From ae875b4c2a925c963aa4096ca4b274849aec6197 Mon Sep 17 00:00:00 2001 From: Callum Morris Date: Wed, 16 Oct 2024 16:58:43 +1300 Subject: [PATCH] feat: add composite action for copying from s3 Adapted from reusable-copy-to-s3 workflow. Having it as a composite action should help address the workflow nesting limit that we see in some situations --- .github/actions/copy-from-s3/action.yml | 102 ++++++++++++++++++++++++ README.md | 24 ++++++ 2 files changed, 126 insertions(+) create mode 100644 .github/actions/copy-from-s3/action.yml diff --git a/.github/actions/copy-from-s3/action.yml b/.github/actions/copy-from-s3/action.yml new file mode 100644 index 0000000..cb7de33 --- /dev/null +++ b/.github/actions/copy-from-s3/action.yml @@ -0,0 +1,102 @@ +name: Copy from S3 +description: Copy file/s from S3 to GitHub Actions Artifacts. +inputs: + aws-region: + type: string + default: ap-southeast-2 + required: false + description: | + the AWS region to use; e.g ap-southeast-2 + aws-role-arn-to-assume: + type: string + required: true + description: | + an AWS role ARN to assume. + e.g: arn:aws:iam::ACCOUNT_ID:role/github-actions-ROLE_NAME + aws-role-duration-seconds: + type: number + required: false + default: 3600 + description: | + the number of seconds to hold a session open for. + aws-role-session-name: + type: string + required: false + description: | + the name of the session to use for AssumeRole(WithWebIdentity) + use-sync: + type: boolean + default: false + required: false + description: | + whether it should use sync instead of cp (copy) + single-file: + type: boolean + default: false + required: false + description: | + single file copy + artifact-path: + type: string + required: true + description: | + the path to download the S3 file/s to + artifact-name: + type: string + required: true + description: | + the name to give the Github Actions artifact + s3-bucket-uri: + type: string + required: true + description: | + the AWS S3 bucket URI to copy from +runs: + using: "composite" + steps: + - name: Validate bucket + uses: GeoNet/Actions/.github/actions/validate-bucket-uri@caS3 + with: + s3-bucket-uri: ${{ inputs.s3-bucket-uri }} + - name: Get session name + id: get-session-name + shell: bash + env: + REPO: ${{ github.repository }} + run: | + SESSION_NAME="$(echo "github-actions-copy-from-s3-to-$REPO" | sed 's,/,--,g' | tr '[[:upper:]]' '[[:lower:]]')" + if [ -n "$AWS_ROLE_SESSION_NAME" ]; then + SESSION_NAME="$AWS_ROLE_SESSION_NAME" + fi + echo "session-name=$SESSION_NAME" >> $GITHUB_OUTPUT + - name: Configure AWS Credentials + env: + REPO: ${{ github.repository }} + uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 + with: + aws-region: ${{ inputs.aws-region }} + role-to-assume: ${{ inputs.aws-role-arn-to-assume }} + role-duration-seconds: ${{ inputs.aws-role-duration-seconds }} + role-session-name: ${{ steps.get-session-name.outputs.session-name }} + - name: Copy from S3 + shell: bash + env: + LOCAL_DESTINATION_DIR: ${{ inputs.artifact-path }} + S3_BUCKET_URI: ${{ inputs.s3-bucket-uri }} + run: | + if [ ${{ inputs.use-sync }} = true ]; then + aws s3 sync "$S3_BUCKET_URI" "$LOCAL_DESTINATION_DIR" + else + ARGS=() + if [ ${{ inputs.single-file }} = false ]; then + ARGS+=(--recursive) + fi + aws s3 cp "${ARGS[@]}" "$S3_BUCKET_URI" "$LOCAL_DESTINATION_DIR" + fi + - name: Upload to GitHub Actions artifacts + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + with: + name: ${{ inputs.artifact-name }} + path: ${{ inputs.artifact-path }} + retention-days: 1 + overwrite: true \ No newline at end of file diff --git a/README.md b/README.md index 31eb5e1..d1e98d7 100644 --- a/README.md +++ b/README.md @@ -31,6 +31,7 @@ - [Tagging](#tagging) - [Validate bucket URI](#validate-bucket-uri) - [Copy to S3](#copy-to-s3-1) + - [Copy from S3](#copy-from-s3) - [Other documentation](#other-documentation) - [Dependabot and Actions workflow imports](#dependabot-and-actions-workflow-imports) - [Versioning for container images](#versioning-for-container-images) @@ -1278,6 +1279,29 @@ jobs: s3-bucket-uri: s3://my-bucket/test-coverage-results/ ``` +### Copy from S3 + +STATUS: beta + +Copy (or sync) one or more files from an S3 bucket to GitHub Actions Artifacts. + +```yaml +on: [push] + +jobs: + test: + runs-on: ubuntu-latest + steps: + - name: Download test log from S3 + uses: GeoNet/Actions/.github/actions/copy-from-s3@main + with: + aws-role-arn-to-assume: my-role + artifact-name: test-coverage-results + artifact-path: ./coverage + s3-bucket-uri: s3://my-bucket/test-coverage-results/coverage.out + single-file: true +``` + ## Other documentation ### Dependabot and Actions workflow imports