From c4c60d1f0991ffd24ca0aa16e4db19f64b081235 Mon Sep 17 00:00:00 2001 From: Cyril Rohr Date: Wed, 28 Feb 2024 08:26:48 +0000 Subject: [PATCH 1/4] Unset existing credentials when running from RunsOn --- src/custom/backend.ts | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/src/custom/backend.ts b/src/custom/backend.ts index d872afa..be9caf4 100644 --- a/src/custom/backend.ts +++ b/src/custom/backend.ts @@ -24,6 +24,16 @@ export interface ArtifactCacheEntry { archiveLocation?: string; } +// if executing from RunsOn, unset any existing AWS env variables so that we can use the IAM instance profile for credentials +// see unsetCredentials() in https://github.com/aws-actions/configure-aws-credentials/blob/v4.0.2/src/helpers.ts#L44 +if (process.env.RUNS_ON_RUNNER_NAME) { + delete process.env.AWS_ACCESS_KEY_ID; + delete process.env.AWS_SECRET_ACCESS_KEY; + delete process.env.AWS_SESSION_TOKEN; + delete process.env.AWS_REGION; + delete process.env.AWS_DEFAULT_REGION; +} + const versionSalt = "1.0"; const bucketName = process.env.RUNS_ON_S3_BUCKET_CACHE; const region = From df4fed6d956bb08b4bbbe4cd0db1f668d765dc6e Mon Sep 17 00:00:00 2001 From: Cyril Rohr Date: Wed, 28 Feb 2024 08:26:54 +0000 Subject: [PATCH 2/4] dist --- dist/restore-only/index.js | 9 +++++++++ dist/restore/index.js | 9 +++++++++ dist/save-only/index.js | 9 +++++++++ dist/save/index.js | 9 +++++++++ 4 files changed, 36 insertions(+) diff --git a/dist/restore-only/index.js b/dist/restore-only/index.js index 6ae1d47..ecbf988 100644 --- a/dist/restore-only/index.js +++ b/dist/restore-only/index.js @@ -93773,6 +93773,15 @@ const core = __importStar(__nccwpck_require__(2186)); const utils = __importStar(__nccwpck_require__(1518)); const lib_storage_1 = __nccwpck_require__(3087); const downloadUtils_1 = __nccwpck_require__(6968); +// if executing from RunsOn, unset any existing AWS env variables so that we can use the IAM instance profile for credentials +// see unsetCredentials() in https://github.com/aws-actions/configure-aws-credentials/blob/v4.0.2/src/helpers.ts#L44 +if (process.env.RUNS_ON_RUNNER_NAME) { + delete process.env.AWS_ACCESS_KEY_ID; + delete process.env.AWS_SECRET_ACCESS_KEY; + delete process.env.AWS_SESSION_TOKEN; + delete process.env.AWS_REGION; + delete process.env.AWS_DEFAULT_REGION; +} const versionSalt = "1.0"; const bucketName = process.env.RUNS_ON_S3_BUCKET_CACHE; const region = process.env.RUNS_ON_AWS_REGION || diff --git a/dist/restore/index.js b/dist/restore/index.js index c2418a4..2da0833 100644 --- a/dist/restore/index.js +++ b/dist/restore/index.js @@ -93773,6 +93773,15 @@ const core = __importStar(__nccwpck_require__(2186)); const utils = __importStar(__nccwpck_require__(1518)); const lib_storage_1 = __nccwpck_require__(3087); const downloadUtils_1 = __nccwpck_require__(6968); +// if executing from RunsOn, unset any existing AWS env variables so that we can use the IAM instance profile for credentials +// see unsetCredentials() in https://github.com/aws-actions/configure-aws-credentials/blob/v4.0.2/src/helpers.ts#L44 +if (process.env.RUNS_ON_RUNNER_NAME) { + delete process.env.AWS_ACCESS_KEY_ID; + delete process.env.AWS_SECRET_ACCESS_KEY; + delete process.env.AWS_SESSION_TOKEN; + delete process.env.AWS_REGION; + delete process.env.AWS_DEFAULT_REGION; +} const versionSalt = "1.0"; const bucketName = process.env.RUNS_ON_S3_BUCKET_CACHE; const region = process.env.RUNS_ON_AWS_REGION || diff --git a/dist/save-only/index.js b/dist/save-only/index.js index 88822b9..250ee19 100644 --- a/dist/save-only/index.js +++ b/dist/save-only/index.js @@ -93773,6 +93773,15 @@ const core = __importStar(__nccwpck_require__(2186)); const