aws-actions/configure-aws-credentials
1
0
Fork 0
mirror of synced 2026-06-05 11:08:19 +00:00
Code Issues Projects Releases Packages Wiki Activity

chore: Update dist

Browse source
This commit is contained in:
GitHub Actions 2026-06-01 21:59:55 +00:00
commit bbbffeab00
1 changed files with 23 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

46
dist/index.js generated vendored
View file

@ -44986,7 +44986,7 @@ var require_errors2 = __commonJS({
} }
}; };
exports2.MalformedPolicyDocumentException = MalformedPolicyDocumentException2; exports2.MalformedPolicyDocumentException = MalformedPolicyDocumentException2;
var PackedPolicyTooLargeException2 = class _PackedPolicyTooLargeException extends STSServiceException_1.STSServiceException { var PackedPolicyTooLargeException3 = class _PackedPolicyTooLargeException extends STSServiceException_1.STSServiceException {
name = "PackedPolicyTooLargeException"; name = "PackedPolicyTooLargeException";
$fault = "client"; $fault = "client";
constructor(opts) { constructor(opts) {
@ -44998,7 +44998,7 @@ var require_errors2 = __commonJS({
Object.setPrototypeOf(this, _PackedPolicyTooLargeException.prototype); Object.setPrototypeOf(this, _PackedPolicyTooLargeException.prototype);
} }
}; };
exports2.PackedPolicyTooLargeException = PackedPolicyTooLargeException2; exports2.PackedPolicyTooLargeException = PackedPolicyTooLargeException3;
var RegionDisabledException2 = class _RegionDisabledException extends STSServiceException_1.STSServiceException { var RegionDisabledException2 = class _RegionDisabledException extends STSServiceException_1.STSServiceException {
name = "RegionDisabledException"; name = "RegionDisabledException";
$fault = "client"; $fault = "client";
@ -74060,6 +74060,7 @@ async function assumeRoleWithWebIdentityTokenFile(params, client, webIdentityTok
info("Assuming role with web identity token file"); info("Assuming role with web identity token file");
try { try {
delete params.Tags; delete params.Tags;
delete params.TransitiveTagKeys;
const creds = await client.send( const creds = await client.send(
new import_client_sts2.AssumeRoleWithWebIdentityCommand({ new import_client_sts2.AssumeRoleWithWebIdentityCommand({
...params, ...params,
@ -74077,6 +74078,13 @@ async function assumeRoleWithCredentials(params, client) {
const creds = await client.send(new import_client_sts2.AssumeRoleCommand({ ...params })); const creds = await client.send(new import_client_sts2.AssumeRoleCommand({ ...params }));
return creds; return creds;
} catch (error3) { } catch (error3) {
if (error3 instanceof import_client_sts2.PackedPolicyTooLargeException) {
info("Session tag size is too large; dropping droppable tags and retrying.");
const droppableKeys = new Set(DROPPABLE_TAG_SOURCES.map((s) => s.key));
params.Tags = params.Tags?.filter((tag2) => !droppableKeys.has(tag2.Key ?? ""));
const creds = await client.send(new import_client_sts2.AssumeRoleCommand({ ...params }));
return creds;
}
throw new Error(`Could not assume role with user credentials: ${errorMessage(error3)}`); throw new Error(`Could not assume role with user credentials: ${errorMessage(error3)}`);
} }
} }
@ -74085,7 +74093,7 @@ var TAG_VALUE_REGEX = /^[\p{L}\p{Z}\p{N}_.:/=+\-@]*$/u;
var MAX_TAG_KEY_LENGTH = 128; var MAX_TAG_KEY_LENGTH = 128;
var MAX_TAG_VALUE_LENGTH2 = 256; var MAX_TAG_VALUE_LENGTH2 = 256;
var MAX_SESSION_TAGS = 50; var MAX_SESSION_TAGS = 50;
var PROTECTED_TAG_SOURCES = [ var NON_DROPPABLE_TAG_SOURCES = [
{ key: "Repository", envVar: "GITHUB_REPOSITORY" }, { key: "Repository", envVar: "GITHUB_REPOSITORY" },
{ key: "Workflow", envVar: "GITHUB_WORKFLOW" }, { key: "Workflow", envVar: "GITHUB_WORKFLOW" },
{ key: "Action", envVar: "GITHUB_ACTION" }, { key: "Action", envVar: "GITHUB_ACTION" },
@ -74093,17 +74101,19 @@ var PROTECTED_TAG_SOURCES = [
