a7f0c828ac* Support usage of AWS Profiles
* squash merge main updates w feature branch
Squashed commit of the following:
commit ef2df4679f908ff30d5a711258ace2fa906c4bf3
Author: Michael Lehmann <lehmanmj@amazon.com>
Date: Tue Mar 17 11:24:04 2026 -0700
dist update
commit db3779a0e9
Author: Jan Feddern <jf@novatec-gmbh.de>
Date: Sun Dec 21 11:28:36 2025 +0100
Support usage of AWS Profiles
* chore: Update dist
* consistent outputEnvCredentials
* take out tests temporarily
* chore: Update dist
* debug changes for static creds
* remove debug and only cleanup profile if it was set
* formatting fixes + remove profile from cleanup test
* feat: Support usage of AWS Profiles
Adds a config option to support writing to profile files instead of
exporting environment variables.
Closes #1594. Closes #1586. Closes #112.
* chore: fix failing test case and windows path
* chore: lint project markdown files
* chore: update scripts in package.json and tsconfig update
* make env vars consistent, readme linting
* debug for profile path env vars
* remove debug
* remove profile backups
* error if we try to overwrite
* add option to overwrite existing profiles
* tests for overwrite option
* default to no env vars
* remove default from action file
* add static credential env var support
* validation fix for static creds multi profile
* debug sleep for static creds validation
* wait syntax
* undo sleep for creds validate
* test coverage, readme/action yml updates, validate creds later on self-hosted runner
* security dependency updates
* chore(deps-dev): bump @biomejs/biome from 2.4.8 to 2.4.10 (#1709)
Bumps [@biomejs/biome](https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome) from 2.4.8 to 2.4.10.
- [Release notes](https://github.com/biomejs/biome/releases)
- [Changelog](https://github.com/biomejs/biome/blob/main/packages/@biomejs/biome/CHANGELOG.md)
- [Commits](https://github.com/biomejs/biome/commits/@biomejs/biome@2.4.10/packages/@biomejs/biome)
---
updated-dependencies:
- dependency-name: "@biomejs/biome"
dependency-version: 2.4.10
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps-dev): bump @aws-sdk/credential-provider-env (#1713)
Bumps [@aws-sdk/credential-provider-env](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/packages-internal/credential-provider-env) from 3.972.22 to 3.972.24.
- [Release notes](https://github.com/aws/aws-sdk-js-v3/releases)
- [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/packages-internal/credential-provider-env/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-js-v3/commits/HEAD/packages-internal/credential-provider-env)
---
updated-dependencies:
- dependency-name: "@aws-sdk/credential-provider-env"
dependency-version: 3.972.24
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore: Update dist
* chore(deps): bump @aws-sdk/client-sts from 3.1015.0 to 3.1020.0 (#1710)
Bumps [@aws-sdk/client-sts](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-sts) from 3.1015.0 to 3.1020.0.