utils = __importStar(__nccwpck_require__(1518)); const lib_storage_1 = __nccwpck_require__(3087); const downloadUtils_1 = __nccwpck_require__(6968); +// if executing from RunsOn, unset any existing AWS env variables so that we can use the IAM instance profile for credentials +// see unsetCredentials() in https://github.com/aws-actions/configure-aws-credentials/blob/v4.0.2/src/helpers.ts#L44 +if (process.env.RUNS_ON_RUNNER_NAME) { + delete process.env.AWS_ACCESS_KEY_ID; + delete process.env.AWS_SECRET_ACCESS_KEY; + delete process.env.AWS_SESSION_TOKEN; + delete process.env.AWS_REGION; + delete process.env.AWS_DEFAULT_REGION; +} const versionSalt = "1.0"; const bucketName = process.env.RUNS_ON_S3_BUCKET_CACHE; const region = process.env.RUNS_ON_AWS_REGION || diff --git a/dist/save/index.js b/dist/save/index.js index 695d66f..1776075 100644 --- a/dist/save/index.js +++ b/dist/save/index.js @@ -93773,6 +93773,15 @@ const core = __importStar(__nccwpck_require__(2186)); const utils = __importStar(__nccwpck_require__(1518)); const lib_storage_1 = __nccwpck_require__(3087); const downloadUtils_1 = __nccwpck_require__(6968); +// if executing from RunsOn, unset any existing AWS env variables so that we can use the IAM instance profile for credentials +// see unsetCredentials() in https://github.com/aws-actions/configure-aws-credentials/blob/v4.0.2/src/helpers.ts#L44 +if (process.env.RUNS_ON_RUNNER_NAME) { + delete process.env.AWS_ACCESS_KEY_ID; + delete process.env.AWS_SECRET_ACCESS_KEY; + delete process.env.AWS_SESSION_TOKEN; + delete process.env.AWS_REGION; + delete process.env.AWS_DEFAULT_REGION; +} const versionSalt = "1.0"; const bucketName = process.env.RUNS_ON_S3_BUCKET_CACHE; const region = process.env.RUNS_ON_AWS_REGION || From 6de5dcf3c38037c5cf38920c7e42893828bcad75 Mon Sep 17 00:00:00 2001 From: Cyril Rohr Date: Wed, 28 Feb 2024 09:29:17 +0000 Subject: [PATCH 3/4] Initialize s3client once --- src/custom/backend.ts | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/src/custom/backend.ts b/src/custom/backend.ts index be9caf4..9c792de 100644 --- a/src/custom/backend.ts +++ b/src/custom/backend.ts @@ -48,6 +48,8 @@ const downloadQueueSize = Number(process.env.DOWNLOAD_QUEUE_SIZE || "8"); const downloadPartSize = Number(process.env.DOWNLOAD_PART_SIZE || "16") * 1024 * 1024; +const s3Client = new S3Client({ region }); + export function getCacheVersion( paths: string[], compressionMethod?: CompressionMethod, @@ -96,7 +98,6 @@ export async function getCacheEntry( { compressionMethod, enableCrossOsArchive } ) { const cacheEntry: ArtifactCacheEntry = {}; - const s3Client = new S3Client({ region }); // Find the most recent key matching one of the restoreKeys prefixes for (const restoreKey of keys) { @@ -147,7 +148,6 @@ export async function downloadCache( throw new Error("Environment variable RUNS_ON_AWS_REGION not set"); } - const s3Client = new S3Client({ region }); const archiveUrl = new URL(archiveLocation); const objectKey = archiveUrl.pathname.slice(1); const command = new GetObjectCommand({ @@ -179,7 +179,6 @@ export async function saveCache( throw new Error("Environment variable RUNS_ON_AWS_REGION not set"); } - const s3Client = new S3Client({ region }); const s3Prefix = getS3Prefix(paths, { compressionMethod, enableCrossOsArchive From f45c4284d8fe3e86f2ccf7d8a6f68a7c3f50ff00 Mon Sep 17 00:00:00 2001 From: Cyril Rohr Date: Wed, 28 Feb 2024 09:30:03 +0000 Subject: [PATCH 4/4] dist --- dist/restore-only/index.js | 4 +--- dist/restore/index.js | 4 +--- dist/save-only/index.js | 4 +--- dist/save/index.js | 4 +--- 4 files changed, 4 insertions(+), 12 deletions(-) diff --git a/dist/restore-only/index.js