aws-actions/configure-aws-credentials
1
0
Fork 0
mirror of https://github.com/aws-actions/configure-aws-credentials.git synced 2026-03-12 18:07:10 -04:00
Code Issues Packages Projects Releases Wiki Activity

chore: static integ test refactor (#1655)

Browse Source 
* static integ test rewrite
This commit is contained in:
Michael Lehmann
2026-03-11 16:09:56 -07:00
committed by GitHub
parent 33712a4c0c
commit b6772acfeb
1 changed files with 37 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
.github/workflows/tests-integ-release.yml vendored
View File

@@ -34,11 +34,16 @@ jobs:
#can cut this test out if it's not necessary #can cut this test out if it's not necessary
static_assumeRole: static_assumeRole:
if: ${{ github.event_name == 'workflow_dispatch' || (github.event.pull_request.user.login == 'aws-sdk-osds' && github.repository == 'aws-actions/configure-aws-credentials') }} if: ${{ github.event_name == 'workflow_dispatch' || (github.event.pull_request.user.login == 'aws-sdk-osds' && github.repository == 'aws-actions/configure-aws-credentials') }}
permissions:
id-token: write
strategy: strategy:
fail-fast: false fail-fast: false
matrix: matrix:
os: [windows-latest, ubuntu-latest, macos-latest] os: [windows-latest, ubuntu-latest, macos-latest]
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
defaults:
run:
shell: bash
name: Static IAM creds test name: Static IAM creds test
steps: steps:
- name: checkout - name: checkout
@@ -46,16 +51,42 @@ jobs:
with: with:
fetch-depth: 0 fetch-depth: 0
persist-credentials: false persist-credentials: false
- name: Configure AWS credentials - name: assume creator Role
uses: ./ uses: ./
with: with:
aws-region: us-west-2 aws-region: us-west-2
aws-access-key-id: ${{ secrets.STATIC_ak_id }} role-to-assume: ${{ secrets.STATIC_USER_CREATION_ROLE }}
aws-secret-access-key: ${{ secrets.STATIC_secret_ak }} - name: create and mask access key
role-to-assume: ${{ secrets.STATIC_role }} id: create-key
- name: Get Caller Identity
run: | run: |
aws sts get-caller-identity AK_OUTPUT=$(aws iam create-access-key --user-name integ-test-static-user-${{ runner.os }})
AK_ID=$(echo $AK_OUTPUT | jq -r '.AccessKey.AccessKeyId')
SECRET_AK=$(echo $AK_OUTPUT | jq -r '.AccessKey.SecretAccessKey')
echo "::add-mask::$AK_ID"
echo "::add-mask::$SECRET_AK"
echo "STATIC_ACCESS_KEY_ID=$AK_ID" >> $GITHUB_OUTPUT
echo "STATIC_SECRET_ACCESS_KEY=$SECRET_AK" >> $GITHUB_OUTPUT
- name: sleep so key can propagate
run: sleep 30
- name: assume role with static creds
uses: ./
with:
aws-region: us-west-2
role-to-assume: ${{ secrets.STATIC_TEST_TARGET_ROLE }}
aws-access-key-id: ${{ steps.create-key.outputs.STATIC_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ steps.create-key.outputs.STATIC_SECRET_ACCESS_KEY }}
- name: check account
run: aws sts get-caller-identity
- name: log back into creator role
if: success() || failure()
uses: ./
with:
aws-region: us-west-2
role-to-assume: ${{ secrets.STATIC_USER_CREATION_ROLE }}
- name: delete access key
if: success() || failure()
run: |
aws iam delete-access-key --user-name integ-test-static-user-${{ runner.os }} --access-key-id ${{ steps.create-key.outputs.STATIC_ACCESS_KEY_ID }}
role_chaining: role_chaining:
if: ${{ github.event_name == 'workflow_dispatch' || (github.event.pull_request.user.login == 'aws-sdk-osds' && github.repository == 'aws-actions/configure-aws-credentials') }} if: ${{ github.event_name == 'workflow_dispatch' || (github.event.pull_request.user.login == 'aws-sdk-osds' && github.repository == 'aws-actions/configure-aws-credentials') }}