-
Notifications
You must be signed in to change notification settings - Fork 0
/
action.yml
66 lines (59 loc) · 2.38 KB
/
action.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
# This workflow expects the runner image to include the aws CLI.
name: AWS SSM Get Parameter
author: The Browser Company
description: Fetch a value stored in AWS SSM and make it locally available.
inputs:
aws-role-to-assume:
description: The AWS Role to assume.
required: true
aws-role-session-name:
description: A name to associate with this AWS access for auditing purposes.
required: true
aws-region:
description: The AWS region to use.
required: false
default: 'us-east-2'
aws-ssm-parameter:
description: The path to the value in the SSM store.
required: true
save-to-env-var:
description: Store the parameter value in the environment variable with this name.
required: false
save-to-filepath:
# TODO(kendal): Fix the post-step action for windows then automate file removal at the end.
description: Store the parameter value in the file at this path. The caller must remove this at the end.
required: false
runs:
using: composite
steps:
- name: Authenticate to AWS
# configure-aws-credentials v4.0.1 release
uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a
with:
role-to-assume: ${{ inputs.aws-role-to-assume }}
aws-region: ${{ inputs.aws-region }}
role-session-name: ${{ inputs.aws-role-session-name }}
- name: Assert input parameters valid
if: inputs.save-to-env-var == '' && inputs.save-to-filepath == ''
shell: bash
run: |
echo "::error ::Please specify either save-to-env-var or save-to-filepath as an input."
exit 1
- name: Fetch parameter
id: parameter
shell: bash
run: |
PARAMETER_VALUE="$(aws ssm get-parameter --with-decryption --name ${{ inputs.aws-ssm-parameter }} | jq -r '.Parameter.Value')"
echo "::add-mask::$PARAMETER_VALUE"
echo "value=$PARAMETER_VALUE" >> "$GITHUB_OUTPUT"
- name: Save parameter to environment
if: inputs.save-to-env-var != ''
shell: bash
run: echo "${{ inputs.save-to-env-var }}=${{ steps.parameter.outputs.value }}" >> "$GITHUB_ENV"
- name: Save parameter to file
if: inputs.save-to-filepath != ''
shell: bash
run: |
# Handle Windows path separators.
OUTPUT_FILE=$(sed "s/\\\/\//g" <<< "${{ inputs.save-to-filepath }}")
echo "${{ steps.parameter.outputs.value }}" > $OUTPUT_FILE