From bc3f5a8b57590ce6fb88e96fcbc94f812f139afa Mon Sep 17 00:00:00 2001
From: Callum Morris <c.morris@gns.cri.nz>
Date: Wed, 16 Oct 2024 10:55:59 +1300
Subject: [PATCH] feat: add composite action for copying to s3

Adapted from reusable-copy-to-s3 workflow. Having it as a composite action should help address the workflow nesting limit that we see in some situations
---
 .github/actions/copy-to-s3/action.yml | 100 ++++++++++++++++++++++++++
 README.md                             |  29 ++++++++
 2 files changed, 129 insertions(+)
 create mode 100644 .github/actions/copy-to-s3/action.yml

diff --git a/.github/actions/copy-to-s3/action.yml b/.github/actions/copy-to-s3/action.yml
new file mode 100644
index 0000000..4fb487a
--- /dev/null
+++ b/.github/actions/copy-to-s3/action.yml
@@ -0,0 +1,100 @@
+name: Copy to S3
+description: Copy file/s from GitHub Actions Artifacts to S3.
+inputs:
+  aws-region:
+    type: string
+    default: ap-southeast-2
+    required: false
+    description: |
+      the AWS region to use; e.g ap-southeast-2
+  aws-role-arn-to-assume:
+    type: string
+    required: true
+    description: |
+      an AWS role ARN to assume.
+      e.g: arn:aws:iam::ACCOUNT_ID:role/github-actions-ROLE_NAME
+  aws-role-duration-seconds:
+    type: number
+    required: false
+    default: 3600
+    description: |
+      the number of seconds to hold a session open for.
+  aws-role-session-name:
+    type: string
+    required: false
+    description: |
+      the name of the session to use for AssumeRole(WithWebIdentity)
+  use-sync:
+    type: boolean
+    default: false
+    required: false
+    description: |
+      whether it should use sync instead of cp (copy)
+  single-file:
+    type: boolean
+    default: false
+    required: false
+    description: |
+      single file copy
+  artifact-name:
+    type: string
+    required: true
+    description: |
+      the name of the GitHub Actions artifact to download
+  artifact-path:
+    type: string
+    required: true
+    description: |
+      the path to download the GitHub Actions artifact to
+  s3-bucket-uri:
+    type: string
+    required: true
+    description: |
+      the AWS S3 bucket URI to copy to
+runs:
+  using: "composite"
+  steps:
+    - name: Validate bucket
+      uses: GeoNet/Actions/.github/actions/validate-bucket-uri@caS3
+      with:
+        s3-bucket-uri: ${{ inputs.s3-bucket-uri }}
+    - name: Download artifact
+      uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
+      with:
+          name: ${{ inputs.artifact-name }}
+          path: ${{ inputs.artifact-path }}
+    - name: Get session name
+      id: get-session-name
+      shell: bash
+      env:
+        REPO: ${{ github.repository }}
+      run: |
+        SESSION_NAME="$(echo "github-actions-copy-from-$REPO-to-s3" | sed 's,/,--,g' | tr '[[:upper:]]' '[[:lower:]]')"
+        if [ -n "$AWS_ROLE_SESSION_NAME" ]; then
+          SESSION_NAME="$AWS_ROLE_SESSION_NAME"
+        fi
+        echo "session-name=$SESSION_NAME" >> $GITHUB_OUTPUT
+    - name: Configure AWS Credentials
+      env:
+        REPO: ${{ github.repository }}
+      uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
+      with:
+        aws-region: ${{ inputs.aws-region }}
+        role-to-assume: ${{ inputs.aws-role-arn-to-assume }}
+        role-duration-seconds: ${{ inputs.aws-role-duration-seconds }}
+        role-session-name: ${{ steps.get-session-name.outputs.session-name }}
+    - name: Copy to S3
+      shell: bash
+      env:
+        LOCAL_SOURCE_DIR: ${{ inputs.artifact-path }}
+        S3_BUCKET_URI: ${{ inputs.s3-bucket-uri }}
+      run: |
+        if [ ${{ inputs.use-sync }} = true ]; then
+          aws s3 sync "$LOCAL_SOURCE_DIR" "$S3_BUCKET_URI"
+        else
+          ARGS=()
+          if [ ${{ inputs.single-file }} = false ]; then
+                ARGS+=(--recursive)
+          fi
+          aws s3 cp "${ARGS[@]}" "$LOCAL_SOURCE_DIR" "$S3_BUCKET_URI"
+        fi
\ No newline at end of file
diff --git a/README.md b/README.md
index 0ceefa9..31eb5e1 100644
--- a/README.md
+++ b/README.md
@@ -30,6 +30,7 @@
   - [Composite Actions](#composite-actions)
     - [Tagging](#tagging)
     - [Validate bucket URI](#validate-bucket-uri)
+    - [Copy to S3](#copy-to-s3-1)
   - [Other documentation](#other-documentation)
     - [Dependabot and Actions workflow imports](#dependabot-and-actions-workflow-imports)
     - [Versioning for container images](#versioning-for-container-images)
@@ -1249,6 +1250,34 @@ jobs:
           s3-bucket-uri: s3://my-bucket-to-validate/my-bucket-prefix
 ```
 
+### Copy to S3
+
+STATUS: beta
+
+Copy (or sync) one or more files from GitHub Actions Artifacts to an S3 bucket.
+
+```yaml
+on: [push]
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Upload test log to GitHub Artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: test-coverage-results
+          path: |
+            /tmp/coverage.out
+      - name: Upload test log to S3
+        uses: GeoNet/Actions/.github/actions/copy-to-s3@main
+        with:
+          aws-role-arn-to-assume: my-role
+          artifact-name: test-coverage-results
+          artifact-path: ./coverage
+          s3-bucket-uri: s3://my-bucket/test-coverage-results/
+```
+
 ## Other documentation
 
 ### Dependabot and Actions workflow imports