diff --git a/dist/cleanup/CredentialsClient.d.ts b/dist/cleanup/CredentialsClient.d.ts deleted file mode 100644 index a8bf0d0e4..000000000 --- a/dist/cleanup/CredentialsClient.d.ts +++ /dev/null @@ -1,14 +0,0 @@ -import { STSClient } from '@aws-sdk/client-sts'; -export interface CredentialsClientProps { - region?: string; - proxyServer?: string; -} -export declare class CredentialsClient { - region?: string; - private _stsClient?; - private readonly requestHandler?; - constructor(props: CredentialsClientProps); - get stsClient(): STSClient; - validateCredentials(expectedAccessKeyId?: string, roleChaining?: boolean): Promise; - private loadCredentials; -} diff --git a/dist/cleanup/assumeRole.d.ts b/dist/cleanup/assumeRole.d.ts deleted file mode 100644 index 681a211f0..000000000 --- a/dist/cleanup/assumeRole.d.ts +++ /dev/null @@ -1,17 +0,0 @@ -import type { CredentialsClient } from './CredentialsClient'; -export interface assumeRoleParams { - credentialsClient: CredentialsClient; - roleToAssume: string; - roleDuration: number; - roleSessionName: string; - roleSkipSessionTagging?: boolean; - sourceAccountId?: string; - roleExternalId?: string; - webIdentityTokenFile?: string; - webIdentityToken?: string; - inlineSessionPolicy?: string; - managedSessionPolicies?: { - arn: string; - }[]; -} -export declare function assumeRole(params: assumeRoleParams): Promise; diff --git a/dist/cleanup/cleanup/index.d.ts b/dist/cleanup/cleanup/index.d.ts deleted file mode 100644 index e2bed3015..000000000 --- a/dist/cleanup/cleanup/index.d.ts +++ /dev/null @@ -1,11 +0,0 @@ -/** - * When the GitHub Actions job is done, clean up any environment variables that - * may have been set by the configure-aws-credentials steps in the job. - * - * Environment variables are not intended to be shared across different jobs in - * the same GitHub Actions workflow: GitHub Actions documentation states that - * each job runs in a fresh instance. However, doing our own cleanup will - * give us additional assurance that these environment variables are not shared - * with any other jobs. - */ -export declare function cleanup(): void; diff --git a/dist/cleanup/helpers.d.ts b/dist/cleanup/helpers.d.ts deleted file mode 100644 index aed9a1d04..000000000 --- a/dist/cleanup/helpers.d.ts +++ /dev/null @@ -1,17 +0,0 @@ -import type { Credentials } from '@aws-sdk/client-sts'; -import type { CredentialsClient } from './CredentialsClient'; -export declare function exportCredentials(creds?: Partial, outputCredentials?: boolean): void; -export declare function unsetCredentials(): void; -export declare function exportRegion(region: string): void; -export declare function exportAccountId(credentialsClient: CredentialsClient, maskAccountId?: boolean): Promise; -export declare function sanitizeGitHubVariables(name: string): string; -export declare function defaultSleep(ms: number): Promise; -declare let sleep: typeof defaultSleep; -export declare function withsleep(s: typeof sleep): void; -export declare function reset(): void; -export declare function verifyKeys(creds: Partial | undefined): boolean; -export declare function retryAndBackoff(fn: () => Promise, isRetryable: boolean, maxRetries?: number, retries?: number, base?: number): Promise; -export declare function errorMessage(error: unknown): string; -export declare function isDefined(i: T | undefined | null): i is T; -export declare function areCredentialsValid(credentialsClient: CredentialsClient): Promise; -export {}; diff --git a/dist/cleanup/index.d.ts b/dist/cleanup/index.d.ts deleted file mode 100644 index 1aeec715e..000000000 --- a/dist/cleanup/index.d.ts +++ /dev/null @@ -1 +0,0 @@ -export declare function run(): Promise; diff --git a/dist/cleanup/index.js b/dist/cleanup/index.js index aa959dae7..35435286c 100644 --- a/dist/cleanup/index.js +++ b/dist/cleanup/index.js @@ -46498,6 +46498,7 @@ var __importStar = (this && this.