Add support for aws session token (#16)

* Added support for supplying session token * Update build * Updated documentation * Updated readme
whywaita · Dec 29, 2023 · c43c7a3 · c43c7a3
1 parent 9b747ac
commit c43c7a3
Show file tree

Hide file tree

Showing 8 changed files with 31 additions and 9 deletions.
diff --git a/README.md b/README.md
@@ -4,6 +4,8 @@
 
 This Action provides Amazon Web Services S3 backend (and compatible software) for @actions/cache.
 
+It supports assuming credentials from `aws-actions/configure-aws-credentials` directly from `env`, or you can supply them through inputs.
+
 ## Usage
 
 ```yaml
@@ -19,10 +21,11 @@ This Action provides Amazon Web Services S3 backend (and compatible software) fo
     aws-s3-bucket: ${{ secrets.AWS_S3_BUCKET_NAME }}
     aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
     aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-    aws-region: us-east-1                      # Optional
-    aws-endpoint: https://example.com          # Optional
-    aws-s3-bucket-endpoint: false              # Optional
-    aws-s3-force-path-style: true              # Optional
+    aws-session-token: ${{ secrets.AWS_SESSION_TOKEN }} # Optionally supply session token from aws-actions/configure-aws-credentials
+    aws-region: us-east-1                               # Optional
+    aws-endpoint: https://example.com                   # Optional
+    aws-s3-bucket-endpoint: false                       # Optional
+    aws-s3-force-path-style: true                       # Optional
 ```
 
 Please see [actions.yml](https://github.com/whywaita/actions-cache-s3/blob/main/action.yml) about input parameters.

diff --git a/action.yml b/action.yml
@@ -35,6 +35,9 @@ inputs:
   aws-secret-access-key:
     description: 'An AWS secret access key to access the bucket'
     required: false
+  aws-session-token:
+    description: 'An AWS session token to access the bucket'
+    required: false
   aws-region:
     description: 'An AWS region where the bucket is located'
     required: false

diff --git a/dist/restore-only/index.js b/dist/restore-only/index.js
@@ -15855,7 +15855,9 @@ function getInputS3ClientConfig() {
             accessKeyId: core.getInput(constants_1.Inputs.AWSAccessKeyId) ||
                 process.env["AWS_ACCESS_KEY_ID"],
             secretAccessKey: core.getInput(constants_1.Inputs.AWSSecretAccessKey) ||
-                process.env["AWS_SECRET_ACCESS_KEY"]
+                process.env["AWS_SECRET_ACCESS_KEY"],
+            sessionToken: core.getInput(constants_1.Inputs.AWSSessionToken) ||
+                process.env["AWS_SESSION_TOKEN"]
         },
         region: core.getInput(constants_1.Inputs.AWSRegion) || process.env["AWS_REGION"],
         endpoint: core.getInput(constants_1.Inputs.AWSEndpoint),
@@ -46971,6 +46973,7 @@ var Inputs;
     Inputs["AWSS3Bucket"] = "aws-s3-bucket";
     Inputs["AWSAccessKeyId"] = "aws-access-key-id";
     Inputs["AWSSecretAccessKey"] = "aws-secret-access-key";
+    Inputs["AWSSessionToken"] = "aws-session-token";
     Inputs["AWSRegion"] = "aws-region";
     Inputs["AWSEndpoint"] = "aws-endpoint";
     Inputs["AWSS3BucketEndpoint"] = "aws-s3-bucket-endpoint";

diff --git a/dist/restore/index.js b/dist/restore/index.js
@@ -15855,7 +15855,9 @@ function getInputS3ClientConfig() {
             accessKeyId: core.getInput(constants_1.Inputs.AWSAccessKeyId) ||
                 process.env["AWS_ACCESS_KEY_ID"],
             secretAccessKey: core.getInput(constants_1.Inputs.AWSSecretAccessKey) ||
-                process.env["AWS_SECRET_ACCESS_KEY"]
+                process.env["AWS_SECRET_ACCESS_KEY"],
+            sessionToken: core.getInput(constants_1.Inputs.AWSSessionToken) ||
+                process.env["AWS_SESSION_TOKEN"]
         },
         region: core.getInput(constants_1.Inputs.AWSRegion) || process.env["AWS_REGION"],
         endpoint: core.getInput(constants_1.Inputs.AWSEndpoint),
@@ -46971,6 +46973,7 @@ var Inputs;
     Inputs["AWSS3Bucket"] = "aws-s3-bucket";
     Inputs["AWSAccessKeyId"] = "aws-access-key-id";
     Inputs["AWSSecretAccessKey"] = "aws-secret-access-key";
+    Inputs["AWSSessionToken"] = "aws-session-token";
     Inputs["AWSRegion"] = "aws-region";
     Inputs["AWSEndpoint"] = "aws-endpoint";
     Inputs["AWSS3BucketEndpoint"] = "aws-s3-bucket-endpoint";

