From ba1ab7fb3b6b7c5c806626bec0c6db964a0de2e2 Mon Sep 17 00:00:00 2001
From: Sylvain Verly <sylvain.verly@gmail.com>
Date: Thu, 20 Mar 2025 15:41:20 +0100
Subject: [PATCH] Use json for input to custom-tags, add documentation for
 custom-tags

---
 action.yml              | 7 ++++++-
 src/index.ts            | 5 +----
 test/mockinputs.test.ts | 2 +-
 3 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/action.yml b/action.yml
index e6448c7..5f0c0ef 100644
--- a/action.yml
+++ b/action.yml
@@ -1,4 +1,3 @@
-
 name: '"Configure AWS Credentials" Action for GitHub Actions'
 description: Configures AWS credentials for use in subsequent steps in a GitHub Action workflow
 runs:
@@ -101,6 +100,12 @@ inputs:
   action-timeout-s:
     required: false
     description: A global timeout in seconds for the action. When the timeout is reached, the action immediately exits. The default is to run without a timeout.
+  custom-tags:
+    description: >-
+      Additional tags to apply to the assumed role session. Must be a JSON object provided using toJSON.
+      Example: custom-tags: ${{ toJSON({ Environment: 'Production', Team: 'DevOps' }) }}
+      You can include secrets: custom-tags: ${{ toJSON({ Team: secrets.TEAM_NAME }) }}
+    required: false
 
 outputs:
   aws-account-id:
diff --git a/src/index.ts b/src/index.ts
index 7f10f4d..3519175 100644
--- a/src/index.ts
+++ b/src/index.ts
@@ -45,10 +45,7 @@ export async function run() {
     const proxyServer = core.getInput('http-proxy', { required: false }) || process.env.HTTP_PROXY;
     const customTagsInput = core.getInput('custom-tags', { required: false });
     const customTags = customTagsInput
-      ? (typeof customTagsInput === 'string' && customTagsInput.trim().startsWith('{')
-          ? Object.entries(JSON.parse(customTagsInput))
-          : Object.entries(customTagsInput)
-        ).map(([Key, Value]) => ({ Key, Value: String(Value) }))
+      ? Object.entries(JSON.parse(customTagsInput)).map(([Key, Value]) => ({ Key, Value: String(Value) }))
       : [];
     const inlineSessionPolicy = core.getInput('inline-session-policy', { required: false });
     const managedSessionPolicies = core.getMultilineInput('managed-session-policies', { required: false }).map((p) => {
diff --git a/test/mockinputs.test.ts b/test/mockinputs.test.ts
index f651995..99cc24c 100644
--- a/test/mockinputs.test.ts
+++ b/test/mockinputs.test.ts
@@ -18,7 +18,7 @@ const inputs = {
     'aws-secret-access-key': 'MYAWSSECRETACCESSKEY',
     'role-to-assume': 'arn:aws:iam::111111111111:role/MY-ROLE',
     'aws-region': 'fake-region-1',
-    'custom-tags': { Environment: 'Production', Team: 'DevOps' },
+    'custom-tags': JSON.stringify({ Environment: 'Production', Team: 'DevOps' }),
   },
   IAM_USER_INPUTS: {
     'aws-access-key-id': 'MYAWSACCESSKEYID',