{"id":19259249,"url":"https://github.com/concourse/s3-resource","last_synced_at":"2026-02-12T22:05:19.014Z","repository":{"id":19096351,"uuid":"22324474","full_name":"concourse/s3-resource","owner":"concourse","description":"Concourse resource for interacting with AWS S3","archived":false,"fork":false,"pushed_at":"2025-11-28T21:06:23.000Z","size":2119,"stargazers_count":65,"open_issues_count":31,"forks_count":110,"subscribers_count":21,"default_branch":"master","last_synced_at":"2025-12-01T00:26:13.859Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/concourse.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":"NOTICE.md","maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"github":["taylorsilva"]}},"created_at":"2014-07-27T22:50:16.000Z","updated_at":"2025-11-28T21:06:27.000Z","dependencies_parsed_at":"2025-03-18T07:00:17.689Z","dependency_job_id":"e626e07f-1d64-4539-ba5e-d3d24f975e7e","html_url":"https://github.com/concourse/s3-resource","commit_stats":null,"previous_names":[],"tags_count":21,"template":false,"template_full_name":null,"purl":"pkg:github/concourse/s3-resource","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/concourse%2Fs3-resource","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/concourse%2Fs3-resource/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/concourse%2Fs3-resource/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/concourse%2Fs3-resource/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/concourse","download_url":"https://codeload.github.com/concourse/s3-resource/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/concourse%2Fs3-resource/sbom","scorecard":{"id":302203,"data":{"date":"2025-08-11","repo":{"name":"github.com/concourse/s3-resource","commit":"44a4a6d8b400d965ce1a282caaed61e9d83016db"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":5.1,"checks":[{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Maintained","score":10,"reason":"14 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":3,"reason":"Found 5/13 approved changesets -- score normalized to 3","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE.md:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE.md:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v2.4.0 not signed: https://api.github.com/repos/concourse/s3-resource/releases/236078166","Warn: release artifact v2.3.0 not signed: https://api.github.com/repos/concourse/s3-resource/releases/222231797","Warn: release artifact v2.2.0 not signed: https://api.github.com/repos/concourse/s3-resource/releases/217395677","Warn: release artifact v2.1.1 not signed: https://api.github.com/repos/concourse/s3-resource/releases/215539008","Warn: release artifact v2.1.0 not signed: https://api.github.com/repos/concourse/s3-resource/releases/211940088","Warn: release artifact v2.4.0 does not have provenance: https://api.github.com/repos/concourse/s3-resource/releases/236078166","Warn: release artifact v2.3.0 does not have provenance: https://api.github.com/repos/concourse/s3-resource/releases/222231797","Warn: release artifact v2.2.0 does not have provenance: https://api.github.com/repos/concourse/s3-resource/releases/217395677","Warn: release artifact v2.1.1 does not have provenance: https://api.github.com/repos/concourse/s3-resource/releases/215539008","Warn: release artifact v2.1.0 does not have provenance: https://api.github.com/repos/concourse/s3-resource/releases/211940088"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: github.com/concourse/.github/SECURITY.md:1","Info: Found linked content: github.com/concourse/.github/SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/concourse/.github/SECURITY.md:1","Info: Found text in security policy: github.com/concourse/.github/SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Branch-Protection","score":1,"reason":"branch protection is not maximal on development and all release branches","details":["Info: 'allow deletion' disabled on branch 'master'","Warn: 'force pushes' enabled