From c18ecedee1e42ccbac620b75e6efbeb04ea8a31a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miko=C5=82aj=20Matuszny?= Date: Tue, 1 Jul 2025 09:10:46 +0200 Subject: [PATCH 1/6] Adjust action repository --- .gitignore | 1 + action.yml | 99 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 100 insertions(+) create mode 100644 .gitignore create mode 100644 action.yml diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..5eec986 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.claude diff --git a/action.yml b/action.yml new file mode 100644 index 0000000..066c662 --- /dev/null +++ b/action.yml @@ -0,0 +1,99 @@ +name: 'Branch-Specific S3 Cache' +description: 'Cache files on S3 with branch-specific paths for granular permissions' +author: 'SonarSource' + +inputs: + path: + description: 'A list of files, directories, and wildcard patterns to cache and restore' + required: true + key: + description: 'An explicit key for restoring and saving the cache' + required: true + restore-keys: + description: 'An ordered list of prefix-matched keys to use for restoring stale cache if no cache hit occurred for key' + required: false + upload-chunk-size: + description: 'The chunk size used to split up large files during upload, in bytes' + required: false + enableCrossOsArchive: + description: 'An optional boolean when enabled, allows windows runners to save or restore caches that can be restored or saved respectively on other platforms' + default: 'false' + required: false + fail-on-cache-miss: + description: 'Fail the workflow if cache entry is not found' + default: 'false' + required: false + lookup-only: + description: 'Check if a cache entry exists for the given input(s) (key, restore-keys) without downloading the cache' + default: 'false' + required: false + s3-bucket: + description: 'S3 bucket name for cache storage' + required: false + default: 'sonar-gh-cache-bucket' + +outputs: + cache-hit: + description: 'A boolean value to indicate an exact match was found for the primary key' + value: ${{ steps.cache.outputs.cache-hit }} + +runs: + using: 'composite' + steps: + # - name: Configure AWS credentials + # uses: aws-actions/configure-aws-credentials@b47578312673ae6fa5b5096b330d9fbac3d116df # v4.2.1 + # with: + # role-to-assume: arn:aws:iam::460386131003:role/deploymentroles/DevInfraSquadDockerImagesInfraWebIdentityAccessRole + # aws-region: eu-central-1 + + - name: Validate branch reference + shell: bash + run: | + if [ -z "$GITHUB_HEAD_REF" ]; then + echo "::error::GITHUB_HEAD_REF environment variable is not set" + exit 1 + fi + echo "Using branch reference: $GITHUB_HEAD_REF" + + - name: Prepare cache keys + shell: bash + id: prepare-keys + run: | + # Prepend GITHUB_HEAD_REF to the main cache key + BRANCH_KEY="${GITHUB_HEAD_REF}/${{ inputs.key }}" + echo "branch-key=${BRANCH_KEY}" >> $GITHUB_OUTPUT + + # Prepend GITHUB_HEAD_REF to restore keys if they exist + if [ -n "${{ inputs.restore-keys }}" ]; then + RESTORE_KEYS="" + while IFS= read -r line; do + if [ -n "$line" ]; then + if [ -n "$RESTORE_KEYS" ]; then + RESTORE_KEYS="${RESTORE_KEYS}"$'\n'"${GITHUB_HEAD_REF}/${line}" + else + RESTORE_KEYS="${GITHUB_HEAD_REF}/${line}" + fi + fi + done <<< "${{ inputs.restore-keys }}" + echo "branch-restore-keys<> $GITHUB_OUTPUT + echo "$RESTORE_KEYS" >> $GITHUB_OUTPUT + echo "EOF" >> $GITHUB_OUTPUT + fi + + - name: Cache with runs-on/cache + uses: runs-on/cache@v4 + id: cache + env: + RUNS_ON_S3_BUCKET_CACHE: ${{ inputs.s3-bucket }} + with: + path: ${{ inputs.path }} + key: ${{ steps.prepare-keys.outputs.branch-key }} + restore-keys: ${{ steps.prepare-keys.outputs.branch-restore-keys }} + upload-chunk-size: ${{ inputs.upload-chunk-size }} + enableCrossOsArchive: ${{ inputs.enableCrossOsArchive }} + fail-on-cache-miss: ${{ inputs.fail-on-cache-miss }} + lookup-only: ${{ inputs.lookup-only }} + +branding: + icon: 'upload-cloud' + color: 'blue' From 32ac037fd4156df44a00c9befdc30f98cb98501d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miko=C5=82aj=20Matuszny?