- [Release notes](https://github.com/aws/aws-sdk-js-v3/releases)
- [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/clients/client-sts/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.1020.0/clients/client-sts)
---
updated-dependencies:
- dependency-name: "@aws-sdk/client-sts"
dependency-version: 3.1020.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore: Update dist
* fix: do not write empty profile files
Also cleanup fix, additional test, README typo cleanup
* linting fix
* chore: linting fix
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Jan Feddern <jf@novatec-gmbh.de>
Co-authored-by: Michael Lehmann <lehmanmj@amazon.com>
Co-authored-by: GitHub Actions <github-aws-sdk-osds-automation@amazon.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
73 lines
3.1 KiB
TypeScript
73 lines
3.1 KiB
TypeScript
import * as core from '@actions/core';
|
|
import { STSClient } from '@aws-sdk/client-sts';
|
|
import { mockClient } from 'aws-sdk-client-mock';
|
|
import { beforeEach, describe, expect, it, vi } from 'vitest';
|
|
import { cleanup } from '../src/cleanup';
|
|
import mocks from './mockinputs.test';
|
|
|
|
const mockedSTSClient = mockClient(STSClient);
|
|
|
|
describe('Configure AWS Credentials cleanup', {}, () => {
|
|
beforeEach(() => {
|
|
// Reset mock state
|
|
vi.restoreAllMocks();
|
|
mockedSTSClient.reset();
|
|
// Mock GitHub Actions core functions
|
|
vi.spyOn(core, 'exportVariable').mockImplementation((_n, _v) => {});
|
|
vi.spyOn(core, 'setSecret').mockImplementation((_s) => {});
|
|
vi.spyOn(core, 'setFailed').mockImplementation((_m) => {});
|
|
vi.spyOn(core, 'setOutput').mockImplementation((_n, _v) => {});
|
|
vi.spyOn(core, 'debug').mockImplementation((_m) => {});
|
|
vi.spyOn(core, 'info').mockImplementation((_m) => {});
|
|
process.env = {
|
|
...mocks.envs,
|
|
AWS_ACCESS_KEY_ID: 'CLEANUPTEST',
|
|
AWS_SECRET_ACCESS_KEY: 'CLEANUPTEST',
|
|
AWS_SESSION_TOKEN: 'CLEANUPTEST',
|
|
AWS_REGION: 'CLEANUPTEST',
|
|
AWS_DEFAULT_REGION: 'CLEANUPTEST',
|
|
};
|
|
});
|
|
it('replaces AWS credential and region environment variables with empty strings', {}, () => {
|
|
cleanup();
|
|
expect(core.setFailed).toHaveBeenCalledTimes(0);
|
|
expect(core.exportVariable).toHaveBeenCalledTimes(5);
|
|
expect(core.exportVariable).toHaveBeenCalledWith('AWS_ACCESS_KEY_ID', '');
|
|
expect(core.exportVariable).toHaveBeenCalledWith('AWS_SECRET_ACCESS_KEY', '');
|
|
expect(core.exportVariable).toHaveBeenCalledWith('AWS_SESSION_TOKEN', '');
|
|
expect(core.exportVariable).toHaveBeenCalledWith('AWS_DEFAULT_REGION', '');
|
|
expect(core.exportVariable).toHaveBeenCalledWith('AWS_REGION', '');
|
|
});
|
|
it('also clears AWS_PROFILE when aws-profile was set', {}, () => {
|
|
vi.spyOn(core, 'getInput').mockImplementation((name: string) => {
|
|
if (name === 'aws-profile') return 'my-profile';
|
|
if (name === 'output-env-credentials') return 'true';
|
|
return '';
|
|
});
|
|
cleanup();
|
|
expect(core.setFailed).toHaveBeenCalledTimes(0);
|
|
expect(core.exportVariable).toHaveBeenCalledTimes(6);
|
|
expect(core.exportVariable).toHaveBeenCalledWith('AWS_PROFILE', '');
|
|
});
|
|
it('skips env cleanup when aws-profile is set without output-env-credentials', {}, () => {
|
|
vi.spyOn(core, 'getInput').mockImplementation((name: string) => {
|
|
if (name === 'aws-profile') return 'my-profile';
|
|
return '';
|
|
});
|
|
cleanup();
|
|
expect(core.setFailed).toHaveBeenCalledTimes(0);
|
|
expect(core.exportVariable).toHaveBeenCalledTimes(0);
|
|
});
|
|
it('handles errors', {}, () => {
|
|
vi.spyOn(core, 'exportVariable').mockImplementationOnce(() => {
|
|
throw new Error('Test error');
|
|
});
|
|
cleanup();
|
|
expect(core.setFailed).toHaveBeenCalled();
|
|
});
|
|
it(`doesn't export credentials as empty env variables if asked not to`, {}, () => {
|
|
vi.spyOn(core, 'getInput').mockImplementation(mocks.getInput(mocks.NO_ENV_CREDS_INPUTS));
|
|
cleanup();
|
|
expect(core.exportVariable).toHaveBeenCalledTimes(0);
|
|
});
|
|
});
|