on branch 'master'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'master'","Warn: could not determine whether codeowners review is allowed","Warn: no status checks found to merge onto branch 'master'","Warn: PRs are not required to make changes on branch 'master'; or we don't have data to detect it.If you think it might be the latter, make sure to run Scorecard with a PAT or use Repo Rules (that are always public) instead of Branch Protection settings"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: containerImage not pinned by hash: Dockerfile:5","Warn: containerImage not pinned by hash: Dockerfile:23","Warn: containerImage not pinned by hash: Dockerfile:33","Warn: containerImage not pinned by hash: Dockerfile:50","Info:   0 out of   4 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"SAST","score":-1,"reason":"internal error: internal error: Client.Checks.ListCheckRunsForRef: error during graphqlHandler.setupCheckRuns: non-200 OK status code: 502 Bad Gateway body: \"\u003chtml\u003e\\r\\n\u003chead\u003e\u003ctitle\u003e502 Bad Gateway\u003c/title\u003e\u003c/head\u003e\\r\\n\u003cbody\u003e\\r\\n\u003ccenter\u003e\u003ch1\u003e502 Bad Gateway\u003c/h1\u003e\u003c/center\u003e\\r\\n\u003chr\u003e\u003ccenter\u003enginx\u003c/center\u003e\\r\\n\u003c/body\u003e\\r\\n\u003c/html\u003e\\r\\n\"","details":null,"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-17T20:58:03.700Z","repository_id":19096351,"created_at":"2025-08-17T20:58:03.700Z","updated_at":"2025-08-17T20:58:03.700Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29382906,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-12T20:34:40.886Z","status":"ssl_error","status_checked_at":"2026-02-12T20:23:00.490Z","response_time":55,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-09T19:15:51.054Z","updated_at":"2026-02-12T22:05:18.993Z","avatar_url":"https://github.com/concourse.png","language":"Go","funding_links":["https://github.com/sponsors/taylorsilva"],"categories":[],"sub_categories":[],"readme":"# S3 Resource\n\nVersions objects in an S3 bucket, by pattern-matching filenames to identify\nversion numbers. Uses v2 of the [AWS SDK for Go](https://github.com/aws/aws-sdk-go-v2).\n\n\u003ca href=\"https://ci.concourse-ci.org/teams/main/pipelines/resource/jobs/build?vars.type=%22s3%22\"\u003e\n  \u003cimg src=\"https://ci.concourse-ci.org/api/v1/teams/main/pipelines/resource/jobs/build/badge?vars.type=%22s3%22\" alt=\"Build Status\"\u003e\n\u003c/a\u003e\n\n## Source Configuration\n\n* `bucket`: *Required.* The name of the bucket.\n\n* `access_key_id`: *Optional.* The AWS access key to use when accessing the\n  bucket.\n\n* `secret_access_key`: *Optional.* The AWS secret key to use when accessing\n  the bucket.\n\n* `session_token`: *Optional.* The AWS STS session token to use when\n  accessing the bucket.\n\n* `aws_role_arn`: *Optional.* The AWS role ARN to be assumed by the resource.\n    Will be assumed using the AWS SDK's default authentication chain. If\n    `access_key_id` and `secret_access_key` are provided those will be used\n    instead to try and assume the role. If no role is provided then the resource\n    will use the AWS SDK's `AnonymousCredentials` for authentication.\n\n* `enable_aws_creds_provider`: *Optional.* Do not fall back to `AnonymousCredentials`\n    if no other creds are provided.  This allows the use of AWS SDK's Default\n    Credentials Provider. e.g. Instance Profile(EC2) if set on the underlying worker.\n\n* `region_name`: *Optional.* The region the bucket is in. Defaults to\n  `us-east-1`.\n\n* `private`: *Optional.* Indicates that the bucket is private, so that any\n    URLs provided by this resource are presigned. Otherwise this resource will\n    generate generic Virtual-Hosted style URLs. If you're using a custom\n    endpoint you should include the bucketname in the endpoint URL.\n\n* `cloudfront_url`: *Optional._Deprecated_* The URL (scheme and domain) of your CloudFront\n  distribution that is fronting this bucket (e.g\n  `https://d5yxxxxx.cloudfront.net`).  