Merge pull request #535 from Tradeshift/POPS-2928_1

fix: add support when using GH hosted runners
Tradeshift · Jul 26, 2023 · 4f26e9c · 4f26e9c
2 parents 1971a90 + f47e1f1
commit 4f26e9c
Show file tree

Hide file tree

Showing 5 changed files with 59 additions and 6 deletions.
diff --git a/action.yml b/action.yml
@@ -73,6 +73,14 @@ inputs:
     description: >
       This flag can be used to enable Qemu, which is used for multi architecture builds like arm
     default: "false"
+  aws-access-key-id:
+    required: false
+    description: >
+      AWS Access Key ID is required if runners are hosted by GitHub.
+  aws-secret-access-key:
+    required: false
+    description: >
+      AWS Secret Key is required if runners are hosted by GitHub.
 outputs:
   builder:
     description: buildx builder name

diff --git a/dist/index.js b/dist/index.js
diff --git a/dist/index.js.map b/dist/index.js.map
diff --git a/src/aws.ts b/src/aws.ts
@@ -1,6 +1,6 @@
 import * as semver from 'semver';
 
-import {info} from '@actions/core';
+import {info, setSecret, exportVariable} from '@actions/core';
 import {which} from '@actions/io';
 import {getExecOutput} from '@actions/exec';
 
@@ -153,3 +153,17 @@ export async function getECRPassword(repository: string): Promise<string> {
 
   return getDockerLoginPWD(repository, region);
 }
+
+export function exportCredentials(
+  accessKeyId: string,
+  secretAccessKey: string
+): void {
+  if (accessKeyId && secretAccessKey) {
+    info('Use AWS credentials.');
+
+    setSecret(accessKeyId);
+    exportVariable('AWS_ACCESS_KEY_ID', accessKeyId);
+    setSecret(secretAccessKey);
+    exportVariable('AWS_SECRET_ACCESS_KEY', secretAccessKey);
+  }
+}
diff --git a/src/inputs.ts b/src/inputs.ts
@@ -1,4 +1,4 @@
-import {getECRPassword, isECRRepository} from './aws';
+import {getECRPassword, isECRRepository, exportCredentials} from './aws';
 import {context} from '@actions/github';
 import csvparse from 'csv-parse/lib/sync';
 import {getInput, getMultilineInput} from '@actions/core';
@@ -22,6 +22,13 @@ export interface Inputs {
   username: string;
   authOnly: boolean;
   useqemu: boolean;
+  awsAccessKeyId: string;
+  awsSecretAccessKey: string;
+}
+
+function isSelfHostedRunner(): boolean {
+  const labels = process.env.RUNNER_LABELS || '';
+  return labels?.includes('self-hosted');
 }
 
 export async function getInputs(): Promise<Inputs> {
@@ -43,9 +50,14 @@ export async function getInputs(): Promise<Inputs> {
     tags: await getInputList('tags'),
     username: getInput('username'),
     authOnly: getInput('auth-only') === 'true',
-    useqemu: getInput('useqemu') === 'true'
+    useqemu: getInput('useqemu') === 'true',
+    awsAccessKeyId: getInput('aws-access-key-id'),
+    awsSecretAccessKey: getInput('aws-secret-access-key')
   };
   if (isECRRepository(inputs.repository)) {
+    if (!isSelfHostedRunner()) {
+      exportCredentials(inputs.awsAccessKeyId, inputs.awsSecretAccessKey);
+    }
     inputs.username = 'AWS';
     inputs.password = await getECRPassword(inputs.repository);
   }