diff --git a/Dockerfile b/Dockerfile index 51e4a5f..5ce583c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,13 +5,13 @@ LABEL "com.github.actions.description"="Sync a directory to an AWS S3 repository LABEL "com.github.actions.icon"="refresh-cw" LABEL "com.github.actions.color"="green" -LABEL version="0.4.0" +LABEL version="0.5.0" LABEL repository="https://github.com/jakejarvis/s3-sync-action" LABEL homepage="https://jarv.is/" LABEL maintainer="Jake Jarvis " # https://github.com/aws/aws-cli/blob/master/CHANGELOG.rst -ENV AWSCLI_VERSION='1.16.262' +ENV AWSCLI_VERSION='1.16.265' RUN pip install --quiet --no-cache-dir awscli==${AWSCLI_VERSION} diff --git a/README.md b/README.md index f6fe487..43d9cd7 100644 --- a/README.md +++ b/README.md @@ -11,11 +11,20 @@ This simple action uses the [vanilla AWS CLI](https://docs.aws.amazon.com/cli/in Place in a `.yml` file such as this one in your `.github/workflows` folder. [Refer to the documentation on workflow YAML syntax here.](https://help.github.com/en/articles/workflow-syntax-for-github-actions) -As of v0.3.0, all [`aws s3 sync` flags](https://docs.aws.amazon.com/cli/latest/reference/s3/sync.html) are optional to allow for maximum customizability (that's a word, I promise) and must be provided by you via `args:`. The optimal defaults for a static website are set in this example: `--acl public-read` makes your files publicly readable, `--follow-symlinks` won't hurt and fixes some weird symbolic link problems that may come up, and most importantly, `--delete` **permanently deletes** files in the S3 bucket that are **not** present in the latest version of your repository/build. +As of v0.3.0, all [`aws s3 sync` flags](https://docs.aws.amazon.com/cli/latest/reference/s3/sync.html) are optional to allow for maximum customizability (that's a word, I promise) and must be provided by you via `args:`. The optimal defaults for a static website are set in this example: + +- `--acl public-read` makes your files publicly readable (make sure your [bucket settings are also set to public](https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteAccessPermissionsReqd.html)). +- `--follow-symlinks` won't hurt and fixes some weird symbolic link problems that may come up. +- Most importantly, `--delete` **permanently deletes** files in the S3 bucket that are **not** present in the latest version of your repository/build. +- If you're syncing the root of your repository, `--exclude '.git/*'` prevents your `.git` folder from syncing, which would expose your source code history if your project is closed-source. ```yaml -name: Sync Bucket -on: push +name: Upload Website + +on: + push: + branches: + - master jobs: deploy: @@ -24,13 +33,13 @@ jobs: - uses: actions/checkout@master - uses: jakejarvis/s3-sync-action@master with: - args: --acl public-read --follow-symlinks --delete + args: --acl public-read --follow-symlinks --delete --exclude '.git/*' env: - SOURCE_DIR: './public' - AWS_REGION: 'us-east-1' AWS_S3_BUCKET: ${{ secrets.AWS_S3_BUCKET }} AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + AWS_REGION: 'us-west-1' # optional: defaults to us-east-1 + SOURCE_DIR: 'public' # optional: defaults to entire repository ``` @@ -42,11 +51,11 @@ The following settings must be passed as environment variables as shown in the e | ------------- | ------------- | ------------- | ------------- | ------------- | | `AWS_ACCESS_KEY_ID` | Your AWS Access Key. [More info here.](https://docs.aws.amazon.com/general/latest/gr/managing-aws-access-keys.html) | `secret` | **Yes** | N/A | | `AWS_SECRET_ACCESS_KEY` | Your AWS Secret Access Key. [More info here.](https://docs.aws.amazon.com/general/latest/gr/managing-aws-access-keys.html) | `secret` | **Yes** | N/A | -| `AWS_S3_BUCKET` | The name of the bucket you're syncing to. For