Skip to content

Commit

Permalink
feat(aws-auth): add workflow_ref claim (#227)
Browse files Browse the repository at this point in the history 
* Add workflow_ref claim to aws-auth

* Update readme

* Run prettier
  • Loading branch information
@guicaulada
guicaulada authored Aug 29, 2024
1 parent aee5ab9 commit c0e3298
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 9 deletions.
16 changes: 8 additions & 8 deletions actions/aws-auth/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ jobs:
with:
aws-region: "us-west-1"
role-arn: "arn:aws:iam::366620023056:role/github-actions/s3-test-access"
pass-claims: "repository_owner, repository_name, job_workflow_ref, event_name"
pass-claims: "repository_owner, repository_name, job_workflow_ref, workflow_ref, event_name"
set-creds-in-environment: true

- id: cat-file-from-s3-bucket
Expand All @@ -35,13 +35,13 @@ jobs:
<!-- markdownlint-disable no-space-in-code -->
| Name | Type | Description |
| -------------------------- | ------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `aws-region` | String | Specify AWS region to use that contain your resources (default: `us-east-2`) |
| `role-arn` | String | Specify custom workload role. Role ARN must be prefixed with `github-actions` e.g. `arn:aws:iam::366620023056:role/github-actions/s3-test-access` [^1] |
| `pass-claims` | String | `, `-separated list of [GitHub Actions claims](https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#understanding-the-oidc-token) (session tags) to make available to `role-arn`. Currently supported claims (default): `"repository_owner, repository_name, job_workflow_ref, event_name"` [^2] |
| `set-creds-in-environment` | Bool | Set environment variables for AWS CLI and SDKs (default: `true`) |
| `role-duration-seconds` | String | Role duration in seconds (default: `"3600"`) |
| Name | Type | Description |
| -------------------------- | ------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `aws-region` | String | Specify AWS region to use that contain your resources (default: `us-east-2`) |
| `role-arn` | String | Specify custom workload role. Role ARN must be prefixed with `github-actions` e.g. `arn:aws:iam::366620023056:role/github-actions/s3-test-access` [^1] |
| `pass-claims` | String | `, `-separated list of [GitHub Actions claims](https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#understanding-the-oidc-token) (session tags) to make available to `role-arn`. Currently supported claims (default): `"repository_owner, repository_name, job_workflow_ref, workflow_ref, event_name"` [^2] |
| `set-creds-in-environment` | Bool | Set environment variables for AWS CLI and SDKs (default: `true`) |
| `role-duration-seconds` | String | Role duration in seconds (default: `"3600"`) |

<!-- markdownlint-restore -->

Expand Down
2 changes: 1 addition & 1 deletion actions/aws-auth/action.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ inputs:
required: true
description: "ARN of workload role"
pass-claims:
default: "event_name, repository_owner, repository_name, job_workflow_ref"
default: "event_name, repository_owner, repository_name, job_workflow_ref, workflow_ref"
required: true
description: "`, `-separated claims from GitHub ID token to make available to `role-arn`"
set-creds-in-environment:
Expand Down

0 comments on commit c0e3298

Please sign in to comment.