I'm opening this issue to gather feedback about the need for an AWS CLI GitHub Action in the github.com/aws-actions organization. Please use the thumbs-up reaction if this would be useful to you.
For context, GitHub deprecated (and has now deleted) their action actions/aws/cli. That action enabled running workflows like this:
- name: Upload to S3
uses: actions/aws/cli@master
with:
args: s3 cp ./results/ s3://reports/results/ --recursive
Please note that the AWS CLI is pre-installed in the GitHub-hosted environments. For example, runs-on: ubuntu-latest will have AWS CLI version 1.16.299, and you can do the following:
- name: Upload to S3
run: |
aws s3 cp ./results/ s3://reports/results/ --recursive
I do not know how often GitHub will upgrade the version of the AWS CLI in the GitHub-hosted environments.
I have already received multiple requests for an AWS CLI action in the existing action repos that I maintain:
https://github.com/aws-actions/configure-aws-credentials/issues/9
https://github.com/aws-actions/amazon-ecs-deploy-task-definition/issues/21
https://github.com/aws-actions/amazon-ecs-deploy-task-definition/issues/18
clareliguori
All 8 comments
An exemplary usage of aws cli in the configure-aws-credentials readme would have been enough for me. But a separate repo would make it even more obvious, even just with a readme that does a built in run.
tpreusse
on 30 Jan 2020
Certainly would be helpful for self-hosted scenarios.
KenBerg75
on 6 Apr 2020
You can sorta do this with the aws-cli docker image. That comes with a lot of limitations though, e.g. you're limited to particular directories which actions volume-maps in: /github/home, /github/workspace, /github/workflow
steps:
- name: Download File from S3
uses: docker://amazon/aws-cli:2.0.7
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
with:
args: s3 cp s3://bucket/key /github/home/downloaded_file
blowfishpro
on 8 Apr 2020
Is that possible to use s3 cp in the pull request with github actions?
I found the secrets.AWS_ACCESS_KEY_ID does not work for doing pull request from a fork.
Any solution?
StacyYang
on 9 Apr 2020
You can make the object publicly accessible and then either pass --no-sign-request or download directly by URL without the aws cli.
Really though, this is a broader problem of needing to be able to build against external pull requests but not leak secrets. If secrets were allowed when building against external PRs, someone could submit a PR that either directly did something malicious with your credentials directly or made them accessible such that they could do something with them later. But merging a PR, especially an external one, without running CI is also not desirable. So really there needs to be a way to say "a trusted human has looked at this PR and verified that it doesn't do anything bad, now run CI with secrets". Running only approved PRs might work. None of this is specific to aws-cli on Github Actions, or for that matter any CI provider though.
blowfishpro
on 9 Apr 2020
I was missing the list of all env vars: https://stackoverflow.com/a/63353289/2771889
After figuring that out it's very straightforward to use the CLI in Actions.
thisismydesign
on 11 Aug 2020
I would really appreciate it! Even if it's also offered in the GitHub environment I'd feel safer if there's an AWS certified version to use. Just my two cents...
BastianZim
on 19 Oct 2020
I've created a GitHub Action that installs the AWS CLI on a Linux runner, according to a given version, so you might find it useful - unfor19/install-aws-cli-action
This is how you use it -
- id: install-aws-cli
uses: unfor19/install-aws-cli-action@v1
with:
version: 1
@BastianZim - I agree with your concern regarding the "official version", the action that I've created doesn't require any credentials, it only installs the CLI.
unfor19
on 7 Nov 2020
Related issues
levequej
路
3Comments
schams-net
路
3Comments
DrStrangepork
路
3Comments
975204
路
3Comments
motilevy
路
3Comments
Most helpful comment
Certainly would be helpful for self-hosted scenarios.