aws-actions/configure-aws-credentials
1
0
Fork 0
mirror of synced 2026-06-05 14:35:14 +00:00
Code Issues Projects Releases Packages Wiki Activity

chore: cleanup input handling (#1445)

Browse source 
Co-authored-by: Michael Lehmann <lehmanmj@amazon.com>
This commit is contained in:
Tom Keller 2025-08-20 11:36:42 -07:00 committed by GitHub
commit 74b3e27aa8
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 58 additions and 50 deletions
Download patch file Download diff file Expand all files Collapse all files

7
src/cleanup/index.ts
View file

@ -1,5 +1,5 @@
import * as core from '@actions/core';
import { errorMessage } from '../helpers';
import { errorMessage, getBooleanInput } from '../helpers';
/**
* When the GitHub Actions job is done, clean up any environment variables that
@ -13,8 +13,8 @@ import { errorMessage } from '../helpers';
*/
export function cleanup() {
const outputEnvCredentialsInput = core.getInput('output-env-credentials', { required: false }) || 'true';
if (outputEnvCredentialsInput === 'true') {
// Only attempt to change environment variables if we changed them in the first place
if (getBooleanInput('output-env-credentials', { required: false, default: true })) {
try {
// The GitHub Actions toolkit does not have an option to completely unset
// environment variables, so we overwrite the current value with an empty
@ -30,6 +30,7 @@ export function cleanup() {
}
}
}
/* c8 ignore start */
if (require.main === module) {
try {

29
src/helpers.ts
View file

@ -214,3 +214,32 @@ export async function areCredentialsValid(credentialsClient: CredentialsClient)
return false;
}
}
/**
* Like core.getBooleanInput, but respects the required option.
*
* From https://github.com/actions/toolkit/blob/6876e2a664ec02908178087905b9155e9892a437/packages/core/src/core.ts
*
* Gets the input value of the boolean type in the YAML 1.2 "core schema" specification.
* Support boolean input list: `true | True | TRUE | false | False | FALSE` .
* The return value is also in boolean type.
* ref: https://yaml.org/spec/1.2/spec.html#id2804923
*
* @param name name of the input to get
* @param options optional. See core.InputOptions. Also supports optional 'default' if the input is not set
* @returns boolean
*/
export function getBooleanInput(name: string, options?: core.InputOptions & { default?: boolean }): boolean {
const trueValue = ['true', 'True', 'TRUE'];
const falseValue = ['false', 'False', 'FALSE'];
const optionsWithoutDefault = { ...options };
delete optionsWithoutDefault.default;
const val = core.getInput(name, optionsWithoutDefault);
if (trueValue.includes(val)) return true;
if (falseValue.includes(val)) return false;
if (val === '') return options?.default ?? false;
throw new TypeError(
`Input does not meet YAML 1.2 "Core Schema" specification: ${name}\n` +
`Support boolean input list: \`true | True | TRUE | false | False | FALSE\``,
);
}