example, `jarv.is`. | `secret` | **Yes** | N/A | -| `AWS_REGION` | The region where you created your bucket in. For example, `us-east-1`. [Full list of regions here.](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-available-regions) | `env` | **Yes** | N/A | -| `AWS_S3_ENDPOINT` | The endpoint URL of the bucket you're syncing to. Can be used for VPC scenarios or for S3 compliant products like [DigitalOcean Spaces](https://www.digitalocean.com/community/tools/adapting-an-existing-aws-s3-application-to-digitalocean-spaces). | `env` | No | AWS | -| `SOURCE_DIR` | The local directory you wish to sync/upload to S3. For example, `./public` | `env` | No | `.` | -| `DEST_DIR` | The directory inside of the S3 bucket you wish to sync/upload to. Eg: `my_project/assets`. | `env` | No | `/` | +| `AWS_S3_BUCKET` | The name of the bucket you're syncing to. For example, `jarv.is` or `my-app-releases`. | `secret` | **Yes** | N/A | +| `AWS_REGION` | The region where you created your bucket. Set to `us-east-1` by default. [Full list of regions here.](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-available-regions) | `env` | No | `us-east-1` | +| `AWS_S3_ENDPOINT` | The endpoint URL of the bucket you're syncing to. Can be used for [VPC scenarios](https://aws.amazon.com/blogs/aws/new-vpc-endpoint-for-amazon-s3/) or for non-AWS services using the S3 API, like [DigitalOcean Spaces](https://www.digitalocean.com/community/tools/adapting-an-existing-aws-s3-application-to-digitalocean-spaces). | `env` | No | Automatic (`s3.amazonaws.com` or AWS's region-specific equivalent) | +| `SOURCE_DIR` | The local directory you wish to sync/upload to S3. For example, `public`. Defaults to your entire repository. | `env` | No | `./` (root of cloned repository) | +| `DEST_DIR` | The directory inside of the S3 bucket you wish to sync/upload to. For example, `my_project/assets`. Defaults to the root of the bucket. | `env` | No | `/` | ## License diff --git a/entrypoint.sh b/entrypoint.sh index cf0ae48..466e69c 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -17,22 +17,18 @@ if [ -z "$AWS_SECRET_ACCESS_KEY" ]; then exit 1 fi +# Default to us-east-1 if AWS_REGION not set. if [ -z "$AWS_REGION" ]; then - echo "AWS_REGION is not set. Quitting." - exit 1 + AWS_REGION="us-east-1" fi -# Default to CLI defined AWS endpoint -ENDPOINT_APPEND="" -if [ "$AWS_S3_ENDPOINT" ]; then +# Override default AWS endpoint if user sets AWS_S3_ENDPOINT. +if [ -n "$AWS_S3_ENDPOINT" ]; then ENDPOINT_APPEND="--endpoint-url $AWS_S3_ENDPOINT" fi -# Default to syncing entire repo if SOURCE_DIR not set. -SOURCE_DIR=${SOURCE_DIR:-.} - -# Create a dedicated profile for this action to avoid -# conflicts with other actions. +# Create a dedicated profile for this action to avoid conflicts +# with past/future actions. # https://github.com/jakejarvis/s3-sync-action/issues/1 aws configure --profile s3-sync-action <<-EOF > /dev/null 2>&1 ${AWS_ACCESS_KEY_ID} @@ -41,8 +37,20 @@ ${AWS_REGION} text EOF -# Use our dedicated profile and suppress verbose messages. -# All other flags are optional via `args:` directive. -sh -c "aws s3 sync ${SOURCE_DIR} s3://${AWS_S3_BUCKET}/${DEST_DIR} \ - --profile s3-sync-action ${ENDPOINT_APPEND} \ - --no-progress $*" +# Sync using our dedicated profile and suppress verbose messages. +# All other flags are optional via the `args:` directive. +sh -c "aws s3 sync ${SOURCE_DIR:-.} s3://${AWS_S3_BUCKET}/${DEST_DIR} \ + --profile s3-sync-action \ + --no-progress \ + ${ENDPOINT_APPEND} $*" + +# Clear out credentials after we're done. +# We need to re-run `aws configure` with bogus input instead of +# deleting ~/.aws in case there are other credentials living there. +# https://forums.aws.amazon.com/thread.jspa?threadID=148833 +aws configure --profile s3-sync-action <<-EOF > /dev/null 2>&1 +null +null +null +text +EOF