__importStar) || (function () { }; })(); Object.defineProperty(exports, "__esModule", ({ value: true })); +exports.translateEnvVariables = translateEnvVariables; exports.exportCredentials = exportCredentials; exports.unsetCredentials = unsetCredentials; exports.exportRegion = exportRegion; @@ -46516,6 +46517,37 @@ const client_sts_1 = __nccwpck_require__(1695); const MAX_TAG_VALUE_LENGTH = 256; const SANITIZATION_CHARACTER = '_'; const SPECIAL_CHARS_REGEX = /[!@#$%^&*()_+\-=[\]{};':"\\|,.<>/?]+/; +function translateEnvVariables() { + const envVars = [ + 'AWS_REGION', + 'ROLE_TO_ASSUME', + 'AWS_ACCESS_KEY_ID', + 'AWS_SECRET_ACCESS_KEY', + 'AWS_SESSION_TOKEN', + 'WEB_IDENTITY_TOKEN_FILE', + 'ROLE_CHAINING', + 'AUDIENCE', + 'HTTP_PROXY', + 'MASK_AWS_ACCOUNT_ID', + 'ROLE_DURATION_SECONDS', + 'ROLE_EXTERNAL_ID', + 'ROLE_SESSION_NAME', + 'ROLE_SKIP_SESSION_TAGGING', + 'INLINE_SESSION_POLICY', + 'MANAGED_SESSION_POLICIES', + 'OUTPUT_CREDENTIALS', + 'UNSET_CURRENT_CREDENTIALS', + 'DISABLE_RETRY', + 'RETRY_MAX_ATTEMPTS', + 'SPECIAL_CHARACTERS_WORKAROUND', + 'USE_EXISTING_CREDENTIALS', + ]; + for (const envVar of envVars) { + if (process.env[envVar]) { + process.env[`INPUT_${envVar.replace(/_/g, '-')}`] = process.env[envVar]; + } + } +} // Configure the AWS CLI and AWS SDKs using environment variables and set them as secrets. // Setting the credentials as secrets masks them in Github Actions logs function exportCredentials(creds, outputCredentials) { diff --git a/dist/cleanup/src/CredentialsClient.d.ts b/dist/cleanup/src/CredentialsClient.d.ts deleted file mode 100644 index a8bf0d0e4..000000000 --- a/dist/cleanup/src/CredentialsClient.d.ts +++ /dev/null @@ -1,14 +0,0 @@ -import { STSClient } from '@aws-sdk/client-sts'; -export interface CredentialsClientProps { - region?: string; - proxyServer?: string; -} -export declare class CredentialsClient { - region?: string; - private _stsClient?; - private readonly requestHandler?; - constructor(props: CredentialsClientProps); - get stsClient(): STSClient; - validateCredentials(expectedAccessKeyId?: string, roleChaining?: boolean): Promise; - private loadCredentials; -} diff --git a/dist/cleanup/src/assumeRole.d.ts b/dist/cleanup/src/assumeRole.d.ts deleted file mode 100644 index 681a211f0..000000000 --- a/dist/cleanup/src/assumeRole.d.ts +++ /dev/null @@ -1,17 +0,0 @@ -import type { CredentialsClient } from './CredentialsClient'; -export interface assumeRoleParams { - credentialsClient: CredentialsClient; - roleToAssume: string; - roleDuration: number; - roleSessionName: string; - roleSkipSessionTagging?: boolean; - sourceAccountId?: string; - roleExternalId?: string; - webIdentityTokenFile?: string; - webIdentityToken?: string; - inlineSessionPolicy?: string; - managedSessionPolicies?: { - arn: string; - }[]; -} -export declare function assumeRole(params: assumeRoleParams): Promise; diff --git a/dist/cleanup/src/cleanup/index.d.ts b/dist/cleanup/src/cleanup/index.d.ts deleted file mode 100644 index e2bed3015..000000000 --- a/dist/cleanup/src/cleanup/index.d.ts +++ /dev/null @@ -1,11 +0,0 @@ -/** - * When the GitHub Actions job is done, clean up any environment variables that - * may have been set by the configure-aws-credentials steps in the job. - * - * Environment variables are not intended to be shared across different jobs in - * the same GitHub Actions workflow: GitHub Actions documentation states that - * each job runs in a fresh instance. However, doing our own cleanup will - * give us additional assurance that these environment variables are not shared - * with any other jobs. - */ -export declare function cleanup(): void; diff --git a/dist/cleanup/src/helpers.d.ts b/dist/cleanup/src/helpers.d.ts deleted file mode 100644 index 350f3ed45..000000000 --- a/dist/cleanup/src/helpers.d.ts +++ /dev/null @@ -1,16 +0,0 @@ -import type { Credentials } from '@aws-sdk/client-sts'; -import type { CredentialsClient } from './CredentialsClient'; -export declare function exportCredentials(creds?: Partial, outputCredentials?: boolean): void; -export declare function unsetCredentials(): void; -export declare function exportRegion(region: string): void; -export declare function exportAccountId(credentialsClient: CredentialsClient, maskAccountId?: boolean): Promise; -export declare function sanitizeGitHubVariables(name: string): string; -export declare function defaultSleep(ms: number): Promise; -declare let sleep: typeof defaultSleep; -export declare function withsleep(s: typeof sleep): void; -export declare function reset(): void; -export declare function verifyKeys(creds: Partial | undefined): boolean; -export declare function retryAndBackoff(fn: () => Promise, isRetryable: boolean, maxRetries?: number, retries?: number, base?: number): Promise; -export declare function errorMessage(error: unknown): string; -export declare function isDefined(i: T | undefined | null): i is T; -export {}; diff --git a/dist/cleanup/src/index.d.ts b/dist/cleanup/src/index.d.ts deleted file mode 100644 index 1aeec715e..000000000 --- a/dist/cleanup/src/index.d.ts +++ /dev/null @@ -1 +0,0 @@ -export declare function run(): Promise; diff --git a/dist/cleanup/test/cleanup.test.d.ts b/dist/cleanup/test/cleanup.test.d.ts deleted file mode 100644 index cb0ff5c3b..000000000 --- a/dist/cleanup/test/cleanup.test.d.ts +++ /dev/null @@ -1 +0,0 @@ -export {}; diff --git a/dist/cleanup/test/helpers.test.d.ts b/dist/cleanup/test/helpers.test.d.ts deleted file mode 100644 index cb0ff5c3b..000000000 --- a/dist/cleanup/test/helpers.test.d.ts +++ /dev/null @@ -1 +0,0 @@ -export {}; diff --git a/dist/cleanup/test/index.test.d.ts b/dist/cleanup/test/index.test.d.ts deleted file mode 100644 index cb0ff5c3b..000000000 --- a/dist/cleanup/test/index.test.d.ts +++ /dev/null @@ -1 +0,0 @@ -export {}; diff --git a/dist/cleanup/test/mockinputs.test.d.ts b/dist/cleanup/test/mockinputs.test.d.ts deleted file mode 100644 index b2003130e..000000000 --- a/dist/cleanup/test/mockinputs.test.d.ts +++ /dev/null @@ -1,74 +0,0 @@ -import type * as core from '@actions/core'; -declare const _default: { - readonly outputs: { - STS_CREDENTIALS: { - Credentials: { - AccessKeyId: string; - SecretAccessKey: string; - SessionToken: string; - Expiration: Date; - }; - AssumedRoleUser: { - Arn: string; - AssumedRoleId: string; - }; - }; - GET_CALLER_IDENTITY: { - Account: string; - Arn: string; - }; - FAKE_STS_ACCESS_KEY_ID: string; - FAKE_STS_SECRET_ACCESS_KEY: string; - FAKE_STS_SESSION_TOKEN: string; - ODD_CHARACTER_CREDENTIALS: { - Credentials: { - AccessKeyId: string; - SecretAccessKey: string; - SessionToken: string; - Expiration: Date; - }; - AssumedRoleUser: { - Arn: string; - AssumedRoleId: string; - }; - }; - }; - readonly envs: { - GITHUB_REPOSITORY: string; - GITHUB_WORKFLOW: string; - GITHUB_ACTION: string; - GITHUB_ACTOR: string; - GITHUB_SHA: string; - GITHUB_WORKSPACE: string; - GITHUB_ACTIONS: string; - }; - readonly GH_OIDC_INPUTS: { - 'role-to-assume': string; - 'aws-region': string; - 'special-characters-workaround': string; - }; - readonly IAM_USER_INPUTS: { - 'aws-access-key-id': string; - 'aws-secret-access-key': string; - 'aws-region': string; - }; - readonly IAM_ASSUMEROLE_INPUTS: { - 'aws-access-key-id': string; - 'aws-secret-access-key': string; - 'role-to-assume': string; - 'aws-region': string; - }; - readonly WEBIDENTITY_TOKEN_FILE_INPUTS: { - 'web-identity-token-file': string; - 'role-to-assume': string; - 'aws-region': string; - }; - readonly EXISTING_ROLE_INPUTS: { - 'role-to-assume': string; - 'role-chaining': string; - 'aws-region': string; - }; - readonly getInput: (fakeEnv: Record) => (name: string, options?: core.InputOptions) => string; - readonly getMultilineInput: (fakeEnv: Record) => (name: string, options?: core.InputOptions) => string[]; -}; -export default _default; diff --git a/dist/index.js b/dist/index.js index 085f1cb42..34a43144c 100644 --- a/dist/index.js +++ b/dist/index.js @@ -263,6 +263,7 @@ var __importStar = (this && this.