b/dist/restore-only/index.js index ecbf988..f9f8d38 100644 --- a/dist/restore-only/index.js +++ b/dist/restore-only/index.js @@ -93791,6 +93791,7 @@ const uploadQueueSize = Number(process.env.UPLOAD_QUEUE_SIZE || "4"); const uploadPartSize = Number(process.env.UPLOAD_PART_SIZE || "32") * 1024 * 1024; const downloadQueueSize = Number(process.env.DOWNLOAD_QUEUE_SIZE || "8"); const downloadPartSize = Number(process.env.DOWNLOAD_PART_SIZE || "16") * 1024 * 1024; +const s3Client = new client_s3_1.S3Client({ region }); function getCacheVersion(paths, compressionMethod, enableCrossOsArchive = false) { // don't pass changes upstream const components = paths.slice(); @@ -93819,7 +93820,6 @@ function getS3Prefix(paths, { compressionMethod, enableCrossOsArchive }) { function getCacheEntry(keys, paths, { compressionMethod, enableCrossOsArchive }) { return __awaiter(this, void 0, void 0, function* () { const cacheEntry = {}; - const s3Client = new client_s3_1.S3Client({ region }); // Find the most recent key matching one of the restoreKeys prefixes for (const restoreKey of keys) { const s3Prefix = getS3Prefix(paths, { @@ -93857,7 +93857,6 @@ function downloadCache(archiveLocation, archivePath, options) { if (!region) { throw new Error("Environment variable RUNS_ON_AWS_REGION not set"); } - const s3Client = new client_s3_1.S3Client({ region }); const archiveUrl = new URL(archiveLocation); const objectKey = archiveUrl.pathname.slice(1); const command = new client_s3_1.GetObjectCommand({ @@ -93879,7 +93878,6 @@ function saveCache(key, paths, archivePath, { compressionMethod, enableCrossOsAr if (!region) { throw new Error("Environment variable RUNS_ON_AWS_REGION not set"); } - const s3Client = new client_s3_1.S3Client({ region }); const s3Prefix = getS3Prefix(paths, { compressionMethod, enableCrossOsArchive diff --git a/dist/restore/index.js b/dist/restore/index.js index 2da0833..0bb899b 100644 --- a/dist/restore/index.js +++ b/dist/restore/index.js @@ -93791,6 +93791,7 @@ const uploadQueueSize = Number(process.env.UPLOAD_QUEUE_SIZE || "4"); const uploadPartSize = Number(process.env.UPLOAD_PART_SIZE || "32") * 1024 * 1024; const downloadQueueSize = Number(process.env.DOWNLOAD_QUEUE_SIZE || "8"); const downloadPartSize = Number(process.env.DOWNLOAD_PART_SIZE || "16") * 1024 * 1024; +const s3Client = new client_s3_1.S3Client({ region }); function getCacheVersion(paths, compressionMethod, enableCrossOsArchive = false) { // don't pass changes upstream const components = paths.slice(); @@ -93819,7 +93820,6 @@ function getS3Prefix(paths, { compressionMethod, enableCrossOsArchive }) { function getCacheEntry(keys, paths, { compressionMethod, enableCrossOsArchive }) { return __awaiter(this, void 0, void 0, function* () { const cacheEntry = {}; - const s3Client = new client_s3_1.S3Client({ region }); // Find the most recent key matching one of the restoreKeys prefixes for (const restoreKey of keys) { const s3Prefix = getS3Prefix(paths, { @@ -93857,7 +93857,6 @@ function downloadCache(archiveLocation, archivePath, options) { if (!region) { throw new Error("Environment variable RUNS_ON_AWS_REGION not set"); } - const s3Client = new client_s3_1.S3Client({ region }); const archiveUrl = new URL(archiveLocation); const objectKey = archiveUrl.pathname.slice(1); const command = new client_s3_1.GetObjectCommand({ @@ -93879,7 +93878,6 @@ function saveCache(key, paths, archivePath, { compressionMethod, enableCrossOsAr if (!region) { throw new Error("Environment variable RUNS_ON_AWS_REGION not set"); } - const s3Client = new client_s3_1.S3Client({ region }); const s3Prefix = getS3Prefix(paths, { compressionMethod, enableCrossOsArchive diff --git a/dist/save-only/index.js b/dist/save-only/index.js index 250ee19..ca7412b 100644 --- a/dist/save-only/index.js +++ b/dist/save-only/index.js @@ -93791,6 +93791,7 @@ const uploadQueueSize = Number(process.env.UPLOAD_QUEUE_SIZE || "4"); const uploadPartSize = Number(process.env.UPLOAD_PART_SIZE || "32") * 1024 * 1024; const downloadQueueSize = Number(process.env.DOWNLOAD_QUEUE_SIZE || "8"); const downloadPartSize = Number(process.env.DOWNLOAD_PART_SIZE || "16") * 1024 * 1024; +const s3Client = new client_s3_1.S3Client({ region }); function getCacheVersion(paths, compressionMethod, enableCrossOsArchive = false) { // don't pass changes upstream const components = paths.slice(); @@ -93819,7 +93820,6 @@ function getS3Prefix(paths, { compressionMethod, enableCrossOsArchive }) { function getCacheEntry(keys, paths, { compressionMethod, enableCrossOsArchive }) { return __awaiter(this, void 0, void 0, function* () { const cacheEntry = {}; - const s3Client = new client_s3_1.S3Client({ region }); // Find the most recent key matching one of the restoreKeys prefixes for (const restoreKey of keys) { const s3Prefix = getS3Prefix(paths, { @@ -93857,7 +93857,6 @@ function downloadCache(archiveLocation, archivePath, options) { if (!region) { throw new Error("Environment variable RUNS_ON_AWS_REGION not set"); } - const s3Client = new client_s3_1.S3Client({ region }); const archiveUrl = new URL(archiveLocation); const objectKey = archiveUrl.pathname.slice(1); const command = new client_s3_1.GetObjectCommand({ @@ -93879,7 +93878,6 @@ function saveCache(key, paths, archivePath, { compressionMethod, enableCrossOsAr if (!region) { throw new Error("Environment variable RUNS_ON_AWS_REGION not set"); } - const s3Client = new client_s3_1.S3Client({ region }); const s3Prefix = getS3Prefix(paths, { compressionMethod, enableCrossOsArchive diff --git a/dist/save/index.js b/dist/save/index.js index 1776075..dd7591c 100644 --- a/dist/save/index.js +++ b/dist/save/index.js @@ -93791,6 +93791,7 @@ const uploadQueueSize = Number(process.env.UPLOAD_QUEUE_SIZE || "4"); const uploadPartSize = Number(process.env.UPLOAD_PART_SIZE || "32") * 1024 * 1024; const downloadQueueSize = Number(process.env.DOWNLOAD_QUEUE_SIZE || "8"); const downloadPartSize = Number(process.env.DOWNLOAD_PART_SIZE || "16") * 1024 * 1024; +const s3Client = new client_s3_1.S3Client({ region }); function getCacheVersion(paths, compressionMethod, enableCrossOsArchive = false) { // don't pass changes upstream const components = paths.slice(); @@ -93819,7 +93820,6 @@ function getS3Prefix(paths, { compressionMethod, enableCrossOsArchive }) { function getCacheEntry(keys, paths, { compressionMethod, enableCrossOsArchive }) { return __awaiter(this, void 0, void 0, function* () { const cacheEntry = {}; - const s3Client = new client_s3_1.S3Client({ region }); // Find the most recent key matching one of the restoreKeys prefixes for (const restoreKey of keys) { const s3Prefix = getS3Prefix(paths, { @@ -93857,7 +93857,6 @@ function downloadCache(archiveLocation, archivePath, options) { if (!region) { throw new Error("Environment variable RUNS_ON_AWS_REGION not set"); } - const s3Client = new client_s3_1.S3Client({ region }); const archiveUrl = new URL(archiveLocation); const objectKey = archiveUrl.pathname.slice(1); const command = new client_s3_1.GetObjectCommand({ @@ -93879,7 +93878,6 @@ function saveCache(key, paths, archivePath, { compressionMethod, enableCrossOsAr if (!region) { throw new Error("Environment variable RUNS_ON_AWS_REGION not set"); } - const s3Client = new client_s3_1.S3Client({ region }); const s3Prefix = getS3Prefix(paths, { compressionMethod, enableCrossOsArchive