a7f0c828ac* Support usage of AWS Profiles
* squash merge main updates w feature branch
Squashed commit of the following:
commit ef2df4679f908ff30d5a711258ace2fa906c4bf3
Author: Michael Lehmann <lehmanmj@amazon.com>
Date: Tue Mar 17 11:24:04 2026 -0700
dist update
commit db3779a0e9
Author: Jan Feddern <jf@novatec-gmbh.de>
Date: Sun Dec 21 11:28:36 2025 +0100
Support usage of AWS Profiles
* chore: Update dist
* consistent outputEnvCredentials
* take out tests temporarily
* chore: Update dist
* debug changes for static creds
* remove debug and only cleanup profile if it was set
* formatting fixes + remove profile from cleanup test
* feat: Support usage of AWS Profiles
Adds a config option to support writing to profile files instead of
exporting environment variables.
Closes #1594. Closes #1586. Closes #112.
* chore: fix failing test case and windows path
* chore: lint project markdown files
* chore: update scripts in package.json and tsconfig update
* make env vars consistent, readme linting
* debug for profile path env vars
* remove debug
* remove profile backups
* error if we try to overwrite
* add option to overwrite existing profiles
* tests for overwrite option
* default to no env vars
* remove default from action file
* add static credential env var support
* validation fix for static creds multi profile
* debug sleep for static creds validation
* wait syntax
* undo sleep for creds validate
* test coverage, readme/action yml updates, validate creds later on self-hosted runner
* security dependency updates
* chore(deps-dev): bump @biomejs/biome from 2.4.8 to 2.4.10 (#1709)
Bumps [@biomejs/biome](https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome) from 2.4.8 to 2.4.10.
- [Release notes](https://github.com/biomejs/biome/releases)
- [Changelog](https://github.com/biomejs/biome/blob/main/packages/@biomejs/biome/CHANGELOG.md)
- [Commits](https://github.com/biomejs/biome/commits/@biomejs/biome@2.4.10/packages/@biomejs/biome)
---
updated-dependencies:
- dependency-name: "@biomejs/biome"
dependency-version: 2.4.10
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps-dev): bump @aws-sdk/credential-provider-env (#1713)
Bumps [@aws-sdk/credential-provider-env](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/packages-internal/credential-provider-env) from 3.972.22 to 3.972.24.
- [Release notes](https://github.com/aws/aws-sdk-js-v3/releases)
- [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/packages-internal/credential-provider-env/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-js-v3/commits/HEAD/packages-internal/credential-provider-env)
---
updated-dependencies:
- dependency-name: "@aws-sdk/credential-provider-env"
dependency-version: 3.972.24
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore: Update dist
* chore(deps): bump @aws-sdk/client-sts from 3.1015.0 to 3.1020.0 (#1710)
Bumps [@aws-sdk/client-sts](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-sts) from 3.1015.0 to 3.1020.0.
- [Release notes](https://github.com/aws/aws-sdk-js-v3/releases)
- [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/clients/client-sts/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.1020.0/clients/client-sts)
---
updated-dependencies:
- dependency-name: "@aws-sdk/client-sts"
dependency-version: 3.1020.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore: Update dist
* fix: do not write empty profile files
Also cleanup fix, additional test, README typo cleanup
* linting fix
* chore: linting fix
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Jan Feddern <jf@novatec-gmbh.de>
Co-authored-by: Michael Lehmann <lehmanmj@amazon.com>
Co-authored-by: GitHub Actions <github-aws-sdk-osds-automation@amazon.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
100 lines
4.4 KiB
TypeScript
100 lines
4.4 KiB
TypeScript
import * as core from '@actions/core';
|
|
import { beforeEach, describe, expect, it, vi } from 'vitest';
|
|
import * as helpers from '../src/helpers';
|
|
|
|
describe('Configure AWS Credentials helpers', {}, () => {
|
|
beforeEach(() => {
|
|
vi.restoreAllMocks();
|
|
vi.spyOn(core, 'debug').mockImplementation(() => {});
|
|
});
|
|
