aws-actions/configure-aws-credentials
1
0
Fork 0
mirror of https://github.com/aws-actions/configure-aws-credentials.git synced 2026-03-12 18:07:10 -04:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into remove-integ

Browse Source
This commit is contained in:
Tom Keller
2025-07-25 21:23:12 -07:00
committed by GitHub
parent b88116ba3b 68858db075
commit a31e903eec
43 changed files with 31432 additions and 29341 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
.github/workflows/automerge-approved-prs.yml vendored Normal file
View File

@@ -0,0 +1,32 @@
on:
pull_request_review:
types: submitted
jobs:
approved_pr:
name: Automerge approved PRs
permissions:
contents: write
pull-requests: write
id-token: write
if: ${{ github.event.review.state == 'approved' && github.repository == 'aws-actions/configure-aws-credentials' && (github.event.review.author_association == 'OWNER' || github.event.review.author_association == 'MEMBER' || github.event.review.user.login == 'aws-sdk-osds') }}
runs-on: ubuntu-latest
steps:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: us-west-2
role-to-assume: ${{ secrets.SECRETS_AWS_PACKAGING_ROLE_TO_ASSUME }}
role-duration-seconds: 900
role-session-name: SecretsManagerFetch
- name: Get bot user token
uses: aws-actions/aws-secretsmanager-get-secrets@v2
with:
parse-json-secrets: true
secret-ids: |
${{ secrets.OSDS_PACKAGING_ROLE }}
- name: Enable PR automerge
run: gh pr merge --auto --squash "$PR_URL"
env:
PR_URL: ${{ github.event.pull_request.html_url }}
GITHUB_TOKEN: ${{ env.OSDS_ACCESS_TOKEN }}

20
.github/workflows/cawsc-test.yml vendored Normal file
View File

@@ -0,0 +1,20 @@
name: Test Configure AWS Credential
on:
workflow_dispatch:
jobs:
cawsc:
runs-on: ubuntu-latest
permissions:
id-token: write
steps:
- name: CAWSC
uses: aws-actions/configure-aws-credentials@main
with:
aws-region: us-west-2
role-to-assume: ${{ secrets.SECRETS_AWS_PACKAGING_ROLE_TO_ASSUME }}
role-duration-seconds: 900
role-session-name: TestCAWSC
- name: Whoami
run: |
aws sts get-caller-identity

41
.github/workflows/dependabot-autoapprove.yml vendored Normal file
View File

@@ -0,0 +1,41 @@
name: Dependabot auto-approve
on:
pull_request:
workflow_dispatch:
permissions:
pull-requests: write
id-token: write
contents: read
jobs:
dependabot:
runs-on: ubuntu-latest
if: ${{ github.event.pull_request.user.login == 'dependabot[bot]' && github.repository == 'aws-actions/configure-aws-credentials' }}
steps:
- name: Get Metadata
id: dependabot-metadata
uses: dependabot/fetch-metadata@v2
- uses: actions/checkout@v4
name: Clone repo
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: us-west-2
role-to-assume: ${{ secrets.SECRETS_AWS_PACKAGING_ROLE_TO_ASSUME }}
role-duration-seconds: 900
- name: Get bot user token
uses: aws-actions/aws-secretsmanager-get-secrets@v2
with:
parse-json-secrets: true
secret-ids: |
${{ secrets.OSDS_PACKAGING_ROLE }}
- name: Approve PR if not already approved
run: |
gh pr checkout "$PR_URL"
if [ "$(gh pr status --json reviewDecision - q .currentBranch.reviewDecision)" != "APPROVED" ]; then
gh pr review "$PR_URL" --approve
else echo "PR already approved"
fi
env:
PR_URL: ${{ github.event.pull_request.html_url }}
GITHUB_TOKEN: ${{ env.OSDS_ACCESS_TOKEN }}

32
.github/workflows/issue-regression-labeler.yml vendored Normal file
View File

@@ -0,0 +1,32 @@
# Apply potential regression label on issues
name: issue-regression-label
on:
issues:
types: [opened, edited]
jobs:
add-regression-label:
runs-on: ubuntu-latest
permissions:
issues: write
steps:
- name: Fetch template body
id: check_regression
uses: actions/github-script@v7
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
TEMPLATE_BODY: ${{ github.event.issue.body }}
with:
script: |
const regressionPattern = /\[x\] Select this option if this issue appears to be a regression\./i;
const template = `${process.env.TEMPLATE_BODY}`
const match = regressionPattern.test(template);
core.setOutput('is_regression', match);
- name: Manage regression label
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
if [ "${{ steps.check_regression.outputs.is_regression }}" == "true" ]; then
gh issue edit ${{ github.event.issue.number }} --add-label "potential-regression" -R ${{ github.repository }}
else
gh issue edit ${{ github.event.issue.number }} --remove-label "potential-regression" -R ${{ github.repository }}
fi

4
.github/workflows/package.yml → .github/workflows/package-dist.yml vendored
View File

@@ -39,7 +39,7 @@ jobs:
with:
parse-json-secrets: true
secret-ids: |
OSDS,arn:aws:secretsmanager:us-west-2:206735643321:secret:github-aws-sdk-osds-automation-gebs9n
${{ secrets.OSDS_PACKAGING_ROLE }}
- name: Commit
run: |
echo "::add-mask::${{ env.OSDS_ACCESS_TOKEN }}"
@@ -48,4 +48,4 @@ jobs:
git remote set-url origin https://${{ env.OSDS_ACCESS_TOKEN }}@github.com/aws-actions/configure-aws-credentials.git
git add dist
git commit -m "chore: Update dist" || echo "No changes to commit"
git push origin
git push --force origin

43
.github/workflows/release-please.yml vendored Normal file
View File

@@ -0,0 +1,43 @@
---
name: Release Please
on:
push:
branches:
- main
permissions:
id-token: write
contents: write
pull-requests: write
jobs:
release-please:
runs-on: ubuntu-latest
steps:
- name: Checkout Repository
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: us-west-2
role-to-assume: ${{ secrets.SECRETS_AWS_PACKAGING_ROLE_TO_ASSUME }}
role-duration-seconds: 900
role-session-name: ${{ github.run_id }}
- name: Get git credentials
uses: aws-actions/aws-secretsmanager-get-secrets@v2
with:
parse-json-secrets: true
secret-ids: |
${{ secrets.OSDS_PACKAGING_ROLE }}
- name: Run release-please
uses: googleapis/release-please-action@v4
with:
release-type: node
token: ${{ env.OSDS_ACCESS_TOKEN }}
config-file: release-please-config.json
manifest-file: .release-please-manifest.json