Skip to content

PREQ-3880 AWS credentials refactor#32

Merged
mikolaj-matuszny-ext-sonarsource merged 1 commit intomasterfrom
feat/mmatuszny/PREQ-3880-fix-attempt
Feb 3, 2026
Merged

PREQ-3880 AWS credentials refactor#32
mikolaj-matuszny-ext-sonarsource merged 1 commit intomasterfrom
feat/mmatuszny/PREQ-3880-fix-attempt

Conversation

@mikolaj-matuszny-ext-sonarsource
Copy link
Contributor

@mikolaj-matuszny-ext-sonarsource mikolaj-matuszny-ext-sonarsource commented Feb 3, 2026
edited
Loading

  • Replaced static cache credentials with a credential_process-backed AWS profile to avoid leaking credentials into user steps.
  • Added cache-credential-process.sh to fetch short‑lived Cognito credentials on demand (OIDC → Cognito).
  • Updated action.yml to register the gh-action-cache profile in ~/.aws/config and scope AWS env vars to the cache step only.
  • Ensured cache step uses AWS_SDK_LOAD_CONFIG=1 with AWS_PROFILE/AWS_DEFAULT_PROFILE=gh-action-cache so runs-on/cache post step can still authenticate.
  • Hardened the credential process script with dependency checks and timeouts to prevent silent hangs.

Testing in runs 2 (create) and 3 (restore) in https://github.com/SonarSource/re-service-config/actions/runs/21628716053/job/62335779648

@mikolaj-matuszny-ext-sonarsource mikolaj-matuszny-ext-sonarsource force-pushed the feat/mmatuszny/PREQ-3880-fix-attempt branch from 502f93f to bffe55c Compare February 3, 2026 11:30
julien-carsique-sonarsource
julien-carsique-sonarsource approved these changes Feb 3, 2026
View reviewed changes
@mikolaj-matuszny-ext-sonarsource mikolaj-matuszny-ext-sonarsource force-pushed the feat/mmatuszny/PREQ-3880-fix-attempt branch from bffe55c to 9bd8749 Compare February 3, 2026 14:37
@mikolaj-matuszny-ext-sonarsource mikolaj-matuszny-ext-sonarsource merged commit 9d7be1f into master Feb 3, 2026
4 checks passed
@mikolaj-matuszny-ext-sonarsource mikolaj-matuszny-ext-sonarsource deleted the feat/mmatuszny/PREQ-3880-fix-attempt branch February 3, 2026 14:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@julien-carsique-sonarsource julien-carsique-sonarsource julien-carsique-sonarsource approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mikolaj-matuszny-ext-sonarsource @julien-carsique-sonarsource