Skip to content

aliyun/configure-aliyun-credentials-action

Use this GitHub action with your project
Add this Action to an existing workflow or create a new one
View on Marketplace
BranchesTags

Repository files navigation

Configure Alibaba Cloud Credentials for GitHub Actions

Configure your Alibaba Cloud credentials environment variables for use in other GitHub Actions. Environment variable exports are detected by both the Alibaba Cloud SDKs and the Alibaba Cloud CLI for API calls.

Test

Inputs

oidc-provider-arn

Optional: The ARN of OIDC provider. format: acs:ram::USER_Id:oidc-provider/PROVIDER_NAME .

role-to-assume

Optional: The ARN of role to assume. format: acs:ram::USER_Id:role/ROLE_NAME .

role-session-name

Optional: The role session name. default: github-action-session.

role-session-expiration

Optional: Role roleSessionExpiration in seconds (default: 1800 seconds).

audience

Optional: The audience to use for the OIDC provider. default: github-actions.

role-chaining

Optional: Whether to use role chaining. Use existing credentials to assume another role.

Outputs

aliyun-access-key-id

The alibaba cloud access key ID for the provided credentials.

aliyun-access-key-secret

The alibaba cloud access key secret for the provided credentials.

aliyun-security-token

The alibaba cloud security token for the provided credentials.

Example usage

Using with OIDC

Using OIDC native RAM Role

uses: aliyun/configure-aliyun-credentials-action@v1
with:
  role-to-assume: 'acs:ram::USER_Id:role/ROLE_NAME'
  oidc-provider-arn: 'acs:ram::USER_Id:oidc-provider/PROVIDER_NAME'
  role-session-name: 'github-action-session'
  role-session-expiration: 1800
  audience: 'github-actions'

In the above example, role-session-name, role-session-expiration and audience are optional.

Using with ECS RAM role

If you run your GitHub Actions in a self-hosted runner that already has configured with RAM role, such as ECS/ECI instance, then you do not need to provide any credentials to this action.

Using ECS native attached RAM Role

uses: aliyun/configure-aliyun-credentials-action@v1

Assuming Specific RAM Role

When you want to assume resource specific RAM role, specify with role-to-assume please.

uses: aliyun/configure-aliyun-credentials-action@v1
with:
  role-to-assume: 'acs:ram::USER_Id:role/ROLENAME'
  role-session-name: 'github-action-session'
  role-session-expiration: 1800

In the above example, role-session-name and role-session-expiration are optional.

Assume role with role previouly assumed

When the credentials from OIDC or ECS RAM role can't meet your requirements, you can assume role with previous credentials in the same workflow.

- name: Assume role with ECS RAM role, you can replace it with OIDC
  uses: aliyun/configure-aliyun-credentials-action@v1
- name: Assume role with previous credentials
  uses: aliyun/configure-aliyun-credentials-action@v1
  with:
    role-to-assume: 'acs:ram::USER_Id:role/ROLENAME'
    role-chaining: true # must set to true
    role-session-name: 'github-action-session'
    role-session-expiration: 1800

In the above example, role-session-name and role-session-expiration are optional.

License Summary

This code is made available under the MIT license.

About

Configure Alibaba Cloud Credentials for GitHub Actions

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

13 stars

Watchers

5 watching

Forks

4 forks
Report repository

Releases 5

v1.0.6 Latest
Mar 11, 2025
+ 4 releases

Packages

No packages published

Contributors 5

Languages