s3-sync-action icon indicating copy to clipboard operation
s3-sync-action copied to clipboard

Published 20 hours ago โ€ข verified publisher icon jakejarvis

Use environment variables instead of CLI profiles

Open aph3rson opened this issue 5 years ago โ€ข 6 comments

In #1, it's discussed that the action should be using profiles to prevent stomping on other AWS actions which are used by the repo.

However, in the AWS CLI documentation, it's mentioned that the CLI supports certain environment variables natively. This includes authentication-related variables such as AWS_ACCESS_KEY_ID/AWS_SECRET_ACCESS_KEY/AWS_SESSION_TOKEN.

Any reason we're not relying on these instead?

aph3rson avatar Feb 14 '20 04:02 aph3rson

AWS publish an action to set up authentication credentials, you can rely on that and remove all profile/key related code:

    - uses: aws-actions/configure-aws-credentials@v1
      with:
        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
        aws-region: us-east-1
    - uses: jakejarvis/s3-sync-action@master
      with:
        args: --acl public-read --follow-symlinks --delete
      env:
        AWS_S3_BUCKET: ${{ secrets.AWS_S3_BUCKET }}
        SOURCE_DIR: 'public'      # optional: defaults to entire repository

alexjurkiewicz avatar Feb 25 '20 03:02 alexjurkiewicz

Not sure why all of this is present then:

https://github.com/jakejarvis/s3-sync-action/blob/master/entrypoint.sh#L30-L38

https://github.com/jakejarvis/s3-sync-action/blob/master/entrypoint.sh#L47-L56

Seems like that can all be gone when we use the configure-aws-credentials action?

CumpsD avatar Apr 22 '20 01:04 CumpsD

Which then begs the question, why not remain with just this :)

   - uses: aws-actions/configure-aws-credentials@v1
      with:
        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
        aws-region: us-east-1
    - name: Deploy static site to S3 bucket
      run: aws s3 sync ./dist/ s3://<your-website-bucket> --delete

CumpsD avatar Apr 22 '20 01:04 CumpsD

Just verified, this works perfectly:

    - name: Configure AWS credentials
      if: github.ref == 'refs/heads/master'
      uses: aws-actions/configure-aws-credentials@v1
      with:
        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
        aws-region: eu-west-3

    - name: Deploy to S3
      if: github.ref == 'refs/heads/master'
      shell: bash
      run: aws s3 sync ./dist/ s3://$AWS_S3_BUCKET --acl public-read --follow-symlinks --delete
      env:
        AWS_S3_BUCKET: ${{ secrets.AWS_S3_BUCKET }}

CumpsD avatar Apr 22 '20 01:04 CumpsD

great! awscli wasn't installed on the runners originally

alexjurkiewicz avatar Apr 22 '20 01:04 alexjurkiewicz

Just verified, this works perfectly:

    - name: Configure AWS credentials
      if: github.ref == 'refs/heads/master'
      uses: aws-actions/configure-aws-credentials@v1
      with:
        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
        aws-region: eu-west-3

    - name: Deploy to S3
      if: github.ref == 'refs/heads/master'
      shell: bash
      run: aws s3 sync ./dist/ s3://$AWS_S3_BUCKET --acl public-read --follow-symlinks --delete
      env:
        AWS_S3_BUCKET: ${{ secrets.AWS_S3_BUCKET }}

but this just rendered this repo useless ๐Ÿ˜•

radiumrasheed avatar May 27 '20 19:05 radiumrasheed