refactor!: expose keys via env variable (#29)

the access and secret key are now registered as secret and then exposed
to s3cmd via the env variables AWS_ACCESS_KEY and AWS_SECRET_KEY. This
prevents the need to write them to disk. However, it can happen that
this interferes with other values the user needs for these variables.
Usually it should be aligned, even if these keys are used for other
purposes. Because they operate on the same account.

Signed-off-by: Nico Braun <[email protected]>

Author: bluebrown

dist/index.js

@@ -24957,13 +24957,17 @@ module.exports = {
 const tests = {};
 exports.tests = tests;
 
-exports.aws = ({ region = "US", access_key = "", secret_key = "" }) => ({
+// each provider function should return an object of keys that should be
+// set in the final s3cmd config file. Any key can be set. not just the
+// ones that are commonly used below.
+// for each provider, one or more tests should be defined in the tests
+// object.
+
+exports.aws = ({ region = "US" }) => ({
   bucket_location: region,
   host_base: "s3.amazonaws.com",
   host_bucket: "%(bucket)s.s3.amazonaws.com",
   website_endpoint: "http://%(bucket)s.s3-website-%(location)s.amazonaws.com/",
-  access_key,
-  secret_key,
 });
 
 tests.aws = {
@@ -24978,17 +24982,11 @@ tests.aws = {
   ],
 };
 
-exports.digitalocean = ({
-  region = "nyc3",
-  access_key = "",
-  secret_key = "",
-}) => ({
+exports.digitalocean = ({ region = "nyc3" }) => ({
   bucket_location: region,
   host_base: `${region}.digitaloceanspaces.com`,
   host_bucket: `%(bucket)s.${region}.digitaloceanspaces.com`,
   website_endpoint: `http://%(bucket)s.website-${region}.digitaloceanspaces.com`,
-  access_key,
-  secret_key,
 });
 
 tests.digitalocean = {
@@ -25003,17 +25001,11 @@ tests.digitalocean = {
   ],
 };
 
-exports.linode = ({
-  region = "eu-central-1",
-  access_key = "",
-  secret_key = "",
-}) => ({
+exports.linode = ({ region = "eu-central-1" }) => ({
   bucket_location: "US",
   host_base: `${region}.linodeobjects.com`,
   host_bucket: `%(bucket)s.${region}.linodeobjects.com`,
   website_endpoint: `http://%(bucket)s.website-${region}.linodeobjects.com/`,
-  access_key,
-  secret_key,
 });
 
 tests.linode = {
@@ -25028,17 +25020,11 @@ tests.linode = {
   ],
 };
 
-exports.scaleway = ({
-  region = "fr-par",
-  access_key = "",
-  secret_key = "",
-}) => ({
+exports.scaleway = ({ region = "fr-par" }) => ({
   bucket_location: region,
   host_base: `s3.${region}.scw.cloud`,
   host_bucket: `%(bucket)s.s3.${region}.scw.cloud`,
   website_endpoint: `https://%(bucket)s.s3-website.${region}.scw.cloud/`,
-  access_key,
-  secret_key,
 });
 
 tests.scaleway = {
@@ -25053,18 +25039,11 @@ tests.scaleway = {
   ],
 };
 
-exports.cloudflare = ({
-  account_id = "",
-  region = "auto",
-  access_key = "",
-  secret_key = "",
-}) => ({
+exports.cloudflare = ({ account_id = "", region = "auto" }) => ({
   bucket_location: region,
   host_base: `${account_id}.r2.cloudflarestorage.com`,
   host_bucket: "",
   website_endpoint: "",
-  access_key,
-  secret_key,
 });
 
 tests.cloudflare = {
@@ -25080,13 +25059,11 @@ tests.cloudflare = {
   ],
 };
 
-exports.vultr = ({ region = "ewr1", access_key = "", secret_key = "" }) => ({
+exports.vultr = ({ region = "ewr1" }) => ({
   bucket_location: region,
   host_base: `${region}.vultrobjects.com`,
   host_bucket: `%(bucket)s.${region}.vultrobjects.com`,
   website_endpoint: "",
-  access_key,
-  secret_key,
 });
 
 tests.vultr = {
@@ -25100,17 +25077,11 @@ tests.vultr = {
   ],
 };
 