= Date: Tue, 1 Jul 2025 13:11:01 +0200 Subject: [PATCH 2/6] Introduce cognito --- action.yml | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/action.yml b/action.yml index 066c662..44daf4d 100644 --- a/action.yml +++ b/action.yml @@ -43,9 +43,24 @@ runs: # - name: Configure AWS credentials # uses: aws-actions/configure-aws-credentials@b47578312673ae6fa5b5096b330d9fbac3d116df # v4.2.1 # with: - # role-to-assume: arn:aws:iam::460386131003:role/deploymentroles/DevInfraSquadDockerImagesInfraWebIdentityAccessRole + # role-to-assume: arn:aws:iam::460386131003:role/SonarGitHubActionsS3CacheRole # aws-region: eu-central-1 + - name: Authenticate using Enhanced AuthFlow + uses: catnekaise/cognito-idpool-auth@main + with: + auth-flow: enhanced + cognito-identity-pool-id: eu-central-1:502e0bc7-5fdf-4cbc-bd38-0119f310fcef + aws-account-id: 460386131003 + aws-region: eu-central-1 + audience: cognito-identity.amazonaws.com + set-in-environment: true + + - name: "STS Get Caller Identity" + shell: bash + run: | + aws sts get-caller-identity + - name: Validate branch reference shell: bash run: | From 54c2752b4ca9eb0ed188b07f6e42367d60ce3acf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miko=C5=82aj=20Matuszny?= Date: Thu, 3 Jul 2025 07:35:03 +0200 Subject: [PATCH 3/6] Cognito auth --- action.yml | 77 ++++++++++++++++++++++++++++++++++++------------------ 1 file changed, 52 insertions(+), 25 deletions(-) diff --git a/action.yml b/action.yml index 44daf4d..41bb4e6 100644 --- a/action.yml +++ b/action.yml @@ -40,35 +40,53 @@ outputs: runs: using: 'composite' steps: - # - name: Configure AWS credentials - # uses: aws-actions/configure-aws-credentials@b47578312673ae6fa5b5096b330d9fbac3d116df # v4.2.1 - # with: - # role-to-assume: arn:aws:iam::460386131003:role/SonarGitHubActionsS3CacheRole - # aws-region: eu-central-1 - - - name: Authenticate using Enhanced AuthFlow - uses: catnekaise/cognito-idpool-auth@main - with: - auth-flow: enhanced - cognito-identity-pool-id: eu-central-1:502e0bc7-5fdf-4cbc-bd38-0119f310fcef - aws-account-id: 460386131003 - aws-region: eu-central-1 - audience: cognito-identity.amazonaws.com - set-in-environment: true - - - name: "STS Get Caller Identity" + - name: Authenticate to AWS shell: bash + id: aws-auth + env: # TODO: Another set of variables needed for production, support GH cache BUILD-8451 + POOL_ID: eu-central-1:9baeef83-23fd-40a3-83f1-3d8ac55547ec + AWS_ACCOUNT_ID: 460386131003 + IDENTITY_PROVIDER_NAME: token.actions.githubusercontent.com + AUDIENCE: cognito-identity.amazonaws.com + AWS_REGION: eu-central-1 run: | - aws sts get-caller-identity + # Get GitHub Actions ID token + ACCESS_TOKEN=$(curl -sLS -H "Authorization: bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" "$ACTIONS_ID_TOKEN_REQUEST_URL&audience=$AUDIENCE" | jq -r ".value") - - name: Validate branch reference - shell: bash - run: | - if [ -z "$GITHUB_HEAD_REF" ]; then - echo "::error::GITHUB_HEAD_REF environment variable is not set" + # Get Identity ID + identityId=$(aws cognito-identity get-id \ + --identity-pool-id "$POOL_ID" \ + --account-id "$AWS_ACCOUNT_ID" \ + --logins '{"'"$IDENTITY_PROVIDER_NAME"'":"'"$ACCESS_TOKEN"'"}' \ + --query 'IdentityId' --output text) + + # Get and validate AWS credentials + awsCredentials=$(aws cognito-identity get-credentials-for-identity \ + --identity-id "$identityId" \ + --logins '{"'"$IDENTITY_PROVIDER_NAME"'":"'"$ACCESS_TOKEN"'"}') + + AWS_ACCESS_KEY_ID=$(echo "$awsCredentials" | jq -r ".Credentials.AccessKeyId") + AWS_SECRET_ACCESS_KEY=$(echo "$awsCredentials" | jq -r ".Credentials.SecretKey") + AWS_SESSION_TOKEN=$(echo "$awsCredentials" | jq -r ".Credentials.SessionToken") + + if [[ "$AWS_ACCESS_KEY_ID" == "null" || -z "$AWS_ACCESS_KEY_ID" ]]; then + echo "::error::Failed to obtain AWS Access Key ID" + exit 1 + fi + + if [[ "$AWS_SECRET_ACCESS_KEY" == "null" || -z "$AWS_SECRET_ACCESS_KEY" ]]; then + echo "::error::Failed to obtain AWS Secret Access Key" exit 1 fi - echo "Using branch reference: $GITHUB_HEAD_REF" + + if [[ "$AWS_SESSION_TOKEN" == "null" || -z "$AWS_SESSION_TOKEN" ]]; then + echo "::error::Failed to obtain AWS Session Token" + exit 1 + fi + + echo "AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID" >> $GITHUB_ENV + echo "AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY" >> $GITHUB_ENV + echo "AWS_SESSION_TOKEN=$AWS_SESSION_TOKEN" >> $GITHUB_ENV - name: Prepare cache keys shell: bash @@ -78,9 +96,10 @@ runs: BRANCH_KEY="${GITHUB_HEAD_REF}/${{ inputs.key }}" echo "branch-key=${BRANCH_KEY}" >> $GITHUB_OUTPUT - # Prepend GITHUB_HEAD_REF to restore keys if they exist + # Process restore keys: keep branch-specific keys and add fallback to default branch if [ -n "${{ inputs.restore-keys }}" ]; then RESTORE_KEYS="" + # First, add branch-specific restore keys while IFS= read -r line; do if [ -n "$line" ]; then if [ -n "$RESTORE_KEYS" ]; then @@ -90,6 +109,14 @@ runs: fi fi done <<< "${{ inputs.restore-keys }}" + + # Then, add default branch fallback keys (without GITHUB_HEAD_REF prefix) + while IFS= read -r line; do + if [ -n "$line" ]; then + RESTORE_KEYS="${RESTORE_KEYS}"$'\n'"${line}" + fi + done <<< "${{ inputs.restore-keys }}" + echo "branch-restore-keys<> $GITHUB_OUTPUT echo "$RESTORE_KEYS" >> $GITHUB_OUTPUT echo "EOF" >> $GITHUB_OUTPUT From 04337fe67c77691360afc21cadbd17c0621671be Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miko=C5=82aj=20Matuszny?= Date: Thu, 3 Jul 2025 08:19:39 +0200 Subject: [PATCH 4/6] added readme and examples --- .github/CODEOWNERS | 1 + .github/workflows/test-action.yml | 80 +++++++++++++++++++++++++++++++ README.md | 51 +++++++++++++++++++- action.yml | 10 +++- 4 files changed, 138 insertions(+), 4 deletions(-) create mode 100644 .github/workflows/test-action.yml diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 49962b7..27f6ef6 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -1,2 +1,3 @@ # https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners * @sonarsource/platform-team +* @platform-eng-xp-squad diff --git a/.github/workflows/test-action.yml b/.github/workflows/test-action.yml new file mode 100644 index 0000000..514d4e4 --- /dev/null +++ b/.github/workflows/test-action.yml @@ -0,0 +1,80 @@ +name: Example Usage + +on: + push: + branches: [ master ] + pull_request: + branches: [ master ] + +jobs: + build: + runs-on: sonar-runner-large + permissions: + id-token: write + contents: read + + steps: + - uses: actions/checkout@v4 + + - name: Setup Python + uses: actions/setup-python@v4 + with: + python-version: '3.9' + + - name: Cache Python dependencies + uses: ./ + with: + path: | + ~/.cache/pip + key: ${{ runner.os }}-python-pytest-requests + restore-keys: | + ${{ runner.os }}-python- + + - name: Install dependencies + run: | + python -m pip install --upgrade pip + pip install pytest requests + + - name: Run tests + run: python -m pytest --version + + cache-with-fallback: + runs-on: sonar-runner-large + permissions: + id-token: write + contents: read + + steps: + - uses: actions/checkout@v4 + + - name: Setup Go + uses: actions/setup-go@v4 + with: + go-version: '1.21' + + - name: Cache Go modules