diff --git a/dist/save-only/index.js b/dist/save-only/index.js
@@ -15855,7 +15855,9 @@ function getInputS3ClientConfig() {
             accessKeyId: core.getInput(constants_1.Inputs.AWSAccessKeyId) ||
                 process.env["AWS_ACCESS_KEY_ID"],
             secretAccessKey: core.getInput(constants_1.Inputs.AWSSecretAccessKey) ||
-                process.env["AWS_SECRET_ACCESS_KEY"]
+                process.env["AWS_SECRET_ACCESS_KEY"],
+            sessionToken: core.getInput(constants_1.Inputs.AWSSessionToken) ||
+                process.env["AWS_SESSION_TOKEN"]
         },
         region: core.getInput(constants_1.Inputs.AWSRegion) || process.env["AWS_REGION"],
         endpoint: core.getInput(constants_1.Inputs.AWSEndpoint),
@@ -46971,6 +46973,7 @@ var Inputs;
     Inputs["AWSS3Bucket"] = "aws-s3-bucket";
     Inputs["AWSAccessKeyId"] = "aws-access-key-id";
     Inputs["AWSSecretAccessKey"] = "aws-secret-access-key";
+    Inputs["AWSSessionToken"] = "aws-session-token";
     Inputs["AWSRegion"] = "aws-region";
     Inputs["AWSEndpoint"] = "aws-endpoint";
     Inputs["AWSS3BucketEndpoint"] = "aws-s3-bucket-endpoint";

diff --git a/dist/save/index.js b/dist/save/index.js
@@ -15855,7 +15855,9 @@ function getInputS3ClientConfig() {
             accessKeyId: core.getInput(constants_1.Inputs.AWSAccessKeyId) ||
                 process.env["AWS_ACCESS_KEY_ID"],
             secretAccessKey: core.getInput(constants_1.Inputs.AWSSecretAccessKey) ||
-                process.env["AWS_SECRET_ACCESS_KEY"]
+                process.env["AWS_SECRET_ACCESS_KEY"],
+            sessionToken: core.getInput(constants_1.Inputs.AWSSessionToken) ||
+                process.env["AWS_SESSION_TOKEN"]
         },
         region: core.getInput(constants_1.Inputs.AWSRegion) || process.env["AWS_REGION"],
         endpoint: core.getInput(constants_1.Inputs.AWSEndpoint),
@@ -46971,6 +46973,7 @@ var Inputs;
     Inputs["AWSS3Bucket"] = "aws-s3-bucket";
     Inputs["AWSAccessKeyId"] = "aws-access-key-id";
     Inputs["AWSSecretAccessKey"] = "aws-secret-access-key";
+    Inputs["AWSSessionToken"] = "aws-session-token";
     Inputs["AWSRegion"] = "aws-region";
     Inputs["AWSEndpoint"] = "aws-endpoint";
     Inputs["AWSS3BucketEndpoint"] = "aws-s3-bucket-endpoint";

diff --git a/src/constants.ts b/src/constants.ts
@@ -9,6 +9,7 @@ export enum Inputs {
     AWSS3Bucket = "aws-s3-bucket",
     AWSAccessKeyId = "aws-access-key-id",
     AWSSecretAccessKey = "aws-secret-access-key",
+    AWSSessionToken = "aws-session-token",
     AWSRegion = "aws-region",
     AWSEndpoint = "aws-endpoint",
     AWSS3BucketEndpoint = "aws-s3-bucket-endpoint",

diff --git a/src/utils/actionUtils.ts b/src/utils/actionUtils.ts
@@ -93,7 +93,10 @@ export function getInputS3ClientConfig(): S3ClientConfig | undefined {
                 process.env["AWS_ACCESS_KEY_ID"],
             secretAccessKey:
                 core.getInput(Inputs.AWSSecretAccessKey) ||
-                process.env["AWS_SECRET_ACCESS_KEY"]
+                process.env["AWS_SECRET_ACCESS_KEY"],
+            sessionToken:
+                core.getInput(Inputs.AWSSessionToken) ||
+                process.env["AWS_SESSION_TOKEN"]
         },
         region: core.getInput(Inputs.AWSRegion) || process.env["AWS_REGION"],
         endpoint: core.getInput(Inputs.AWSEndpoint),