-exports.clevercloud = ({
-  region = "US",
-  access_key = "",
-  secret_key = "",
-}) => ({
+exports.clevercloud = ({ region = "US" }) => ({
   bucket_location: region,
   host_base: `cellar-c2.services.clever-cloud.com`,
   host_bucket: `%(bucket)s.cellar-c2.services.clever-cloud.com`,
   website_endpoint: "",
-  access_key,
-  secret_key,
 });
 
 tests.clevercloud = {
@@ -25125,13 +25096,11 @@ tests.clevercloud = {
   ],
 };
 
-exports.hcloud = ({ region = "fsn1", access_key = "", secret_key = "" }) => ({
+exports.hcloud = ({ region = "fsn1" }) => ({
   bucket_location: region,
   host_base: `fsn1.your-objectstorage.com`,
   host_bucket: `%(bucket)s.fsn1.your-objectstorage.com`,
   website_endpoint: "",
-  access_key,
-  secret_key,
 });
 
 tests.hcloud = {
@@ -25145,17 +25114,11 @@ tests.hcloud = {
   ],
 };
 
-exports.synologyc2 = ({
-  region = "us-001",
-  access_key = "",
-  secret_key = "",
-}) => ({
+exports.synologyc2 = ({ region = "us-001" }) => ({
   bucket_location: region,
   host_base: `${region}.s3.synologyc2.net`,
   host_bucket: ``,
   website_endpoint: "",
-  access_key,
-  secret_key,
 });
 
 tests.synologyc2 = {
@@ -25168,17 +25131,11 @@ tests.synologyc2 = {
   ],
 };
 
-exports.wasabi = ({
-  region = "ap-southeast-1",
-  access_key = "",
-  secret_key = "",
-}) => ({
+exports.wasabi = ({ region = "ap-southeast-1" }) => ({
   bucket_location: region,
   host_base: `s3.${region}.wasabisys.com`,
   host_bucket: `%(bucket)s.s3.${region}.wasabisys.com`,
   website_endpoint: "",
-  access_key,
-  secret_key,
 });
 
 tests.wasabi = {
@@ -25192,17 +25149,11 @@ tests.wasabi = {
   ],
 };
 
-exports.yandex = ({
-  region = "ru-central1",
-  access_key = "",
-  secret_key = "",
-}) => ({
+exports.yandex = ({ region = "ru-central1" }) => ({
   bucket_location: region,
   host_base: `storage.yandexcloud.net`,
   host_bucket: `%(bucket)s.storage.yandexcloud.net`,
   website_endpoint: "",
-  access_key,
-  secret_key,
 });
 
 tests.yandex = {
@@ -27192,12 +27143,18 @@ if (process.env.RUNNER_TEMP) {
   core.debug(`S3CMD_CONFIG=${process.env.S3CMD_CONFIG}`);
 }
 
+// expose the access and secret key as github action variables.
+// registering them as secret, just to be sure. normally they should be
+// be registered already. registering leads to masking in logs
+core.setSecret(core.getInput("access_key"));
+core.setSecret(core.getInput("secret_key"));
+core.exportVariable("AWS_ACCESS_KEY", core.getInput("access_key"));
+core.exportVariable("AWS_SECRET_KEY", core.getInput("secret_key"));
+
 configure(
   providers[core.getInput("provider")]({
     region: core.getInput("region"),
     account_id: core.getInput("account_id"),
-    access_key: core.getInput("access_key"),
-    secret_key: core.getInput("secret_key"),
   }),
 );
 

src/index.js

@@ -41,12 +41,18 @@ if (process.env.RUNNER_TEMP) {
   core.debug(`S3CMD_CONFIG=${process.env.S3CMD_CONFIG}`);
 }
 
+// expose the access and secret key as github action variables.
+// registering them as secret, just to be sure. normally they should be
+// be registered already. registering leads to masking in logs
+core.setSecret(core.getInput("access_key"));
+core.setSecret(core.getInput("secret_key"));
+core.exportVariable("AWS_ACCESS_KEY", core.getInput("access_key"));
+core.exportVariable("AWS_SECRET_KEY", core.getInput("secret_key"));
+
 configure(
   providers[core.getInput("provider")]({
     region: core.getInput("region"),
     account_id: core.getInput("account_id"),
-    access_key: core.getInput("access_key"),
-    secret_key: core.getInput("secret_key"),
   }),
 );