with multiple restore keys + uses: ./ + with: + path: | + ~/go/pkg/mod + ~/.cache/go-build + key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} + restore-keys: | + ${{ runner.os }}-go-${{ hashFiles('**/go.mod') }} + ${{ runner.os }}-go- + fail-on-cache-miss: false + + - name: Create simple Go module + run: | + go mod init example + echo 'package main + import "fmt" + func main() { + fmt.Println("Hello, World!") + }' > main.go + + - name: Download dependencies + run: go mod download + + - name: Build + run: go build -o hello main.go diff --git a/README.md b/README.md index 4957f81..b7450f5 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,50 @@ -# gh-action-cache +# S3 Cache Action -GitHub action for caching in AWS S3 +A GitHub Action that provides branch-specific caching on AWS S3 with intelligent fallback to default branch cache entries. + +## Features + +- **Branch-specific caching**: Cache entries are prefixed with `GITHUB_HEAD_REF` for granular permissions +- **Intelligent fallback**: Feature branches can fall back to default branch cache when no branch-specific cache exists +- **S3 storage**: Leverages AWS S3 for reliable, scalable cache storage +- **AWS Cognito authentication**: Secure authentication using GitHub Actions OIDC tokens +- **Compatible with actions/cache**: Drop-in replacement with same interface + +## Usage + +```yaml +- uses: SonarSource/gh-action_cache@v1 + with: + path: | + ~/.npm + ~/.cache + key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} + restore-keys: | + ${{ runner.os }}-node- + s3-bucket: your-cache-bucket +``` + +## Inputs + +| Input | Description | Required | Default | +|-------|-------------|----------|---------| +| `path` | Files, directories, and wildcard patterns to cache | Yes | | +| `key` | Explicit key for restoring and saving cache | Yes | | +| `restore-keys` | Ordered list of prefix-matched keys for fallback | No | | +| `s3-bucket` | S3 bucket name for cache storage | No | `sonarsource-s3-cache-dev-bucket` | +| `upload-chunk-size` | Chunk size for large file uploads (bytes) | No | | +| `enableCrossOsArchive` | Enable cross-OS cache compatibility | No | `false` | +| `fail-on-cache-miss` | Fail workflow if cache entry not found | No | `false` | +| `lookup-only` | Only check cache existence without downloading | No | `false` | + +## Outputs + +| Output | Description | +|--------|-------------| +| `cache-hit` | Boolean indicating exact match for primary key | + +## Security + +- Uses GitHub Actions OIDC tokens for secure authentication +- No long-lived AWS credentials required +- Branch-specific paths provide isolation between branches diff --git a/action.yml b/action.yml index 41bb4e6..9ea900c 100644 --- a/action.yml +++ b/action.yml @@ -30,7 +30,7 @@ inputs: s3-bucket: description: 'S3 bucket name for cache storage' required: false - default: 'sonar-gh-cache-bucket' + default: 'sonarsource-s3-cache-dev-bucket' outputs: cache-hit: @@ -52,6 +52,7 @@ runs: run: | # Get GitHub Actions ID token ACCESS_TOKEN=$(curl -sLS -H "Authorization: bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" "$ACTIONS_ID_TOKEN_REQUEST_URL&audience=$AUDIENCE" | jq -r ".value") + echo "::add-mask::$ACCESS_TOKEN" # Get Identity ID identityId=$(aws cognito-identity get-id \ @@ -69,6 +70,10 @@ runs: AWS_SECRET_ACCESS_KEY=$(echo "$awsCredentials" | jq -r ".Credentials.SecretKey") AWS_SESSION_TOKEN=$(echo "$awsCredentials" | jq -r ".Credentials.SessionToken") + echo "::add-mask::$AWS_ACCESS_KEY_ID" + echo "::add-mask::$AWS_SECRET_ACCESS_KEY" + echo "::add-mask::$AWS_SESSION_TOKEN" + if [[ "$AWS_ACCESS_KEY_ID" == "null" || -z "$AWS_ACCESS_KEY_ID" ]]; then echo "::error::Failed to obtain AWS Access Key ID" exit 1 @@ -116,7 +121,7 @@ runs: RESTORE_KEYS="${RESTORE_KEYS}"$'\n'"${line}" fi done <<< "${{ inputs.restore-keys }}" - + echo "branch-restore-keys<> $GITHUB_OUTPUT echo "$RESTORE_KEYS" >> $GITHUB_OUTPUT echo "EOF" >> $GITHUB_OUTPUT @@ -127,6 +132,7 @@ runs: id: cache env: RUNS_ON_S3_BUCKET_CACHE: ${{ inputs.s3-bucket }} + AWS_DEFAULT_REGION: eu-central-1 with: path: ${{ inputs.path }} key: ${{ steps.prepare-keys.outputs.branch-key }} From ba74cc411b3ed9a5e7a263ccd4299ee7a683982f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miko=C5=82aj=20Matuszny?