forked from source-ag/codeartifact-login-action
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathaction.yml
More file actions
88 lines (83 loc) · 3.84 KB
/
action.yml
File metadata and controls
88 lines (83 loc) · 3.84 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
name: "AWS CodeArtifact login Action"
description: Github Action to fetch a token for AWS CodeArtifact and (optionally) retrieve a repository URL
inputs:
aws-access-key-id:
description: AWS Access Key ID
required: true
aws-secret-access-key:
description: AWS Secret Access Key
required: true
aws-region:
description: AWS Region, e.g. eu-central-1
required: true
role-to-assume:
description: IAM Role to assume that has access to CodeArtifact
required: false
codeartifact-domain:
description: CodeArtifact domain to which the package repository belongs
required: true
codeartifact-domain-owner:
description: Owner (AWS Account) of the CodeArtifact domain
required: true
codeartifact-repository:
description: CodeArtifact repository for which to optionally fetch the URL
required: false
configure-pip:
description: Configure pip with temporary CodeArtifact credentials
required: false
default: "false"
configure-poetry:
description: Configure Poetry with temporary CodeArtifact credentials
required: false
default: "false"
configure-uv:
description: Configure uv with temporary CodeArtifact credentials
required: false
default: "false"
outputs:
codeartifact-token:
description: "Temporary token to authenticate with AWS CodeArtifact repositories"
value: ${{ steps.codeartifact-metadata.outputs.codeartifact-token }}
codeartifact-user:
description: "Username for usage with package tools such as pip and Poetry"
value: "aws"
codeartifact-repo-url:
description: "URL for the specified repository"
value: ${{ steps.codeartifact-metadata.outputs.codeartifact-repo-url }}
runs:
using: "composite"
steps:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ inputs.aws-access-key-id }}
aws-secret-access-key: ${{ inputs.aws-secret-access-key }}
aws-region: ${{ inputs.aws-region }}
role-to-assume: ${{ inputs.role-to-assume }}
role-duration-seconds: 3600
role-skip-session-tagging: true
- name: Fetch CodeArtifact metadata
id: codeartifact-metadata
shell: bash
run: |
echo "codeartifact-token=$(aws codeartifact get-authorization-token --domain ${{ inputs.codeartifact-domain }} --domain-owner ${{ inputs.codeartifact-domain-owner }} --query authorizationToken --output text)" >> $GITHUB_OUTPUT
if [ -n "${{ inputs.codeartifact-repository }}" ]; then
echo "codeartifact-repo-url=$(aws codeartifact get-repository-endpoint --domain ${{ inputs.codeartifact-domain }} --domain-owner ${{ inputs.codeartifact-domain-owner }} --repository ${{ inputs.codeartifact-repository }} --format pypi --query repositoryEndpoint --output text)" >> $GITHUB_OUTPUT
fi
- name: Configure pip
shell: bash
if: ${{ inputs.configure-pip == 'true' }}
run: aws codeartifact login --tool pip --domain ${{ inputs.codeartifact-domain }} --domain-owner ${{ inputs.codeartifact-domain-owner }} --repository ${{ inputs.codeartifact-repository }}
- name: Configure poetry
shell: bash
if: ${{ inputs.configure-poetry == 'true' }}
run: |
poetry config repositories.${{ inputs.codeartifact-repository }} ${{ steps.codeartifact-metadata.outputs.codeartifact-repo-url }}
poetry config http-basic.${{ inputs.codeartifact-repository }} aws ${{ steps.codeartifact-metadata.outputs.codeartifact-token }}
- name: Configure uv
shell: bash
if: ${{ inputs.configure-uv == 'true' }}
run: |
TOKEN=${{ steps.codeartifact-metadata.outputs.codeartifact-token }}
URL=$(echo ${{ steps.codeartifact-metadata.outputs.codeartifact-repo-url }} | sed 's/^https:\/\///')
echo "UV_EXTRA_INDEX_URL=https://aws:${TOKEN}@${URL}simple" >> $GITHUB_ENV