-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathaction.yml
71 lines (65 loc) · 2.27 KB
/
action.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
name: Setup GitHub Token
description: Setup a GitHub Token from GATI
inputs:
aws-role-arn:
description: ARN of role capable of getting token from GATI
required: true
aws-lambda-url:
description: URL of GATI lambda function
required: true
aws-region:
description: AWS region
required: true
aws-role-duration-seconds:
description: Duration of role in seconds
required: false
default: "900"
role-session-name:
description: Session name to use when assuming the role.
required: false
default: "${{ github.run_id }}-${{ github.run_number }}-${{ github.job }}"
set-git-config:
description: Set git config
required: false
default: "false"
outputs:
access-token:
value: ${{ steps.get-gh-token.outputs.access-token }}
description:
The github access token that has permissions reflecting the current AWS
role value
runs:
using: composite
steps:
- name: Check the role session name lengths and truncate if needed
shell: bash
id: role-session-name
env:
ROLE_SESSION_NAME: ${{ inputs.role-session-name }}
run: |
if [[ ${#ROLE_SESSION_NAME} -gt 64 ]]; then
echo "role-session-name=$(echo $ROLE_SESSION_NAME | cut -c1-64)" >> "$GITHUB_OUTPUT"
else
echo "role-session-name=$ROLE_SESSION_NAME" >> "$GITHUB_OUTPUT"
fi
- name: Assume role capable of getting token from gati
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
with:
aws-region: ${{ inputs.aws-region }}
mask-aws-account-id: true
role-duration-seconds: ${{ inputs.aws-role-duration-seconds }}
role-session-name:
${{ steps.role-session-name.outputs.role-session-name }}
role-to-assume: ${{ inputs.aws-role-arn }}
- name: Get github token from gati
id: get-gh-token
uses: smartcontractkit/chainlink-github-actions/github-app-token-issuer@main
with:
url: ${{ inputs.aws-lambda-url }}
- name: Configure github token
if: inputs.set-git-config == 'true'
shell: bash
run: |
git config --global \
url."https://x-access-token:${{ steps.get-gh-token.outputs.access-token }}@github.com/".insteadOf \
"https://github.com/"