feat: add composite action for copying from s3

Adapted from reusable-copy-to-s3 workflow. Having it as a composite action should help address the workflow nesting limit that we see in some situations
GeoNet · Oct 17, 2024 · ae875b4 · ae875b4
1 parent bc3f5a8
commit ae875b4
Show file tree

Hide file tree

Showing 2 changed files with 126 additions and 0 deletions.
diff --git a/.github/actions/copy-from-s3/action.yml b/.github/actions/copy-from-s3/action.yml
@@ -0,0 +1,102 @@
+name: Copy from S3
+description: Copy file/s from S3 to GitHub Actions Artifacts.
+inputs:
+  aws-region:
+    type: string
+    default: ap-southeast-2
+    required: false
+    description: |
+      the AWS region to use; e.g ap-southeast-2
+  aws-role-arn-to-assume:
+    type: string
+    required: true
+    description: |
+      an AWS role ARN to assume.
+      e.g: arn:aws:iam::ACCOUNT_ID:role/github-actions-ROLE_NAME
+  aws-role-duration-seconds:
+    type: number
+    required: false
+    default: 3600
+    description: |
+      the number of seconds to hold a session open for.
+  aws-role-session-name:
+    type: string
+    required: false
+    description: |
+      the name of the session to use for AssumeRole(WithWebIdentity)
+  use-sync:
+    type: boolean
+    default: false
+    required: false
+    description: |
+      whether it should use sync instead of cp (copy)
+  single-file:
+    type: boolean
+    default: false
+    required: false
+    description: |
+      single file copy
+  artifact-path:
+    type: string
+    required: true
+    description: |
+      the path to download the S3 file/s to
+  artifact-name:
+    type: string
+    required: true
+    description: |
+      the name to give the Github Actions artifact
+  s3-bucket-uri:
+    type: string
+    required: true
+    description: |
+      the AWS S3 bucket URI to copy from
+runs:
+  using: "composite"
+  steps:
+    - name: Validate bucket
+      uses: GeoNet/Actions/.github/actions/validate-bucket-uri@caS3
+      with:
+        s3-bucket-uri: ${{ inputs.s3-bucket-uri }}
+    - name: Get session name
+      id: get-session-name
+      shell: bash
+      env:
+        REPO: ${{ github.repository }}
+      run: |
+        SESSION_NAME="$(echo "github-actions-copy-from-s3-to-$REPO" | sed 's,/,--,g' | tr '[[:upper:]]' '[[:lower:]]')"
+        if [ -n "$AWS_ROLE_SESSION_NAME" ]; then
+          SESSION_NAME="$AWS_ROLE_SESSION_NAME"
+        fi
+        echo "session-name=$SESSION_NAME" >> $GITHUB_OUTPUT
+    - name: Configure AWS Credentials
+      env:
+        REPO: ${{ github.repository }}
+      uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
+      with:
+        aws-region: ${{ inputs.aws-region }}
+        role-to-assume: ${{ inputs.aws-role-arn-to-assume }}
+        role-duration-seconds: ${{ inputs.aws-role-duration-seconds }}
+        role-session-name: ${{ steps.get-session-name.outputs.session-name }}
+    - name: Copy from S3
+      shell: bash
+      env:
+        LOCAL_DESTINATION_DIR: ${{ inputs.artifact-path }}
+        S3_BUCKET_URI: ${{ inputs.s3-bucket-uri }}
+      run: |
+        if [ ${{ inputs.use-sync }} = true ]; then
+          aws s3 sync "$S3_BUCKET_URI" "$LOCAL_DESTINATION_DIR"
+        else
+          ARGS=()
+          if [ ${{ inputs.single-file }} = false ]; then
+                ARGS+=(--recursive)
+          fi
+          aws s3 cp "${ARGS[@]}" "$S3_BUCKET_URI" "$LOCAL_DESTINATION_DIR"
+        fi
+    - name: Upload to GitHub Actions artifacts
+      uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
+      with:
+        name: ${{ inputs.artifact-name }}
+        path: ${{ inputs.artifact-path }}
+        retention-days: 1
+        overwrite: true
diff --git a/README.md b/README.md
@@ -31,6 +31,7 @@
     - [Tagging](#tagging)
     - [Validate bucket URI](#validate-bucket-uri)
     - [Copy to S3](#copy-to-s3-1)
+    - [Copy from S3](#copy-from-s3)
   - [Other documentation](#other-documentation)
     - [Dependabot and Actions workflow imports](#dependabot-and-actions-workflow-imports)
     - [Versioning for container images](#versioning-for-container-images)
@@ -1278,6 +1279,29 @@ jobs:
           s3-bucket-uri: s3://my-bucket/test-coverage-results/
 ```
 
+### Copy from S3
+
+STATUS: beta
+
+Copy (or sync) one or more files from an S3 bucket to GitHub Actions Artifacts.
+
+```yaml
+on: [push]
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Download test log from S3
+        uses: GeoNet/Actions/.github/actions/copy-from-s3@main
+        with:
+          aws-role-arn-to-assume: my-role
+          artifact-name: test-coverage-results
+          artifact-path: ./coverage
+          s3-bucket-uri: s3://my-bucket/test-coverage-results/coverage.out
+          single-file: true
+```
+
 ## Other documentation
 
 ### Dependabot and Actions workflow imports