From 15f02495faa865961a4c67fab22b4f34ba98d13c Mon Sep 17 00:00:00 2001
From: Tom Keller <kellertk@amazon.com>
Date: Tue, 12 May 2026 16:04:31 -0700
Subject: [PATCH] feat: add github_action to ua string

---
 dist/index.js      | 26 +++++++++++---------------
 src/helpers.ts     | 26 +++++++++++---------------
 test/index.test.ts | 32 ++++++++++++++++++++------------
 3 files changed, 42 insertions(+), 42 deletions(-)

diff --git a/dist/index.js b/dist/index.js
index 727312e..aa0f052 100644
--- a/dist/index.js
+++ b/dist/index.js
@@ -71011,24 +71011,20 @@ var MAX_TAG_VALUE_LENGTH = 256;
 var SANITIZATION_CHARACTER = "_";
 var SPECIAL_CHARS_REGEX = /[!@#$%^&*()_+\-=[\]{};':"\\|,.<>/?]+/;
 var USER_AGENT_PREFIX = "configure-aws-credentials-for-github-actions";
-var RUN_ID_PATTERN = /^[0-9]{1,20}$/;
-var ATTEMPT_PATTERN = /^[0-9]{1,10}$/;
+var UA_FIELDS = [
+  { env: "GITHUB_ACTION", label: "action", pattern: /^[A-Za-z0-9_-]{1,128}$/ },
+  { env: "GITHUB_RUN_ID", label: "run_id", pattern: /^[0-9]{1,20}$/ },
+  { env: "GITHUB_RUN_ATTEMPT", label: "attempt", pattern: /^[0-9]{1,10}$/ }
+];
 function buildCustomUserAgent() {
   const tokens = [[USER_AGENT_PREFIX]];
-  const runId = process.env.GITHUB_RUN_ID;
-  const attempt = process.env.GITHUB_RUN_ATTEMPT;
-  if (runId !== void 0) {
-    if (RUN_ID_PATTERN.test(runId)) {
-      tokens.push(["md", `run_id#${runId}`]);
+  for (const { env, label, pattern } of UA_FIELDS) {
+    const value = process.env[env];
+    if (value === void 0) continue;
+    if (pattern.test(value)) {
+      tokens.push(["md", `${label}#${value}`]);
     } else {
-      warning("GITHUB_RUN_ID has unexpected format; omitting from User-Agent");
-    }
-  }
-  if (attempt !== void 0) {
-    if (ATTEMPT_PATTERN.test(attempt)) {
-      tokens.push(["md", `attempt#${attempt}`]);
-    } else {
-      warning("GITHUB_RUN_ATTEMPT has unexpected format; omitting from User-Agent");
+      warning(`${env} has unexpected format; omitting from User-Agent`);
     }
   }
   return tokens;
diff --git a/src/helpers.ts b/src/helpers.ts
index 8e9519d..7fa5298 100644
--- a/src/helpers.ts
+++ b/src/helpers.ts
@@ -8,25 +8,21 @@ const MAX_TAG_VALUE_LENGTH = 256;
 const SANITIZATION_CHARACTER = '_';
 const SPECIAL_CHARS_REGEX = /[!@#$%^&*()_+\-=[\]{};':"\\|,.<>/?]+/;
 const USER_AGENT_PREFIX = 'configure-aws-credentials-for-github-actions';
-const RUN_ID_PATTERN = /^[0-9]{1,20}$/;
-const ATTEMPT_PATTERN = /^[0-9]{1,10}$/;
+const UA_FIELDS: ReadonlyArray<{ env: string; label: string; pattern: RegExp }> = [
+  { env: 'GITHUB_ACTION', label: 'action', pattern: /^[A-Za-z0-9_-]{1,128}$/ },
+  { env: 'GITHUB_RUN_ID', label: 'run_id', pattern: /^[0-9]{1,20}$/ },
+  { env: 'GITHUB_RUN_ATTEMPT', label: 'attempt', pattern: /^[0-9]{1,10}$/ },
+];
 
