From e58fb7d676752fc2751658e3fde1a8f98badff00 Mon Sep 17 00:00:00 2001 From: Callum Morris Date: Wed, 16 Oct 2024 16:58:43 +1300 Subject: [PATCH] feat: add composite action for copying from s3 Adapted from reusable-copy-to-s3 workflow. Having it as a composite action should help address the workflow nesting limit that we see in some situations --- .github/actions/copy-from-s3/action.yml | 102 ++++++++++++++++++++++++ 1 file changed, 102 insertions(+) create mode 100644 .github/actions/copy-from-s3/action.yml diff --git a/.github/actions/copy-from-s3/action.yml b/.github/actions/copy-from-s3/action.yml new file mode 100644 index 0000000..cb7de33 --- /dev/null +++ b/.github/actions/copy-from-s3/action.yml @@ -0,0 +1,102 @@ +name: Copy from S3 +description: Copy file/s from S3 to GitHub Actions Artifacts. +inputs: + aws-region: + type: string + default: ap-southeast-2 + required: false + description: | + the AWS region to use; e.g ap-southeast-2 + aws-role-arn-to-assume: + type: string + required: true + description: | + an AWS role ARN to assume. + e.g: arn:aws:iam::ACCOUNT_ID:role/github-actions-ROLE_NAME + aws-role-duration-seconds: + type: number + required: false + default: 3600 + description: | + the number of seconds to hold a session open for. + aws-role-session-name: + type: string + required: false + description: | + the name of the session to use for AssumeRole(WithWebIdentity) + use-sync: + type: boolean + default: false + required: false + description: | + whether it should use sync instead of cp (copy) + single-file: + type: boolean + default: false + required: false + description: | + single file copy + artifact-path: + type: string + required: true + description: | + the path to download the S3 file/s to + artifact-name: + type: string + required: true + description: | + the name to give the Github Actions artifact + s3-bucket-uri: + type: string + required: true + description: | + the AWS S3 bucket URI to copy from +runs: + using: "composite" + steps: + - name: Validate bucket + uses: GeoNet/Actions/.github/actions/validate-bucket-uri@caS3 + with: + s3-bucket-uri: ${{ inputs.s3-bucket-uri }} + - name: Get session name + id: get-session-name + shell: bash + env: + REPO: ${{ github.repository }} + run: | + SESSION_NAME="$(echo "github-actions-copy-from-s3-to-$REPO" | sed 's,/,--,g' | tr '[[:upper:]]' '[[:lower:]]')" + if [ -n "$AWS_ROLE_SESSION_NAME" ]; then + SESSION_NAME="$AWS_ROLE_SESSION_NAME" + fi + echo "session-name=$SESSION_NAME" >> $GITHUB_OUTPUT + - name: Configure AWS Credentials + env: + REPO: ${{ github.repository }} + uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 + with: + aws-region: ${{ inputs.aws-region }} + role-to-assume: ${{ inputs.aws-role-arn-to-assume }} + role-duration-seconds: ${{ inputs.aws-role-duration-seconds }} + role-session-name: ${{ steps.get-session-name.outputs.session-name }} + - name: Copy from S3 + shell: bash + env: + LOCAL_DESTINATION_DIR: ${{ inputs.artifact-path }} + S3_BUCKET_URI: ${{ inputs.s3-bucket-uri }} + run: | + if [ ${{ inputs.use-sync }} = true ]; then + aws s3 sync "$S3_BUCKET_URI" "$LOCAL_DESTINATION_DIR" + else + ARGS=() + if [ ${{ inputs.single-file }} = false ]; then + ARGS+=(--recursive) + fi + aws s3 cp "${ARGS[@]}" "$S3_BUCKET_URI" "$LOCAL_DESTINATION_DIR" + fi + - name: Upload to GitHub Actions artifacts + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + with: + name: ${{ inputs.artifact-name }} + path: ${{ inputs.artifact-path }} + retention-days: 1 + overwrite: true \ No newline at end of file