs:
   using: 'node12'
   main: 'dist/index.js'

diff --git a/cleanup.js b/cleanup.js
@@ -1,4 +1,5 @@
-const core = require('@actions/core');
+const core = require("@actions/core");
+const fs = require("fs");
 
 /**
  * When the GitHub Actions job is done, clean up any environment variables that
@@ -17,13 +18,14 @@ async function cleanup() {
     // environment variables, so we overwrite the current value with an empty
     // string. The AWS CLI and AWS SDKs will behave correctly: they treat an
     // empty string value as if the environment variable does not exist.
-    core.exportVariable('AWS_ACCESS_KEY_ID', '');
-    core.exportVariable('AWS_SECRET_ACCESS_KEY', '');
-    core.exportVariable('AWS_SESSION_TOKEN', '');
-    core.exportVariable('AWS_DEFAULT_REGION', '');
-    core.exportVariable('AWS_REGION', '');
-  }
-  catch (error) {
+    core.exportVariable("AWS_ACCESS_KEY_ID", "");
+    core.exportVariable("AWS_SECRET_ACCESS_KEY", "");
+    core.exportVariable("AWS_SESSION_TOKEN", "");
+    core.exportVariable("AWS_DEFAULT_REGION", "");
+    core.exportVariable("AWS_REGION", "");
+
+    fs.rmSync(`${process.env.HOME}/.aws`, { force: true, recursive: true });
+  } catch (error) {
     core.setFailed(error.message);
   }
 }

diff --git a/dist/cleanup/index.js b/dist/cleanup/index.js
@@ -5,6 +5,7 @@
 /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => {
 
 const core = __nccwpck_require__(186);
+const fs = __nccwpck_require__(147);
 
 /**
  * When the GitHub Actions job is done, clean up any environment variables that
@@ -23,13 +24,14 @@ async function cleanup() {
     // environment variables, so we overwrite the current value with an empty
     // string. The AWS CLI and AWS SDKs will behave correctly: they treat an
     // empty string value as if the environment variable does not exist.
-    core.exportVariable('AWS_ACCESS_KEY_ID', '');
-    core.exportVariable('AWS_SECRET_ACCESS_KEY', '');
-    core.exportVariable('AWS_SESSION_TOKEN', '');
-    core.exportVariable('AWS_DEFAULT_REGION', '');
-    core.exportVariable('AWS_REGION', '');
-  }
-  catch (error) {
+    core.exportVariable("AWS_ACCESS_KEY_ID", "");
+    core.exportVariable("AWS_SECRET_ACCESS_KEY", "");
+    core.exportVariable("AWS_SESSION_TOKEN", "");
+    core.exportVariable("AWS_DEFAULT_REGION", "");
+    core.exportVariable("AWS_REGION", "");
+
+    fs.rmSync(`${process.env.HOME}/.aws`, { force: true, recursive: true });
+  } catch (error) {
     core.setFailed(error.message);
   }
 }