This will affect `in` but not `check`\n  and `put`. `in` will ignore the `bucket` name setting, exclusively using the\n  `cloudfront_url`.  When configuring CloudFront with versioned buckets, set\n  `Query String Forwarding and Caching` to `Forward all, cache based on all` to\n  ensure S3 calls succeed. _Deprecated: Since upgrading this resource to the v2\n  AWS Go SDK there is no need to specify this along with `endpoint`._\n\n* `endpoint`: *Optional.* Custom endpoint for using an S3 compatible provider. Can\n    be just a hostname or include the scheme (e.g. `https://eu1.my-endpoint.com`\n    or `eu1.my-endpoint.com`)\n\n* `disable_ssl`: *Optional.* Disable SSL for the endpoint, useful for S3\n    compatible providers without SSL.\n\n* `skip_ssl_verification`: *Optional.* Skip SSL verification for S3 endpoint.\n    Useful for S3 compatible providers using self-signed SSL certificates.\n\n* `ca_bundle`: *Optional.* Set of PEM encoded certificates to validate the S3\n    endpoint against. Useful for S3 compatible providers using self-signed\n    SSL certificates.\n\n* `skip_download`: *Optional.* Skip downloading object from S3. Useful only\n    trigger the pipeline without using the object.\n\n* `server_side_encryption`: *Optional.* The encryption algorithm to use when\n    storing objects in S3. One of `AES256`, `aws:kms`, `aws:kms:dsse`\n\n* `sse_kms_key_id`: *Optional.* The ID of the AWS KMS master encryption key\n    used for the object.\n\n* `disable_multipart`: *Optional.* Disables Multipart Upload. useful for S3\n    compatible providers that do not support multipart upload.\n\n* `use_path_style`: *Optional.* Enables legacy path-style access for S3\n    compatible providers. The default behavior is virtual path-style.\n\n* `skip_s3_checksums`: *Optional.* Disables automatic checksum validation\n    for S3 operations. The AWS SDK v2 enables checksum validation by default,\n    which may not be supported by all S3-compatible providers. When set to\n    `true`, checksums are only calculated and validated when explicitly\n    required by the S3 API. Defaults to `false` (automatic checksums enabled).\n\n* `checksum_algorithm`: *Optional.* Specifies the checksum algorithm to use\n    when uploading objects to S3. Valid values are `CRC32`, `CRC32C`, `SHA1`,\n    `SHA256`, or `CRC64NVME`. If not specified, S3 will use its default algorithm.\n    This setting is ignored if `skip_s3_checksums` is set to `true`. Note that\n    not all S3-compatible providers support all algorithms.\n\n### File Names\n\nOne of the following two options must be specified:\n\n* `regexp`: *Optional.* The forward-slash (`/`) delimited sequence of patterns to\n  match against the sub-directories and filenames of the objects stored within\n  the S3 bucket. The first grouped match is used to extract the version, or if\n  a group is explicitly named `version`, that group is used. At least one\n  capture group must be specified, with parentheses.\n\n  The version extracted from this pattern is used to version the resource.\n  Semantic versions, or just numbers, are supported. Accordingly, full regular\n  expressions are supported, to specify the capture groups.\n\n  The full `regexp` will be matched against the S3 objects as if it was anchored\n  on both ends, even if you don't specify `^` and `$` explicitly.\n\n* `versioned_file`: *Optional* If you enable versioning for your S3 bucket then\n  you can keep the file name the same and upload new versions of your file\n  without resorting to version numbers. This property is the path to the file\n  in your S3 bucket.\n\n### Initial state\n\nIf no resource versions exist you can set up this resource to emit an initial version with a specified content. This won't create a real resource in S3 but only create an initial version for Concourse. The resource file will be created as usual when you `get` a resource with an initial version.