72
src/index.ts
View file

@ -8,6 +8,7 @@ import {
exportAccountId,
exportCredentials,
exportRegion,
getBooleanInput,
retryAndBackoff,
translateEnvVariables,
unsetCredentials,
@ -22,64 +23,41 @@ export async function run() {
try {
translateEnvVariables();
// Get inputs
// Undefined inputs are empty strings ( or empty arrays)
const AccessKeyId = core.getInput('aws-access-key-id', { required: false });
const SecretAccessKey = core.getInput('aws-secret-access-key', {
required: false,
});
const sessionTokenInput = core.getInput('aws-session-token', {
required: false,
});
const SecretAccessKey = core.getInput('aws-secret-access-key', { required: false });
const sessionTokenInput = core.getInput('aws-session-token', { required: false });
const SessionToken = sessionTokenInput === '' ? undefined : sessionTokenInput;
const region = core.getInput('aws-region', { required: true });
const roleToAssume = core.getInput('role-to-assume', { required: false });
const audience = core.getInput('audience', { required: false });
const maskAccountIdInput = core.getInput('mask-aws-account-id', { required: false }) || 'false';
const maskAccountId = maskAccountIdInput.toLowerCase() === 'true';
const roleExternalId = core.getInput('role-external-id', {
required: false,
});
const webIdentityTokenFile = core.getInput('web-identity-token-file', {
required: false,
});
const maskAccountId = getBooleanInput('mask-aws-account-id', { required: false });
const roleExternalId = core.getInput('role-external-id', { required: false });
const webIdentityTokenFile = core.getInput('web-identity-token-file', { required: false });
const roleDuration =
Number.parseInt(core.getInput('role-duration-seconds', { required: false })) || DEFAULT_ROLE_DURATION;
const roleSessionName = core.getInput('role-session-name', { required: false }) || ROLE_SESSION_NAME;
const roleSkipSessionTaggingInput = core.getInput('role-skip-session-tagging', { required: false }) || 'false';
const roleSkipSessionTagging = roleSkipSessionTaggingInput.toLowerCase() === 'true';
const roleSkipSessionTagging = getBooleanInput('role-skip-session-tagging', { required: false });
const proxyServer = core.getInput('http-proxy', { required: false }) || process.env.HTTP_PROXY;
const inlineSessionPolicy = core.getInput('inline-session-policy', {
required: false,
const inlineSessionPolicy = core.getInput('inline-session-policy', { required: false });
const managedSessionPolicies = core.getMultilineInput('managed-session-policies', { required: false }).map((p) => {
return { arn: p };
});
const managedSessionPoliciesInput = core.getMultilineInput('managed-session-policies', { required: false });
const managedSessionPolicies: { arn: string }[] = [];
const roleChainingInput = core.getInput('role-chaining', { required: false }) || 'false';
const roleChaining = roleChainingInput.toLowerCase() === 'true';
const outputCredentialsInput = core.getInput('output-credentials', { required: false }) || 'false';
const outputCredentials = outputCredentialsInput.toLowerCase() === 'true';
const outputEnvCredentialsInput = core.getInput('output-env-credentials', { required: false }) || 'true';
const outputEnvCredentials = outputEnvCredentialsInput.toLowerCase() === 'true';
const unsetCurrentCredentialsInput = core.getInput('unset-current-credentials', { required: false }) || 'false';
const unsetCurrentCredentials = unsetCurrentCredentialsInput.toLowerCase() === 'true';
const disableRetryInput = core.getInput('disable-retry', { required: false }) || 'false';
let disableRetry = disableRetryInput.toLowerCase() === 'true';
const specialCharacterWorkaroundInput =
core.getInput('special-characters-workaround', { required: false }) || 'false';
const specialCharacterWorkaround = specialCharacterWorkaroundInput.toLowerCase() === 'true';
const useExistingCredentialsInput = core.getInput('use-existing-credentials', { required: false }) || 'false';
const useExistingCredentials = useExistingCredentialsInput.toLowerCase() === 'true';
const roleChaining = getBooleanInput('role-chaining', { required: false });
const outputCredentials = getBooleanInput('output-credentials', { required: false });
const outputEnvCredentials = getBooleanInput('output-env-credentials', { required: false, default: true });
const unsetCurrentCredentials = getBooleanInput('unset-current-credentials', { required: false });
let disableRetry = getBooleanInput('disable-retry', { required: false });
const specialCharacterWorkaround = getBooleanInput('special-characters-workaround', { required: false });
const useExistingCredentials = core.getInput('use-existing-credentials', { required: false });
let maxRetries = Number.parseInt(core.getInput('retry-max-attempts', { required: false })) || 12;
switch (true) {
case specialCharacterWorkaround:
// 😳
disableRetry = false;
maxRetries = 12;
break;
case maxRetries < 1:
maxRetries = 1;
break;
}
for (const managedSessionPolicy of managedSessionPoliciesInput) {
managedSessionPolicies.push({ arn: managedSessionPolicy });
if (specialCharacterWorkaround) {
// 😳
disableRetry = false;
maxRetries = 12;
} else if (maxRetries < 1) {
maxRetries = 1;
}
// Logic to decide whether to attempt to use OIDC or not