setup-aws/action.yml

# Tinqs Setup AWS — replaces aws-actions/configure-aws-credentials@v4
# Original: https://github.com/aws-actions/configure-aws-credentials (GitHub-hosted, Node.js)
# Why rewritten: Original uses OIDC federation with GitHub's token endpoint — doesn't exist
#   on Gitea. Our runners use IAM task roles (ECS/Fargate) or instance profiles (EC2/Lightsail),
#   so we don't need credential configuration — just install the CLI and optionally ECR login.
# Removed from original: OIDC, assume-role, session tokens, credential masking, region output.
#   ECR login bundled here instead of needing separate aws-actions/amazon-ecr-login.
# Author: Ozan / Claude Code — 2026-05-22
# Part of: tinqs/ci (Tinqs CI toolchain)

name: 'Tinqs Setup AWS'
description: 'Install AWS CLI and optionally login to ECR'

inputs:
  region:
    description: 'AWS region'
    default: 'eu-west-1'
  ecr-login:
    description: 'Login to ECR (true/false)'
    default: 'false'
  ecr-repo:
    description: 'ECR repository URL (required if ecr-login is true)'
    default: ''

runs:
  using: 'composite'
  steps:
    - run: |
        REGION="${{ inputs.region }}"
        ECR_LOGIN="${{ inputs.ecr-login }}"
        ECR_REPO="${{ inputs.ecr-repo }}"

        # Install AWS CLI if missing
        if ! command -v aws &>/dev/null; then
          echo "Installing AWS CLI..."
          curl -fsSL https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip -o /tmp/awscli.zip
          unzip -q /tmp/awscli.zip -d /tmp/aws-install
          /tmp/aws-install/aws/install
          rm -rf /tmp/awscli.zip /tmp/aws-install
        fi

        aws --version

        # ECR login
        if [ "$ECR_LOGIN" = "true" ] && [ -n "$ECR_REPO" ]; then
          echo "Logging into ECR ($REGION)..."
          aws ecr get-login-password --region "$REGION" | \
            docker login --username AWS --password-stdin "$ECR_REPO"
          echo "ECR login OK"
        fi
      shell: bash
docs: add provenance comments — what was replaced, why, what was removed 2026-05-22 17:55:30 +01:00			`# Tinqs Setup AWS — replaces aws-actions/configure-aws-credentials@v4`
			`# Original: https://github.com/aws-actions/configure-aws-credentials (GitHub-hosted, Node.js)`
			`# Why rewritten: Original uses OIDC federation with GitHub's token endpoint — doesn't exist`
			`# on Gitea. Our runners use IAM task roles (ECS/Fargate) or instance profiles (EC2/Lightsail),`
			`# so we don't need credential configuration — just install the CLI and optionally ECR login.`
			`# Removed from original: OIDC, assume-role, session tokens, credential masking, region output.`
			`# ECR login bundled here instead of needing separate aws-actions/amazon-ecr-login.`
			`# Author: Ozan / Claude Code — 2026-05-22`
			`# Part of: tinqs/ci (Tinqs CI toolchain)`

feat: composite actions + runner base image 2026-05-22 17:52:08 +01:00			`name: 'Tinqs Setup AWS'`
			`description: 'Install AWS CLI and optionally login to ECR'`

			`inputs:`
			`region:`
			`description: 'AWS region'`
			`default: 'eu-west-1'`
			`ecr-login:`
			`description: 'Login to ECR (true/false)'`
			`default: 'false'`
			`ecr-repo:`
			`description: 'ECR repository URL (required if ecr-login is true)'`
			`default: ''`

			`runs:`
			`using: 'composite'`
			`steps:`
			`- run: \|`
			`REGION="${{ inputs.region }}"`
			`ECR_LOGIN="${{ inputs.ecr-login }}"`
			`ECR_REPO="${{ inputs.ecr-repo }}"`

			`# Install AWS CLI if missing`
			`if ! command -v aws &>/dev/null; then`
			`echo "Installing AWS CLI..."`
			`curl -fsSL https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip -o /tmp/awscli.zip`
			`unzip -q /tmp/awscli.zip -d /tmp/aws-install`
			`/tmp/aws-install/aws/install`
			`rm -rf /tmp/awscli.zip /tmp/aws-install`
			`fi`

			`aws --version`

			`# ECR login`
			`if [ "$ECR_LOGIN" = "true" ] && [ -n "$ECR_REPO" ]; then`
			`echo "Logging into ECR ($REGION)..."`
			`aws ecr get-login-password --region "$REGION" \| \`
			`docker login --username AWS --password-stdin "$ECR_REPO"`
			`echo "ECR login OK"`
			`fi`
			`shell: bash`