diff --git a/README.md b/README.md index ecd0d31..aa3a11a 100644 --- a/README.md +++ b/README.md @@ -31,15 +31,22 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@master + + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v1 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: ${{ secrets.AWS_REGION }} + role-to-assume: ${{ secrets.AWS_ASSUMED_ROLE }} + - uses: jakejarvis/s3-sync-action@master with: args: --acl public-read --follow-symlinks --delete env: AWS_S3_BUCKET: ${{ secrets.AWS_S3_BUCKET }} - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - AWS_REGION: 'us-west-1' # optional: defaults to us-east-1 - SOURCE_DIR: 'public' # optional: defaults to entire repository + AWS_REGION: ${{ secrets.AWS_REGION }} # optional: defaults to us-east-1 + SOURCE_DIR: 'public' # optional: defaults to entire repository ``` @@ -49,8 +56,6 @@ The following settings must be passed as environment variables as shown in the e | Key | Value | Suggested Type | Required | Default | | ------------- | ------------- | ------------- | ------------- | ------------- | -| `AWS_ACCESS_KEY_ID` | Your AWS Access Key. [More info here.](https://docs.aws.amazon.com/general/latest/gr/managing-aws-access-keys.html) | `secret env` | **Yes** | N/A | -| `AWS_SECRET_ACCESS_KEY` | Your AWS Secret Access Key. [More info here.](https://docs.aws.amazon.com/general/latest/gr/managing-aws-access-keys.html) | `secret env` | **Yes** | N/A | | `AWS_S3_BUCKET` | The name of the bucket you're syncing to. For example, `jarv.is` or `my-app-releases`. | `secret env` | **Yes** | N/A | | `AWS_REGION` | The region where you created your bucket. Set to `us-east-1` by default. [Full list of regions here.](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-available-regions) | `env` | No | `us-east-1` | | `AWS_S3_ENDPOINT` | The endpoint URL of the bucket you're syncing to. Can be used for [VPC scenarios](https://aws.amazon.com/blogs/aws/new-vpc-endpoint-for-amazon-s3/) or for non-AWS services using the S3 API, like [DigitalOcean Spaces](https://www.digitalocean.com/community/tools/adapting-an-existing-aws-s3-application-to-digitalocean-spaces). | `env` | No | Automatic (`s3.amazonaws.com` or AWS's region-specific equivalent) | diff --git a/entrypoint.sh b/entrypoint.sh index 466e69c..1083fe2 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -7,16 +7,6 @@ if [ -z "$AWS_S3_BUCKET" ]; then exit 1 fi -if [ -z "$AWS_ACCESS_KEY_ID" ]; then - echo "AWS_ACCESS_KEY_ID is not set. Quitting." - exit 1 -fi - -if [ -z "$AWS_SECRET_ACCESS_KEY" ]; then - echo "AWS_SECRET_ACCESS_KEY is not set. Quitting." - exit 1 -fi - # Default to us-east-1 if AWS_REGION not set. if [ -z "$AWS_REGION" ]; then AWS_REGION="us-east-1" @@ -27,30 +17,8 @@ if [ -n "$AWS_S3_ENDPOINT" ]; then ENDPOINT_APPEND="--endpoint-url $AWS_S3_ENDPOINT" fi -# Create a dedicated profile for this action to avoid conflicts -# with past/future actions. -# https://github.com/jakejarvis/s3-sync-action/issues/1 -aws configure --profile s3-sync-action <<-EOF > /dev/null 2>&1 -${AWS_ACCESS_KEY_ID} -${AWS_SECRET_ACCESS_KEY} -${AWS_REGION} -text -EOF - # Sync using our dedicated profile and suppress verbose messages. # All other flags are optional via the `args:` directive. sh -c "aws s3 sync ${SOURCE_DIR:-.} s3://${AWS_S3_BUCKET}/${DEST_DIR} \ - --profile s3-sync-action \ --no-progress \ ${ENDPOINT_APPEND} $*" - -# Clear out credentials after we're done. -# We need to re-run `aws configure` with bogus input instead of -# deleting ~/.aws in case there are other credentials living there. -# https://forums.aws.amazon.com/thread.jspa?threadID=148833 -aws configure --profile s3-sync-action <<-EOF > /dev/null 2>&1 -null -null -null -text -EOF