{ key: "Commit", envVar: "GITHUB_SHA" }, { key: "Commit", envVar: "GITHUB_SHA" },
{ key: "Branch", envVar: "GITHUB_REF" } { key: "Branch", envVar: "GITHUB_REF" }
]; ];
var OVERRIDEABLE_TAG_SOURCES_BY_PRIORITY = [ var DROPPABLE_TAG_SOURCES = [
{ key: "EventName", envVar: "GITHUB_EVENT_NAME" }, { key: "EventName", envVar: "GITHUB_EVENT_NAME" },
{ key: "BaseRef", envVar: "GITHUB_BASE_REF" }, { key: "BaseRef", envVar: "GITHUB_BASE_REF" },
{ key: "HeadRef", envVar: "GITHUB_HEAD_REF" }, { key: "HeadRef", envVar: "GITHUB_HEAD_REF" },
{ key: "RefName", envVar: "GITHUB_REF_NAME" },
{ key: "RunId", envVar: "GITHUB_RUN_ID" }, { key: "RunId", envVar: "GITHUB_RUN_ID" },
{ key: "RefType", envVar: "GITHUB_REF_TYPE" },
{ key: "Job", envVar: "GITHUB_JOB" }, { key: "Job", envVar: "GITHUB_JOB" },
{ key: "TriggeringActor", envVar: "GITHUB_TRIGGERING_ACTOR" } { key: "TriggeringActor", envVar: "GITHUB_TRIGGERING_ACTOR" }
]; ];
var PROTECTED_TAG_KEYS = /* @__PURE__ */ new Set(["GitHub", ...PROTECTED_TAG_SOURCES.map((s) => s.key)]); var PROTECTED_TAG_KEYS = /* @__PURE__ */ new Set([
"GitHub",
...NON_DROPPABLE_TAG_SOURCES.map((s) => s.key),
...DROPPABLE_TAG_SOURCES.map((s) => s.key)
]);
function parseAndValidateCustomTags(customTags, existingTags) { function parseAndValidateCustomTags(customTags, existingTags) {
let parsed; let parsed;
try { try {
@ -74175,30 +74185,26 @@ async function assumeRole(params) {
throw new Error("Missing required environment variables. Are you running in GitHub Actions?"); throw new Error("Missing required environment variables. Are you running in GitHub Actions?");
} }
const protectedTags = [{ Key: "GitHub", Value: "Actions" }]; const protectedTags = [{ Key: "GitHub", Value: "Actions" }];
for (const { key, envVar } of PROTECTED_TAG_SOURCES) { for (const { key, envVar } of NON_DROPPABLE_TAG_SOURCES) {
const value = process.env[envVar];
if (value) {
protectedTags.push({ Key: key, Value: sanitizeGitHubVariables(value) });
}
}
for (const { key, envVar } of DROPPABLE_TAG_SOURCES) {
const value = process.env[envVar]; const value = process.env[envVar];
if (value) { if (value) {
protectedTags.push({ Key: key, Value: sanitizeGitHubVariables(value) }); protectedTags.push({ Key: key, Value: sanitizeGitHubVariables(value) });
} }
} }
const parsedCustomTags = customTags ? parseAndValidateCustomTags(customTags, protectedTags) : []; const parsedCustomTags = customTags ? parseAndValidateCustomTags(customTags, protectedTags) : [];
const customTagKeys = new Set(parsedCustomTags.map((t) => t.Key)); const tagArray = [...protectedTags, ...parsedCustomTags];
const availableOverrideableSlots = MAX_SESSION_TAGS - protectedTags.length - parsedCustomTags.length;
const overrideableTags = [];
for (const { key, envVar } of OVERRIDEABLE_TAG_SOURCES_BY_PRIORITY) {
if (overrideableTags.length >= availableOverrideableSlots) break;
if (customTagKeys.has(key)) continue;
const value = process.env[envVar];
if (value) {
overrideableTags.push({ Key: key, Value: sanitizeGitHubVariables(value) });
}
}
const tagArray = [...protectedTags, ...overrideableTags, ...parsedCustomTags];
const tags = roleSkipSessionTagging ? void 0 : tagArray; const tags = roleSkipSessionTagging ? void 0 : tagArray;
if (!tags) { if (!tags) {
debug("Role session tagging has been skipped."); debug("Role session tagging has been skipped.");
} else { } else {
debug(`${tags.length} role session tags are being used:`); debug(`${tags.length} role session tags are being used:`);
debug(JSON.stringify(tagArray));
} }
const transitiveTagKeysArray = roleSkipSessionTagging ? void 0 : transitiveTagKeys?.filter((key) => tags?.some((tag2) => tag2.Key === key)); const transitiveTagKeysArray = roleSkipSessionTagging ? void 0 : transitiveTagKeys?.filter((key) => tags?.some((tag2) => tag2.Key === key));
let roleArn = roleToAssume; let roleArn = roleToAssume;