__importStar) || (function () { }; })(); Object.defineProperty(exports, "__esModule", ({ value: true })); +exports.translateEnvVariables = translateEnvVariables; exports.exportCredentials = exportCredentials; exports.unsetCredentials = unsetCredentials; exports.exportRegion = exportRegion; @@ -281,6 +282,37 @@ const client_sts_1 = __nccwpck_require__(1695); const MAX_TAG_VALUE_LENGTH = 256; const SANITIZATION_CHARACTER = '_'; const SPECIAL_CHARS_REGEX = /[!@#$%^&*()_+\-=[\]{};':"\\|,.<>/?]+/; +function translateEnvVariables() { + const envVars = [ + 'AWS_REGION', + 'ROLE_TO_ASSUME', + 'AWS_ACCESS_KEY_ID', + 'AWS_SECRET_ACCESS_KEY', + 'AWS_SESSION_TOKEN', + 'WEB_IDENTITY_TOKEN_FILE', + 'ROLE_CHAINING', + 'AUDIENCE', + 'HTTP_PROXY', + 'MASK_AWS_ACCOUNT_ID', + 'ROLE_DURATION_SECONDS', + 'ROLE_EXTERNAL_ID', + 'ROLE_SESSION_NAME', + 'ROLE_SKIP_SESSION_TAGGING', + 'INLINE_SESSION_POLICY', + 'MANAGED_SESSION_POLICIES', + 'OUTPUT_CREDENTIALS', + 'UNSET_CURRENT_CREDENTIALS', + 'DISABLE_RETRY', + 'RETRY_MAX_ATTEMPTS', + 'SPECIAL_CHARACTERS_WORKAROUND', + 'USE_EXISTING_CREDENTIALS', + ]; + for (const envVar of envVars) { + if (process.env[envVar]) { + process.env[`INPUT_${envVar.replace(/_/g, '-')}`] = process.env[envVar]; + } + } +} // Configure the AWS CLI and AWS SDKs using environment variables and set them as secrets. // Setting the credentials as secrets masks them in Github Actions logs function exportCredentials(creds, outputCredentials) { @@ -469,6 +501,7 @@ const ROLE_SESSION_NAME = 'GitHubActions'; const REGION_REGEX = /^[a-z0-9-]+$/g; async function run() { try { + (0, helpers_1.translateEnvVariables)(); // Get inputs const AccessKeyId = core.getInput('aws-access-key-id', { required: false }); const SecretAccessKey = core.getInput('aws-secret-access-key', { diff --git a/src/helpers.ts b/src/helpers.ts index 1d1f3038e..03550e1ba 100644 --- a/src/helpers.ts +++ b/src/helpers.ts @@ -7,6 +7,38 @@ const MAX_TAG_VALUE_LENGTH = 256; const SANITIZATION_CHARACTER = '_'; const SPECIAL_CHARS_REGEX = /[!@#$%^&*()_+\-=[\]{};':"\\|,.<>/?]+/; +export function translateEnvVariables() { + const envVars = [ + 'AWS_REGION', + 'ROLE_TO_ASSUME', + 'AWS_ACCESS_KEY_ID', + 'AWS_SECRET_ACCESS_KEY', + 'AWS_SESSION_TOKEN', + 'WEB_IDENTITY_TOKEN_FILE', + 'ROLE_CHAINING', + 'AUDIENCE', + 'HTTP_PROXY', + 'MASK_AWS_ACCOUNT_ID', + 'ROLE_DURATION_SECONDS', + 'ROLE_EXTERNAL_ID', + 'ROLE_SESSION_NAME', + 'ROLE_SKIP_SESSION_TAGGING', + 'INLINE_SESSION_POLICY', + 'MANAGED_SESSION_POLICIES', + 'OUTPUT_CREDENTIALS', + 'UNSET_CURRENT_CREDENTIALS', + 'DISABLE_RETRY', + 'RETRY_MAX_ATTEMPTS', + 'SPECIAL_CHARACTERS_WORKAROUND', + 'USE_EXISTING_CREDENTIALS', + ]; + for (const envVar of envVars) { + if (process.env[envVar]) { + process.env[`INPUT_${envVar.replace(/_/g, '-')}`] = process.env[envVar]; + } + } +} + // Configure the AWS CLI and AWS SDKs using environment variables and set them as secrets. // Setting the credentials as secrets masks them in Github Actions logs export function exportCredentials(creds?: Partial, outputCredentials?: boolean) { diff --git a/src/index.ts b/src/index.ts index a35452bf4..c69897e33 100644 --- a/src/index.ts +++ b/src/index.ts @@ -9,6 +9,7 @@ import { exportCredentials, exportRegion, retryAndBackoff, + translateEnvVariables, unsetCredentials, verifyKeys, } from './helpers'; @@ -19,6 +20,7 @@ const REGION_REGEX = /^[a-z0-9-]+$/g; export async function run() { try { + translateEnvVariables(); // Get inputs const AccessKeyId = core.getInput('aws-access-key-id', { required: false }); const SecretAccessKey = core.getInput('aws-secret-access-key', { diff --git a/tsconfig.json b/tsconfig.json index c7f8c1c77..aa2ba03ad 100644 --- a/tsconfig.json +++ b/tsconfig.json @@ -13,7 +13,7 @@ "module": "CommonJS", "resolveJsonModule": true, "outDir": "build", - "declaration": true, + "declaration": false, "newLine": "lf", "noEmitOnError": true, "sourceMap": true,