 export function buildCustomUserAgent(): UserAgent {
   const tokens: UserAgent = [[USER_AGENT_PREFIX]];
-  const runId = process.env.GITHUB_RUN_ID;
-  const attempt = process.env.GITHUB_RUN_ATTEMPT;
-  if (runId !== undefined) {
-    if (RUN_ID_PATTERN.test(runId)) {
-      tokens.push(['md', `run_id#${runId}`]);
+  for (const { env, label, pattern } of UA_FIELDS) {
+    const value = process.env[env];
+    if (value === undefined) continue;
+    if (pattern.test(value)) {
+      tokens.push(['md', `${label}#${value}`]);
     } else {
-      core.warning('GITHUB_RUN_ID has unexpected format; omitting from User-Agent');
-    }
-  }
-  if (attempt !== undefined) {
-    if (ATTEMPT_PATTERN.test(attempt)) {
-      tokens.push(['md', `attempt#${attempt}`]);
-    } else {
-      core.warning('GITHUB_RUN_ATTEMPT has unexpected format; omitting from User-Agent');
+      core.warning(`${env} has unexpected format; omitting from User-Agent`);
     }
   }
   return tokens;
diff --git a/test/index.test.ts b/test/index.test.ts
index 02184c0..be424d8 100644
--- a/test/index.test.ts
+++ b/test/index.test.ts
@@ -1218,9 +1218,7 @@ describe('Configure AWS Credentials', {}, () => {
         }),
       );
       // biome-ignore lint/suspicious/noExplicitAny: any required to mock private method
-      vi.spyOn(CredentialsClient.prototype as any, 'loadCredentials').mockRejectedValue(
-        new Error('network glitch'),
-      );
+      vi.spyOn(CredentialsClient.prototype as any, 'loadCredentials').mockRejectedValue(new Error('network glitch'));
       await run();
       expect(core.setFailed).toHaveBeenCalled();
       expect(core.info).not.toHaveBeenCalledWith(expect.stringContaining('Retry'));
@@ -1267,13 +1265,15 @@ describe('Configure AWS Credentials', {}, () => {
       return (client.stsClient.config as any).customUserAgent;
     }
 
-    it('includes run_id and attempt tokens when env vars are valid', async () => {
+    it('includes action, run_id and attempt tokens when env vars are valid', async () => {
       vi.resetModules();
+      process.env.GITHUB_ACTION = '__run_2';
       process.env.GITHUB_RUN_ID = '16412345678';
       process.env.GITHUB_RUN_ATTEMPT = '1';
       const ua = await getCustomUserAgent();
       expect(ua).toEqual([
         ['configure-aws-credentials-for-github-actions'],
+        ['md', 'action#__run_2'],
         ['md', 'run_id#16412345678'],
         ['md', 'attempt#1'],
       ]);
@@ -1282,6 +1282,7 @@ describe('Configure AWS Credentials', {}, () => {
 
     it('omits tokens when env vars are unset, with no warning', async () => {
       vi.resetModules();
+      delete process.env.GITHUB_ACTION;
       const ua = await getCustomUserAgent();
       expect(ua).toEqual([['configure-aws-credentials-for-github-actions']]);
       expect(core.warning).not.toHaveBeenCalled();
@@ -1289,26 +1290,33 @@ describe('Configure AWS Credentials', {}, () => {
 
     it('warns and skips when env vars are malformed', async () => {
       vi.resetModules();
+      process.env.GITHUB_ACTION = '$(curl evil)';
       process.env.GITHUB_RUN_ID = '$(curl evil)';
       process.env.GITHUB_RUN_ATTEMPT = '1; rm -rf /';
       const ua = await getCustomUserAgent();
       expect(ua).toEqual([['configure-aws-credentials-for-github-actions']]);
-      expect(core.warning).toHaveBeenCalledWith(
-        'GITHUB_RUN_ID has unexpected format; omitting from User-Agent',
-      );
-      expect(core.warning).toHaveBeenCalledWith(
-        'GITHUB_RUN_ATTEMPT has unexpected format; omitting from User-Agent',
-      );
-      expect(core.warning).toHaveBeenCalledTimes(2);
+      expect(core.warning).toHaveBeenCalledWith('GITHUB_ACTION has unexpected format; omitting from User-Agent');
+      expect(core.warning).toHaveBeenCalledWith('GITHUB_RUN_ID has unexpected format; omitting from User-Agent');
+      expect(core.warning).toHaveBeenCalledWith('GITHUB_RUN_ATTEMPT has unexpected format; omitting from User-Agent');
+      expect(core.warning).toHaveBeenCalledTimes(3);
     });
 
     it('warns and skips when env vars exceed the length bound', async () => {
       vi.resetModules();
+      process.env.GITHUB_ACTION = 'a'.repeat(200);
       process.env.GITHUB_RUN_ID = '1'.repeat(50);
       process.env.GITHUB_RUN_ATTEMPT = '1'.repeat(50);
       const ua = await getCustomUserAgent();
       expect(ua).toEqual([['configure-aws-credentials-for-github-actions']]);
-      expect(core.warning).toHaveBeenCalledTimes(2);
+      expect(core.warning).toHaveBeenCalledTimes(3);
+    });
+
+    it('rejects GITHUB_ACTION containing whitespace or other characters', async () => {
+      vi.resetModules();
+      process.env.GITHUB_ACTION = 'has space';
+      const ua = await getCustomUserAgent();
+      expect(ua).toEqual([['configure-aws-credentials-for-github-actions']]);
+      expect(core.warning).toHaveBeenCalledWith('GITHUB_ACTION has unexpected format; omitting from User-Agent');
     });
 
     it('sets AWS_EXECUTION_ENV to GitHubActions when unset', async () => {