= Date: Fri, 4 Jul 2025 13:22:37 +0200 Subject: [PATCH 5/6] Changes after review --- .github/CODEOWNERS | 3 +-- .github/workflows/test-action.yml | 41 +++++++++---------------------- .tool-versions | 2 ++ README.md | 4 +-- action.yml | 5 ++-- 5 files changed, 19 insertions(+), 36 deletions(-) create mode 100644 .tool-versions diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 27f6ef6..78a8c18 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -1,3 +1,2 @@ # https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners -* @sonarsource/platform-team -* @platform-eng-xp-squad +@sonarsource/platform-eng-xp-squad diff --git a/.github/workflows/test-action.yml b/.github/workflows/test-action.yml index 514d4e4..19fac1d 100644 --- a/.github/workflows/test-action.yml +++ b/.github/workflows/test-action.yml @@ -1,69 +1,54 @@ -name: Example Usage +name: Test on: push: branches: [ master ] pull_request: - branches: [ master ] jobs: build: - runs-on: sonar-runner-large + runs-on: ubuntu-24.04-large permissions: id-token: write contents: read steps: - - uses: actions/checkout@v4 - - - name: Setup Python - uses: actions/setup-python@v4 - with: - python-version: '3.9' - + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: jdx/mise-action@5cb1df66ed5e1fb3c670ea0b62fd17a76979826a # v2.3.1 - name: Cache Python dependencies uses: ./ with: path: | ~/.cache/pip - key: ${{ runner.os }}-python-pytest-requests - restore-keys: | - ${{ runner.os }}-python- - + key: python-${{ runner.os }}-pytest-requests + restore-keys: python-${{ runner.os }}- - name: Install dependencies run: | python -m pip install --upgrade pip pip install pytest requests - - name: Run tests run: python -m pytest --version cache-with-fallback: - runs-on: sonar-runner-large + runs-on: ubuntu-24.04-large permissions: id-token: write contents: read steps: - - uses: actions/checkout@v4 - - - name: Setup Go - uses: actions/setup-go@v4 - with: - go-version: '1.21' - + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: jdx/mise-action@5cb1df66ed5e1fb3c670ea0b62fd17a76979826a # v2.3.1 - name: Cache Go modules with multiple restore keys uses: ./ with: path: | ~/go/pkg/mod ~/.cache/go-build - key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} + key: go-${{ runner.os }}-${{ hashFiles('**/go.sum') }} restore-keys: | - ${{ runner.os }}-go-${{ hashFiles('**/go.mod') }} - ${{ runner.os }}-go- + go-${{ runner.os }}-${{ hashFiles('**/go.mod') }} + go-${{ runner.os }}- fail-on-cache-miss: false - - name: Create simple Go module run: | go mod init example @@ -72,9 +57,7 @@ jobs: func main() { fmt.Println("Hello, World!") }' > main.go - - name: Download dependencies run: go mod download - - name: Build run: go build -o hello main.go diff --git a/.tool-versions b/.tool-versions new file mode 100644 index 0000000..2fb07a0 --- /dev/null +++ b/.tool-versions @@ -0,0 +1,2 @@ +python 3.13.5 +go 1.21.13 \ No newline at end of file diff --git a/README.md b/README.md index b7450f5..65dab0f 100644 --- a/README.md +++ b/README.md @@ -18,9 +18,9 @@ A GitHub Action that provides branch-specific caching on AWS S3 with intelligent path: | ~/.npm ~/.cache - key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} + key: node-${{ runner.os }}-${{ hashFiles('**/package-lock.json') }} restore-keys: | - ${{ runner.os }}-node- + node-${{ runner.os }} s3-bucket: your-cache-bucket ``` diff --git a/action.yml b/action.yml index 9ea900c..8b227f1 100644 --- a/action.yml +++ b/action.yml @@ -1,4 +1,4 @@ -name: 'Branch-Specific S3 Cache' +name: 'S3 Cache action' description: 'Cache files on S3 with branch-specific paths for granular permissions' author: 'SonarSource' @@ -42,7 +42,6 @@ runs: steps: - name: Authenticate to AWS shell: bash - id: aws-auth env: # TODO: Another set of variables needed for production, support GH cache BUILD-8451 POOL_ID: eu-central-1:9baeef83-23fd-40a3-83f1-3d8ac55547ec AWS_ACCOUNT_ID: 460386131003 @@ -128,7 +127,7 @@ runs: fi - name: Cache with runs-on/cache - uses: runs-on/cache@v4 + uses: runs-on/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 id: cache env: RUNS_ON_S3_BUCKET_CACHE: ${{ inputs.s3-bucket }} From 84be6bebe308ade25f3fcc9ed2a31fb1a9604bc7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miko=C5=82aj=20Matuszny?= Date: Fri, 4 Jul 2025 13:23:36 +0200 Subject: [PATCH 6/6] testing cache --- .github/workflows/test-action.yml | 4 ++-- .tool-versions | 2 +- action.yml | 10 ++-------- 3 files changed, 5 insertions(+), 11 deletions(-) diff --git a/.github/workflows/test-action.yml b/.github/workflows/test-action.yml index 19fac1d..39c8e46 100644 --- a/.github/workflows/test-action.yml +++ b/.github/workflows/test-action.yml @@ -7,7 +7,7 @@ on: jobs: build: - runs-on: ubuntu-24.04-large + runs-on: sonar-runner-large permissions: id-token: write contents: read @@ -30,7 +30,7 @@ jobs: run: python -m pytest --version cache-with-fallback: - runs-on: ubuntu-24.04-large + runs-on: sonar-runner-large permissions: id-token: write contents: read diff --git a/.tool-versions b/.tool-versions index 2fb07a0..c7168b1 100644 --- a/.tool-versions +++ b/.tool-versions @@ -1,2 +1,2 @@ python 3.13.5 -go 1.21.13 \ No newline at end of file +go 1.21.13 diff --git a/action.yml b/action.yml index 8b227f1..da56450 100644 --- a/action.yml +++ b/action.yml @@ -11,25 +11,19 @@ inputs: required: true restore-keys: description: 'An ordered list of prefix-matched keys to use for restoring stale cache if no cache hit occurred for key' - required: false upload-chunk-size: description: 'The chunk size used to split up large files during upload, in bytes' - required: false enableCrossOsArchive: description: 'An optional boolean when enabled, allows windows runners to save or restore caches that can be restored or saved respectively on other platforms' default: 'false' - required: false fail-on-cache-miss: description: 'Fail the workflow if cache entry is not found' default: 'false' - required: false lookup-only: description: 'Check if a cache entry exists for the given input(s) (key, restore-keys) without downloading the cache' default: 'false' - required: false s3-bucket: description: 'S3 bucket name for cache storage' - required: false default: 'sonarsource-s3-cache-dev-bucket' outputs: @@ -43,7 +37,7 @@ runs: - name: Authenticate to AWS shell: bash env: # TODO: Another set of variables needed for production, support GH cache BUILD-8451 - POOL_ID: eu-central-1:9baeef83-23fd-40a3-83f1-3d8ac55547ec + POOL_ID: eu-central-1:2f2d946d-08df-415c-9b0c-d097bef49dcc AWS_ACCOUNT_ID: 460386131003 IDENTITY_PROVIDER_NAME: token.actions.githubusercontent.com AUDIENCE: cognito-identity.amazonaws.com @@ -127,7 +121,7 @@ runs: fi - name: Cache with runs-on/cache - uses: runs-on/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 + uses: runs-on/cache@3a15256b3556fbc5ae15f7f04598e4c7680e9c25 # v4.0.0 id: cache env: RUNS_ON_S3_BUCKET_CACHE: ${{ inputs.s3-bucket }}