Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support additional session tags like GITHUB_BASE_REF and GITHUB_EVENT_NAME #390

Open
jsimoni opened this issue Feb 17, 2022 · 4 comments
Open

Support additional session tags like GITHUB_BASE_REF and GITHUB_EVENT_NAME #390

jsimoni opened this issue Feb 17, 2022 · 4 comments
Labels
effort/small This issue will take less than a day of effort to fix feature-request A feature should be added or improved. p2

Comments

@jsimoni
Copy link

jsimoni commented Feb 17, 2022

We'd like to be create a trust document on the AWS Role assumed by GitHub Action workflow that only authorizes a workflow that runs on a pull request that targets a specific branch. In order to do that, we would need this GitHub Action to populate Session Tags with the values in the GITHUB_BASE_REF & GITHUB_EVENT_NAME environmental variables.

https://github.com/aws-actions/configure-aws-credentials#session-tagging
@peterwoodworth peterwoodworth added the needs-triage This issue still needs to be triaged label Oct 4, 2022
@peterwoodworth
Copy link
Contributor

We should be able to support additional, non-required environment variables as session tags. Thanks for the suggestion!

Documentation here for future reference

@peterwoodworth peterwoodworth added p2 effort/small This issue will take less than a day of effort to fix and removed needs-triage This issue still needs to be triaged labels Oct 10, 2022
@peterwoodworth
Copy link
Contributor

You can currently work around your specific issue through your action configuration like so until we may implement this:

on:
  pull_request_target:
    types:
      - opened
    branches:    
      - 'master'
  push:
    branches:    
      - 'master'

@peterwoodworth peterwoodworth mentioned this issue Oct 10, 2022
Closed
@peterwoodworth
Copy link
Contributor

When we implement this I think the expectation is that you would add PrincipalTag to the condition in your trust policy, is that correct?

@jsimoni
Copy link
Author

jsimoni commented Oct 11, 2022

@peterwoodworth, yes that's correct.

@peterwoodworth peterwoodworth added the feature-request A feature should be added or improved. label Oct 11, 2022
@peterwoodworth peterwoodworth changed the title GITHUB_BASE_REF & GITHUB_EVENT_NAME Session Tag Support additional session tags like GITHUB_BASE_REF and GITHUB_EVENT_NAME Oct 11, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
effort/small This issue will take less than a day of effort to fix feature-request A feature should be added or improved. p2
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jsimoni @peterwoodworth