\n\nYou can define one of the following two options:\n\n* `initial_path`: *Optional.* Must be used with the `regexp` option. You should set this to the file path containing the initial version which would match the given regexp. E.g. if `regexp` is `file/build-(.*).zip`, then `initial_path` might be `file/build-0.0.0.zip`. The resource version will be `0.0.0` in this case.\n\n* `initial_version`: *Optional.* Must be used with the `versioned_file` option. This will be the resource version.\n\nBy default the resource file will be created with no content when `get` runs. You can set the content by using one of the following options:\n\n* `initial_content_text`: *Optional.* Initial content as a string.\n\n* `initial_content_binary`: *Optional.* You can pass binary content as a base64 encoded string.\n\n### Advice for S3 Compatible Providers\n\nIf you're using an S3 compatible service (e.g. MinIO), you may want to adjust\nsome or all of the following settings mentioned in the `source` above:\n\n* `endpoint`\n* `disable_ssl`\n* `skip_ssl_verification`\n* `ca_bundle`\n* `disable_multipart`\n* `use_path_style`\n* `skip_s3_checksums`\n\nScroll back up to read about each setting and why you may or may not want to\nset it. Some trial and error may be required and reviewing the documentation of\nyour S3 compatible provider.\n\n## Behavior\n\n### `check`: Extract versions from the bucket.\n\nObjects will be found via the pattern configured by `regexp`. The versions\nwill be used to order them (using [semver](http://semver.org/)). Each\nobject's filename is the resulting version.\n\n\n### `in`: Fetch an object from the bucket.\n\nPlaces the following files in the destination:\n\n* `(filename)`: The file fetched from the bucket (if `skip_download` is not `true`).\n\n* `url`: A file containing the URL of the object in Virutal-Hosted style. If\n    `private` is `true` this URL will be presigned.\n\n* `s3_uri`: A file containing the S3 URI (`s3://...`) of the object (for use with `aws cp`, etc.)\n\n* `version`: The version identified in the file name.\n\n* `tags.json`: The object's tags represented as a JSON object. Only written if `download_tags` is set to true.\n\n#### Parameters\n\n* `skip_download`: *Optional.* Skip downloading object from S3. Same parameter as source configuration but used to define/override by get. Value needs to be a true/false string.\n\n* `unpack`: *Optional.* If true and the file is an archive (tar, gzipped tar, bzip2 compressed tar, other gzipped file, other bzip2 compressed file, or zip), unpack the file. Gzipped and bzip2 compressed tarballs will be both decompressed and untarred. It is ignored when `get` is running on the initial version.\n\n* `download_tags`: *Optional.* Write object tags to `tags.json`. Value needs to be a true/false string.\n\n### `out`: Upload an object to the bucket.\n\nGiven a file specified by `file`, upload it to the S3 bucket. If `regexp` is\nspecified, the new file will be uploaded to the directory that the regex\nsearches in. If `versioned_file` is specified, the new file will be uploaded as\na new version of that file.\n\n#### Parameters\n\n* `file`: *Required.* Path to the file to upload, provided by an output of a task.\n  If multiple files are matched by the glob, an error is raised. The file which\n  matches will be placed into the directory structure on S3 as defined in `regexp`\n  in the resource definition. The matching syntax is bash glob expansion, so\n  no capture groups, etc.\n\n* `acl`: *Optional.*  [Canned Acl](http://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl)\n  for the uploaded object.\n\n* `content_type`: *Optional.* MIME [Content-Type](https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.17)\n  describing the contents of the uploaded object\n\n## Example Configuration\n\n### Resource\n\nWhen the file has the version name in the filename\n\n``` yaml\n- name: release\n  type: s3\n  source:\n    bucket: releases\n    regexp: directory_on_s3/release-(.