Add setup AWS CA action (#64)

Author: s-vitaliy

README.md

@@ -19,6 +19,7 @@ Available actions are:
 14. [update_airflow_variables](#update_airflow_variables)
 15. [contribute_changes](#contribute_changes)
 16. [activate_workflow](#activate_workflow)
+16. [setup_aws_ca](#setup_aws_ca)
 
 ## semver_release
 
@@ -801,3 +802,54 @@ jobs:
           project_name: ${{ env.PROJECT_NAME }}
         id: read
 ```
+
+## setup_aws_ca 
+
+Setup AWS CodeArtifact credentials
+
+### Inputs
+| Name                | Description                                      | Optional | Default Value |
+|---------------------|:-------------------------------------------------|----------|---------------|
+| aws_access_key      | AWS access key                                   | False    |               |
+| aws_access_key_id   | AWS access key ID                                | False    |               |
+| mode                | Setup for read or publish                        | False    |               |
+| aws_ca_domain       | AWS CodeArtifact domain                          | False    |               |
+| aws_ca_domain_owner | AWS CodeArtifact domain owner name               | False    |               |
+| aws_ca_repository   | AWS CodeArtifact repository name                 | False    |               |
+| aws_region          | AWS region where the artifact storage is located | True     | eu-central-1  |
+
+### Outputs
+| Name  | Description                                           |
+|-------|:------------------------------------------------------|
+| url   | Python artifact storage URL (pip or twine-compatible) |
+| user  | User Name                                             |
+| token | Access token                                          |
+
+### Usage
+```yaml
+name: Deploy latest tag
+
+on:
+  workflow_dispatch:
+
+jobs:
+  create_release:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Setup AWS CA
+        uses: SneaksAndData/github-actions/setup_aws_ca@v0.1.1
+        with:
+          aws_access_key: ${{ env.AWS_ACCESS_KEY }}
+          aws_access_key_id: ${{ env.AWS_ACCESS_KEY_ID }}
+          mode: read
+          aws_ca_domain: some-domain
+          aws_ca_domain_owner: some-domain-owner
+          aws_ca_repository: some-repository
+        id: aws_ca
+      - name: Install Poetry and dependencies
+        uses: SneaksAndData/github-actions/install_poetry@v0.1.0
+        with:
+          pypi_repo_url: ${{ steps.aws_ca.outputs.url }}
+          pypi_token_username: ${{ steps.aws_ca.outputs.user }}
+          pypi_token: ${{ steps.aws_ca.outputs.token }}
+```

setup_aws_ca/action.yaml

@@ -0,0 +1,66 @@
+name: Setup AWS CA
+description: Setup AWS Code Artifacts credentials
+
+branding:
+  icon: 'tag'
+  color: 'green'
+
+inputs:
+  aws_access_key:
+    description: AWS access key
+    required: true
+
+  aws_access_key_id:
+    description: AWS access key id
+    required: true
+
+  mode:
+    description: Setup for read or publish
+    required: true
+
+  aws_ca_domain:
+    description: AWS CodeArtifact domain
+    required: true
+
+  aws_ca_domain_owner:
+    description: AWS CodeArtifact domain owner name
+    required: true
+
+  aws_ca_repository:
+    description: AWS CodeArtifact repository name
+    required: true
+
+  aws_region:
+    description: AWS region where the artifact storage is located
+    required: false
+    default: eu-central-1
+
+
+outputs:
+  url:
+    description: AWS CodeArtifact URl
+    value: ${{ steps.aws_ca.outputs.url }}
+  user:
+    description: AWS CodeArtifact username
+    value: ${{ steps.aws_ca.outputs.user }}
+  token:
+    description: AWS CodeArtifact access token
+    value: ${{ steps.aws_ca.outputs.token }}
+
+runs:
+  using: "composite"
+  steps:
+    - name: Configure AWS Credentials
+      uses: aws-actions/configure-aws-credentials@v3
+      with:
+        aws-secret-access-key:  ${{ inputs.aws_access_key }}
+        aws-access-key-id:  ${{ inputs.aws_access_key_id }}
+        aws-region: ${{ inputs.aws_region }}
+    - run: $GITHUB_ACTION_PATH/setup_aws_ca.sh
+      id: aws_ca
+      env:
+        MODE: ${{ inputs.mode }}
+        AWS_CA_DOMAIN: ${{ inputs.aws_ca_domain }}
+        AWS_CA_DOMAIN_OWNER: ${{ inputs.aws_ca_domain_owner }}
+        AWS_REGION: ${{ inputs.aws_region }}
+      shell: bash

setup_aws_ca/setup_aws_ca.sh

@@ -0,0 +1,37 @@
+#!/usr/bin/env bash
+
+#  Copyright (c) 2022 Ecco Sneaks & Data
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+
+set -Eeuo pipefail
+
+token="$(aws codeartifact get-authorization-token --domain "$AWS_CA_DOMAIN" --domain-owner "$AWS_CA_DOMAIN_OWNER" --region "$AWS_REGION" --query authorizationToken --output text)"
+echo "::add-mask::$token"
+echo "token=$token" >> "$GITHUB_OUTPUT"
+
+if [[ "$MODE" == "read" ]]
+then
+  url="$(aws codeartifact get-repository-endpoint --domain "$AWS_CA_DOMAIN" --domain-owner "$AWS_CA_DOMAIN_OWNER" --repository "$AWS_CA_REPOSITORY" --region "$AWS_REGION" --format pypi --query repositoryEndpoint --output text)/simple/"
+elif [[ "$MODE" == "publish" ]]
+then
+  url="$(aws codeartifact get-repository-endpoint --domain "$AWS_CA_DOMAIN" --domain-owner "$AWS_CA_DOMAIN_OWNER" --repository "$AWS_CA_REPOSITORY" --region "$AWS_REGION" --format pypi --query repositoryEndpoint --output text)"
+else
+  >&2 echo "Unknown mode: $MODE"
+  exit 1
+fi;
+
+echo "::add-mask::$url"
+echo "url=$url" >> "$GITHUB_OUTPUT"
+
+echo "user=aws" >> "$GITHUB_OUTPUT"