Skip to content

Provide a way to idempotently fetch credentials #1288

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
1 of 2 tasks
ianbotsf opened this issue Feb 6, 2025 · 2 comments · Fixed by #1289
Closed
1 of 2 tasks

Provide a way to idempotently fetch credentials #1288

ianbotsf opened this issue Feb 6, 2025 · 2 comments · Fixed by #1289
Assignees
@lehmanmj
Labels
effort/small This issue will take less than a day of effort to fix feature-request A feature should be added or improved. in-progress This issue is being actively worked on p2

Comments

@ianbotsf
Copy link

ianbotsf commented Feb 6, 2025
edited by lehmanmj
Loading

Describe the feature

I have several reusable actions which need AWS credentials to already be configured. I'd like for those actions to be able to invoke configure-aws-credentials but to only fetch credentials if they haven't already been fetched. I can imagine enabling this via a new config option but I'm not attached to any particular method—I just want to avoid fetching the same credentials twice.

Use Case

I have multiple reusable actions and multiple workflows, for example:

  • workflow-1 invokes action-1
  • workflow-2 invokes action-2
  • action-2 invokes action-1
  • workflow-3 MAY invoke neither/either/both action-1 and action-3

I want each of these actions to be able to ensure credentials are fetched without duplicating work that may've already been done.

Proposed Solution

Possibly a new mode of execution, configurable as an action input, which tracks/detects whether credentials have already been fetched and short-circuits.

Other Information

No response

Acknowledgements

  • I may be able to implement this feature request
  • This feature might incur a breaking change
@ianbotsf ianbotsf added feature-request A feature should be added or improved. needs-triage This issue still needs to be triaged labels Feb 6, 2025
@lehmanmj lehmanmj self-assigned this Feb 6, 2025
@lehmanmj lehmanmj added p2 effort/small This issue will take less than a day of effort to fix in-progress This issue is being actively worked on and removed needs-triage This issue still needs to be triaged labels Feb 6, 2025
@ianbotsf ianbotsf mentioned this issue Feb 6, 2025
Merged
@kellertk
Copy link
Member

kellertk commented Feb 7, 2025

The if: conditional in action syntax allows for accessing the env context. Something like this appears to work for me:

name: Test CAWSC IF
on:
  workflow_dispatch:

jobs:
  cawsc:
    runs-on: ubuntu-latest
    permissions:
      id-token: write
    steps:
      - name: CAWSC
        if: ${{ env.AWS_ACCESS_KEY_ID == '' }}
        uses: aws-actions/configure-aws-credentials@main
        with:
          aws-region: us-west-2
          role-to-assume: ${{ secrets.role }}
          role-duration-seconds: 900
      - name: Whoami
        run: |
          aws sts get-caller-identity

Of course, that will only skip the step if credentials don't exist at all, but doesn't check whether or not they're valid. We can add an option to this action to check if current credentials are valid (by calling get-caller-identity) and fetching new credentials if that call fails.

@lehmanmj lehmanmj linked a pull request Feb 7, 2025 that will close this issue
feat: idempotent fetch #1289
Merged
1 task
@lehmanmj lehmanmj mentioned this issue Feb 7, 2025
Merged
1 task
@github-actions GitHub Actions
Copy link

github-actions bot commented Feb 8, 2025

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@lehmanmj lehmanmj

Labels
effort/small This issue will take less than a day of effort to fix feature-request A feature should be added or improved. in-progress This issue is being actively worked on p2
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: idempotent fetch aws-actions/configure-aws-credentials
3 participants
@kellertk @ianbotsf @lehmanmj