*).tgz\n    access_key_id: ACCESS-KEY\n    secret_access_key: SECRET\n```\n\nor\n\nWhen the file is being [versioned by s3](http://docs.aws.amazon.com/AmazonS3/latest/dev/Versioning.html)\n\n``` yaml\n- name: release\n  type: s3\n  source:\n    bucket: releases\n    versioned_file: directory_on_s3/release.tgz\n    access_key_id: ACCESS-KEY\n    secret_access_key: SECRET\n```\n\nor\n\nWhen the bucket is not versioned and you want to match against a static\nfilename, use `regexp` and set the capture group `()` to a static string:\n\n``` yaml\n- name: release\n  type: s3\n  source:\n    bucket: releases\n    regexp: directory_on_s3/(release).tgz\n          # directory_on_s3/(release\\.tgz) would also work\n    access_key_id: ACCESS-KEY\n    secret_access_key: SECRET\n```\n\n### Plan\n\n``` yaml\n- get: release\n```\n\n``` yaml\n- put: release\n  params:\n    file: path/to/release-*.tgz\n    acl: public-read\n```\n\n## Required IAM Permissions\n\n### Non-versioned Buckets\n\nThe bucket itself (e.g. `\"arn:aws:s3:::your-bucket\"`):\n* `s3:ListBucket`\n\nThe objects in the bucket (e.g. `\"arn:aws:s3:::your-bucket/*\"`):\n* `s3:PutObject`\n* `s3:PutObjectAcl`\n* `s3:GetObject`\n* `s3:GetObjectTagging` (if using the `download_tags` option)\n\n### Versioned Buckets\n\nEverything above and...\n\nThe bucket itself (e.g. `\"arn:aws:s3:::your-bucket\"`):\n* `s3:ListBucketVersions`\n* `s3:GetBucketVersioning`\n\nThe objects in the bucket (e.g. `\"arn:aws:s3:::your-bucket/*\"`):\n* `s3:GetObjectVersion`\n* `s3:PutObjectVersionAcl`\n* `s3:GetObjectVersionTagging` (if using the `download_tags` option)\n\n## Development\n\n### Prerequisites\n\n* Go is *required* - version 1.13 is tested; earlier versions may also\n  work.\n* docker is *required* - version 17.06.x is tested; earlier versions may also\n  work.\n\n### Running the tests\n\nThe tests have been embedded with the `Dockerfile`; ensuring that the testing\nenvironment is consistent across any `docker` enabled platform. When the docker\nimage builds, the test are run inside the docker container, on failure they\nwill stop the build.\n\nRun the tests with the following command:\n\n```sh\ndocker build -t s3-resource --target tests .\n```\n\n#### Integration tests\n\nThe integration requires two AWS S3 buckets, one without versioning and another\nwith. The `docker build` step requires setting `--build-args` so the\nintegration will run.\n\nRun the tests with the following command:\n\n```sh\ndocker build . -t s3-resource --target tests \\\n  --build-arg S3_TESTING_ACCESS_KEY_ID=\"access-key\" \\\n  --build-arg S3_TESTING_SECRET_ACCESS_KEY=\"some-secret\" \\\n  --build-arg S3_TESTING_BUCKET=\"bucket-non-versioned\" \\\n  --build-arg S3_VERSIONED_TESTING_BUCKET=\"bucket-versioned\" \\\n  --build-arg S3_TESTING_REGION=\"us-east-1\" \\\n  --build-arg S3_ENDPOINT=\"https://s3.amazonaws.com\" \\\n  --build-arg S3_USE_PATH_STYLE=\"\"\n```\n\n##### Speeding up integration tests by skipping large file upload\n\nOne of the integration tests uploads a large file (\u003e40GB) and so can be slow.\nIt can be skipped by adding the following option when running the tests:\n```\n  --build-arg S3_TESTING_NO_LARGE_UPLOAD=true\n```\n\n##### Integration tests using role assumption\n\nIf `S3_TESTING_AWS_ROLE_ARN` is set to a role ARN, this role will be assumed for accessing\nthe S3 bucket during integration tests. The whole integration test suite runs either\ncompletely using role assumption or completely by direct access via the credentials.\n\n##### Required IAM permissions\n\nIn addition to the required permissions above, the `s3:PutObjectTagging` permission is required to run integration tests.\n\n### Contributing\n\nPlease make all pull requests to the `master` branch and ensure tests pass\nlocally.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fconcourse%2Fs3-resource","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fconcourse%2Fs3-resource","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fconcourse%2Fs3-resource/lists"}