Open
Description
Version
redhat-actions/push-to-registry@v2
aws-actions/configure-aws-credentials@v4
Describe the bug
Currently the support to login ECR needs access token and secret access token to AWS, and the action cannot detect credentials from environment variables as aws-actions/amazon-ecr-login does. The limitation prevents the usage in runner using GitHub OIDC to authenticate with AWS since it holds a temporary credential, and making authentication with temporary credential must include the session token.
My recommendation is to take an optional input of session token, or detect credentials from environment variables as well.
Steps to reproduce, workflow links, screenshots
jobs:
Test:
runs-on: ubuntu-latest
steps:
- name: Configure AWS credentials
id: aws-creds
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.AWS_IAM_ROLE }}
aws-region: ${{ secrets.AWS_REGION }}
output-credentials: true
special-characters-workaround: true
- uses: redhat-actions/podman-login@v1
with:
registry: ${{ secrets.AWS_ECR_REGISTRY }}
username: ${{ steps.aws-creds.outputs.aws-access-key-id }}
password: ${{ steps.aws-creds.outputs.aws-secret-access-key }}