codeartifact-login¶
CodeArtifact login
Assume the CodeArtifact read role via OIDC, fetch an authorization token, and write ~/.netrc so uv/pip authenticate to the private index for the rest of the job. Pass the CODEARTIFACT_* repo variables (set by infra). The calling job needs permissions: id-token: write. Run after setup-python, before uv-sync.
Inputs¶
Input |
Required |
Default |
Description |
|---|---|---|---|
|
yes |
— |
CODEARTIFACT_READ_ROLE_ARN – the IAM role to assume via OIDC. |
|
yes |
— |
CODEARTIFACT_REGION. |
|
yes |
— |
CODEARTIFACT_DOMAIN. |
|
yes |
— |
CODEARTIFACT_DOMAIN_OWNER (the AWS account id that owns the domain). |
|
no |
— |
CODEARTIFACT_NPM_REPOSITORY_URL. When set, also write ~/.npmrc so npm/yarn resolve the @fsh scope from CodeArtifact (npm/yarn don’t read netrc). Leave empty for python-only jobs. |
Usage¶
- uses: actions/checkout@v6
- uses: FSHTech/github-actions/codeartifact-login@v1
with:
role-arn: ...
region: ...
domain: ...
domain-owner: ...