it('removes brackets from GitHub Actor', {}, () => {
|
|
const actor = 'actor[bot]';
|
|
expect(helpers.sanitizeGitHubVariables(actor)).toBe('actor_bot_');
|
|
});
|
|
it('can sleep', {}, async () => {
|
|
const sleep = helpers.defaultSleep(10);
|
|
await expect(Promise.race([sleep, new Promise((_, reject) => setTimeout(reject, 20))])).resolves.toBe(undefined);
|
|
});
|
|
it('removes special characters from workflow names', {}, () => {
|
|
expect(helpers.sanitizeGitHubVariables('sdf234@#$%$^&*()_+{}|:"<>?')).toEqual('sdf234@__________+___:____');
|
|
});
|
|
it("doesn't retry non-retryable errors", {}, async () => {
|
|
const fn = vi.fn().mockRejectedValue('i am not retryable');
|
|
await expect(helpers.retryAndBackoff(fn, false)).rejects.toMatch('i am not retryable');
|
|
expect(fn).toHaveBeenCalledTimes(1);
|
|
});
|
|
it('can output creds when told to', {}, () => {
|
|
vi.spyOn(core, 'setOutput').mockImplementation(() => {});
|
|
vi.spyOn(core, 'setSecret').mockImplementation(() => {});
|
|
vi.spyOn(core, 'exportVariable').mockImplementation(() => {});
|
|
helpers.exportCredentials(
|
|
{ AccessKeyId: 'test', SecretAccessKey: 'test', SessionToken: 'test', Expiration: new Date(8640000000000000) },
|
|
true,
|
|
true,
|
|
);
|
|
expect(core.setOutput).toHaveBeenCalledTimes(4);
|
|
expect(core.setSecret).toHaveBeenCalledTimes(3);
|
|
expect(core.exportVariable).toHaveBeenCalledTimes(3);
|
|
});
|
|
it('can unset credentials', {}, () => {
|
|
const env = process.env;
|
|
helpers.unsetCredentials();
|
|
expect(process.env.AWS_ACCESS_KEY_ID).toBeUndefined;
|
|
expect(process.env.AWS_SECRET_ACCESS_KEY).toBeUndefined;
|
|
expect(process.env.AWS_SESSION_TOKEN).toBeUndefined;
|
|
expect(process.env.AWS_REGION).toBeUndefined;
|
|
expect(process.env.AWS_DEFAULT_REGION).toBeUndefined;
|
|
process.env = env;
|
|
});
|
|
it(`won't output credentials to env if told not to`, {}, () => {
|
|
vi.spyOn(core, 'setOutput').mockImplementation(() => {});
|
|
vi.spyOn(core, 'setSecret').mockImplementation(() => {});
|
|
vi.spyOn(core, 'exportVariable').mockImplementation(() => {});
|
|
helpers.exportCredentials(
|
|
{ AccessKeyId: 'test', SecretAccessKey: 'test', SessionToken: 'test', Expiration: new Date(8640000000000000) },
|
|
true,
|
|
false,
|
|
);
|
|
helpers.unsetCredentials(false);
|
|
helpers.exportRegion('fake-test-region', false);
|
|
expect(core.setOutput).toHaveBeenCalledTimes(4);
|
|
expect(core.setSecret).toHaveBeenCalledTimes(3);
|
|
expect(core.exportVariable).toHaveBeenCalledTimes(0);
|
|
});
|
|
|
|
it('verifies credentials without special characters', {}, () => {
|
|
expect(helpers.verifyKeys({ AccessKeyId: 'AKIATEST', SecretAccessKey: 'secretkey' })).toBe(true);
|
|
expect(helpers.verifyKeys({ AccessKeyId: 'AKIA!@#$', SecretAccessKey: 'secret' })).toBe(false);
|
|
expect(helpers.verifyKeys(undefined)).toBe(false);
|
|
});
|
|
|
|
it('translates environment variables', {}, () => {
|
|
process.env.AWS_REGION = 'us-east-1';
|
|
process.env.HTTPS_PROXY = 'https://proxy:8080';
|
|
helpers.translateEnvVariables();
|
|
expect(process.env['INPUT_AWS-REGION']).toBe('us-east-1');
|
|
expect(process.env.HTTP_PROXY).toBe('https://proxy:8080');
|
|
});
|
|
|
|
it('handles getBooleanInput correctly', {}, () => {
|
|
vi.spyOn(core, 'getInput').mockReturnValue('true');
|
|
expect(helpers.getBooleanInput('test')).toBe(true);
|
|
|
|
vi.spyOn(core, 'getInput').mockReturnValue('false');
|
|
expect(helpers.getBooleanInput('test')).toBe(false);
|
|
|
|
vi.spyOn(core, 'getInput').mockReturnValue('');
|
|
expect(helpers.getBooleanInput('test', { default: true })).toBe(true);
|
|
|
|
vi.spyOn(core, 'getInput').mockReturnValue('invalid');
|
|
expect(() => helpers.getBooleanInput('test')).toThrow();
|
|
});
|
|
|
|
it('clears session token when not provided', {}, () => {
|
|
vi.spyOn(core, 'setSecret').mockImplementation(() => {});
|
|
vi.spyOn(core, 'exportVariable').mockImplementation(() => {});
|
|
process.env.AWS_SESSION_TOKEN = 'old-token';
|
|
helpers.exportCredentials({ AccessKeyId: 'test', SecretAccessKey: 'test' }, false, true);
|
|
expect(core.exportVariable).toHaveBeenCalledWith('AWS_SESSION_TOKEN', '');
|
|
});
|
|
});
|