{"id":13622683,"url":"https://github.com/KnowKit/configure-aws-codeartifact","last_synced_at":"2025-04-15T09:33:37.692Z","repository":{"id":37066900,"uuid":"498223603","full_name":"KnowKit/configure-aws-codeartifact","owner":"KnowKit","description":"custom Github Action to use AWS CodeArtifact token in Github Actions Workflow","archived":false,"fork":false,"pushed_at":"2023-03-07T22:05:29.000Z","size":860,"stargazers_count":1,"open_issues_count":8,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2024-11-08T10:47:55.409Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/KnowKit.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-05-31T07:03:24.000Z","updated_at":"2022-12-30T14:10:11.000Z","dependencies_parsed_at":"2024-01-14T06:04:14.253Z","dependency_job_id":"24b6a9b9-7276-4e9b-b25e-dd9fa5bd2429","html_url":"https://github.com/KnowKit/configure-aws-codeartifact","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":"actions/javascript-action","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/KnowKit%2Fconfigure-aws-codeartifact","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/KnowKit%2Fconfigure-aws-codeartifact/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/KnowKit%2Fconfigure-aws-codeartifact/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/KnowKit%2Fconfigure-aws-codeartifact/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/KnowKit","download_url":"https://codeload.github.com/KnowKit/configure-aws-codeartifact/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":249043157,"owners_count":21203425,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-01T21:01:22.675Z","updated_at":"2025-04-15T09:33:36.887Z","avatar_url":"https://github.com/KnowKit.png","language":"JavaScript","funding_links":[],"categories":["JavaScript"],"sub_categories":[],"readme":"# Configure AWS CodeArtifact\n\nThis github action sets the CodeArtifact auth-token so it can be used by later workflow steps.\n\nWhen AWS CodeArtifact is used as artifactory-store then this actions is useful.\n\n## Usage\n\nAdd the following step to your workflow - after the `configure-aws-credentials` step:\n\n```yaml\n    - name: Configure AWS CodeArtifact\n      uses: KnowKit/configure-aws-codeartifact@v1\n      with:\n        domain: my-codeartifact-domain\n        domain-owner: my-codeartifact-domain-owner-account-id\n        duration-seconds: optional-token-duration-in-seconds\n```\n\n## Full Example\n\n1. create a IAM Policy with these permission:\n    ```json\n    {\n        \"Version\": \"2012-10-17\",\n        \"Statement\": [\n            {\n                \"Action\": [\n                    \"codeartifact:Describe*\",\n                    \"codeartifact:Get*\",\n                    \"codeartifact:List*\",\n                    \"codeartifact:Read*\",\n                    \"codeartifact:PublishPackageVersion\"\n                ],\n                \"Resource\": \"*\",\n                \"Effect\": \"Allow\"\n            },\n            {\n                \"Condition\": {\n                    \"StringEquals\": {\n                        \"sts:AWSServiceName\": \"codeartifact.amazonaws.com\"\n                    }\n                },\n                \"Action\": \"sts:GetServiceBearerToken\",\n                \"Resource\": \"*\",\n                \"Effect\": \"Allow\"\n            }\n        ]\n    }\n    ```\n   1. Create an IAM user oder role with this policy, to use in the `configure aws client` workflow-step.\n      1. docs: \n         1. https://github.com/aws-actions/configure-aws-credentials\n         2. https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services\n         3. https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-idp_oidc.html\n      2. have a `pyproject.yaml` with a private (AWS CodeArtifact) repository:\n         ```toml\n         [[tool.poetry.source]]  \n         name = \"artifact\"  \n         url = \"https://DOMAIN-OWNER.d.codeartifact.REGION.amazonaws.com/pypi/DOMAIN/simple\"\n         ```\n         **⚠️**: The `/simple` at the end of the repo-url is important.