Merge pull request #1 from step-security/staging

first commit

Author: ashishkurmi

.github/workflows/example.yml

@@ -0,0 +1,113 @@
+name: example
+on:
+  push:
+    branches:
+      - main
+jobs:
+  job:
+    runs-on: ubuntu-latest
+    timeout-minutes: 5
+    steps:
+      - uses: actions/checkout@v1
+      - name: Get DynamoDB Item
+        id: config
+        uses: step-security/dynamodb-actions@v1
+        env:
+          AWS_DEFAULT_REGION: us-east-1
+          AWS_REGION: us-east-1
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        with:
+          operation: get
+          region: us-east-1
+          table: dynamodb-actions-test
+          key: |
+            { key: "foo" }
+          consistent: false
+      - name: Print item
+        run: |
+          echo '${{ steps.config.outputs.item }}'
+      - name: Print specific field using built-in function
+        run: |
+          echo '${{ fromJson(steps.config.outputs.item).commit }}'
+      - name: Print specific field using jq
+        run: |
+          jq '.commit' <<< '${{ steps.config.outputs.item }}'
+      - name: Delete DynamoDB Item
+        uses: step-security/dynamodb-actions@v1
+        env:
+          AWS_DEFAULT_REGION: us-east-1
+          AWS_REGION: us-east-1
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        with:
+          operation: delete
+          region: us-east-1
+          table: dynamodb-actions-test
+          key: |
+            { key: "foo" }
+      - name: Put DynamoDB Item (JSON input)
+        uses: step-security/dynamodb-actions@v1
+        env:
+          AWS_DEFAULT_REGION: us-east-1
+          AWS_REGION: us-east-1
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        with:
+          operation: put
+          region: us-east-1
+          table: dynamodb-actions-test
+          item: |
+            {
+              key: "foo",
+              commit: "${{ github.sha }}",
+              value: "wow",
+              awesome: true,
+              stars: 12345
+            }
+      - name: Put DynamoDB Item (File Input)
+        uses: step-security/dynamodb-actions@v1
+        env:
+          AWS_DEFAULT_REGION: us-east-1
+          AWS_REGION: us-east-1
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        with:
+          operation: put
+          region: us-east-1
+          table: dynamodb-actions-test
+          file: fixtures/item.json
+      - name: BatchPut DynamoDB Item (JSON input)
+        uses: step-security/dynamodb-actions@v1
+        env:
+          AWS_DEFAULT_REGION: us-east-1
+          AWS_REGION: us-east-1
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        with:
+          operation: batch-put
+          region: us-east-1
+          table: dynamodb-actions-test
+          items: |
+            [{
+              key: "foo",
+              commit: "${{ github.sha }}",
+              value: "wow",
+              awesome: true,
+              stars: 12345
+            }, {
+              key: "bar",
+              value: "baz"
+            }]
+      - name: BatchPut DynamoDB Item (File Input)
+        uses: step-security/dynamodb-actions@v1
+        env:
+          AWS_DEFAULT_REGION: us-east-1
+          AWS_REGION: us-east-1
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        with:
+          operation: batch-put
+          region: us-east-1
+          table: dynamodb-actions-test
+          files: fixtures/*.json

.github/workflows/main.yml

@@ -0,0 +1,12 @@
+name: workflow
+on: [push, pull_request]
+jobs:
+  job:
+    runs-on: ubuntu-latest
+    container: node:20
+    steps:
+      - uses: actions/checkout@v1
+      - name: Prepare
+        run: npm ci
+      - name: Build
+        run: npm run build

.github/workflows/release.yml

@@ -0,0 +1,37 @@
+name: Release new action version
+on:
+  workflow_dispatch:
+    inputs:
+      TAG_NAME:
+        description: 'Tag name that the major tag will point to'
+        required: true
+
+env:
+  TAG_NAME: ${{ github.event.inputs.TAG_NAME || github.event.release.tag_name }}
+defaults:
+  run:
+    shell: pwsh
+
+permissions:
+  contents: read
+
+jobs:
+  update_tag:
+    name: Update the major tag to include the ${{ github.event.inputs.TAG_NAME || github.event.release.tag_name }} changes
+    # Remember to configure the releaseNewActionVersion environment with required approvers in the repository settings
+    environment:
+      name: releaseNewActionVersion
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    steps:
+      - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423
+        with:
+          egress-policy: audit
+
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
+
+      - name: Update the ${{ env.TAG_NAME }} tag
+        uses: step-security/publish-action@b438f840875fdcb7d1de4fc3d1d30e86cf6acb5d
+        with:
+          source-tag: ${{ env.TAG_NAME }}

Dockerfile

@@ -0,0 +1,12 @@
+FROM node:lts-alpine
+
+RUN mkdir -p /var/task/
+
+WORKDIR /var/task
+
+COPY package.json package-lock.json /var/task/
+RUN npm ci --production
+
+COPY entrypoint.sh dist /var/task/
+
+ENTRYPOINT ["/var/task/entrypoint.sh"]

LICENSE

@@ -18,4 +18,4 @@ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
+SOFTWARE.