mirror of
https://github.com/aws-actions/configure-aws-credentials.git
synced 2026-03-12 18:07:10 -04:00
37 lines
1.3 KiB
JavaScript
37 lines
1.3 KiB
JavaScript
const core = require('@actions/core');
|
|
|
|
/**
|
|
* When the GitHub Actions job is done, clean up any environment variables that
|
|
* may have been set by the configure-aws-credentials steps in the job.
|
|
*
|
|
* Environment variables are not intended to be shared across different jobs in
|
|
* the same GitHub Actions workflow: GitHub Actions documentation states that
|
|
* each job runs in a fresh instance. However, doing our own cleanup will
|
|
* give us additional assurance that these environment variables are not shared
|
|
* with any other jobs.
|
|
*/
|
|
|
|
async function cleanup() {
|
|
try {
|
|
// The GitHub Actions toolkit does not have an option to completely unset
|
|
// environment variables, so we overwrite the current value with an empty
|
|
// string. The AWS CLI and AWS SDKs will behave correctly: they treat an
|
|
// empty string value as if the environment variable does not exist.
|
|
core.exportVariable('AWS_ACCESS_KEY_ID', '');
|
|
core.exportVariable('AWS_SECRET_ACCESS_KEY', '');
|
|
core.exportVariable('AWS_SESSION_TOKEN', '');
|
|
core.exportVariable('AWS_DEFAULT_REGION', '');
|
|
core.exportVariable('AWS_REGION', '');
|
|
}
|
|
catch (error) {
|
|
core.setFailed(error.message);
|
|
}
|
|
}
|
|
|
|
module.exports = cleanup;
|
|
|
|
/* istanbul ignore next */
|
|
if (require.main === module) {
|
|
cleanup();
|
|
}
|