\n\n         (see next chapter for details on AWS CodeArtifact)\n         \n         docs:\n         1. https://jasonstitt.com/private-packages-codeartifact-poetry-workflow\n         2. https://docs.aws.amazon.com/codeartifact/latest/ug/python-compatibility.html\n      3. create a workflow like this: \n       ```yaml\n       name: build-pipeline\n       on:\n         push:\n           paths:\n             - ...\n         workflow_dispatch: {}\n       jobs:\n         lint:\n           runs-on: ubuntu-latest\n           permissions:\n             contents: read\n           steps:\n             - name: Checkout\n               uses: actions/checkout@v2\n             - name: configure aws client\n               uses: aws-actions/configure-aws-credentials@v1\n               with:\n                 aws-region: eu-central-1\n                 # using aws-user:\n                 aws-access-key-id: ${{ secrets.AWS_CODEARTIACT_ACCESS_KEY }}\n                 aws-secret-access-key: ${{ secrets.AWS_CODEARTIFACT_SECRET }}\n                 # or github-oidc iam provider: \n                 role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}\n             - name: Configure AWS CodeArtifact\n               uses: KnowKit/configure-aws-codeartifact@v1\n               with:\n                 domain: ${{ secrets.AWS_CODEARTIACT_DOMAIN }}\n                 domain-owner: ${{ secrets.AWS_ACCOUNT_ID }}\n             - name: Poetry Install\n               run: poetry install\n               with:\n                 env:\n                   POETRY_HTTP_BASIC_ARTIFACT_USERNAME: aws\n                   POETRY_HTTP_BASIC_ARTIFACT_PASSWORD: ${{ env.CODEARTIFACT_AUTH_TOKEN }}\n       ```\n\n# CodeArtifact Intro\n\nGithub Packages supports everything, except `pypi` 😭 \n\nAnd PyPi itself supports only public packages - but no organisations or private packages. See: https://dustingram.com/articles/2019/04/02/pypi-as-a-service/\n\nWhat should you do to publish private packages in your org? \n\nEnter AWS CodeArtifact! (never heard of it before? me neither!)\n\n## Create Repository with CDK\n\n```kotlin\nval domain = CfnDomain(  \n    this,  \n    \"code-artifact-domain\",  \n    CfnDomainProps.builder()  \n        .domainName(codeArtifactDomain)  \n        .encryptionKey(\"alias/aws/codeartifact\")  \n        .build()  \n)  \n  \nval repository = CfnRepository(  \n    this,  \n    \"code-artifact-repository\",  \n    CfnRepositoryProps.builder()  \n        .repositoryName(codeArtifactRepo)\n        .domainName(codeArtifactDomain)\n        .domainOwner(stageConfig.accountId)  \n        .permissionsPolicyDocument(  \n            mapOf(  \n                \"Version\" to \"2012-10-17\",  \n                \"Statement\" to listOf(  \n                    mapOf\u003cString, Any\u003e(  \n                        \"Action\" to listOf(  \n                            \"codeartifact:Describe*\",  \n                            \"codeartifact:Get*\",  \n                            \"codeartifact:List*\",  \n                            \"codeartifact:Read*\"  \n                        ),  \n                        \"Resource\" to \"*\",  \n                        \"Effect\" to \"Allow\",  \n                        \"Principal\" to mapOf(  \n                            \"AWS\" to artifactUser.userArn  \n                        ),  \n                    )  \n                )  \n            )  \n        )  \n        .build()  \n)\n```\n\n## PyProject.toml\n\n```toml\n[[tool.poetry.source]]  \nname = \"artifact\"  \nurl = \"https://DOMAIN-OWNER.d.codeartifact.REGION.amazonaws.com/pypi/DOMAIN/simple\"\n```\n\n## Get the token (aws cli)\n\n```shell\nCODEARTIFACT_TOKEN=$(aws codeartifact get-authorization-token --domain knowkit --query authorizationToken --output text)\n```\n\n## Publish Package\n\n```shell\npoetry build\npoetry publish --repository artifact --username aws --password $CODEARTIFACT_TOKEN\n```\n\n\n## Install Package\n\n```shell\nPOETRY_HTTP_BASIC_ARTIFACT_USERNAME=aws POETRY_HTTP_BASIC_ARTIFACT_PASSWORD=$CODEARTIFACT_TOKEN poetry add my-private-pkg --source artifact\n```\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FKnowKit%2Fconfigure-aws-codeartifact","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FKnowKit%2Fconfigure-aws-codeartifact","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FKnowKit%2Fconfigure-aws-codeartifact/lists"}