GitHub Action to Sync S3 Bucket π
β οΈ Note: To use this action, you must have access to the GitHub Actions feature. GitHub Actions are currently only available in public beta. You can apply for the GitHub Actions beta here.
This simple action uses the vanilla AWS CLI to sync a a remote S3 bucket (or specific files) to a local directory.
Usage
workflow.yml Example
Place in a .yml file such as this one in your .github/workflows folder. Refer to the documentation on workflow YAML syntax here.
As of v0.3.0, all aws s3 sync flags are optional to allow for maximum customizability (that's a word, I promise) and must be provided by you via args:.
The following example includes optimal defaults for a public static website:
--acl public-readmakes your files publicly readable (make sure your bucket settings are also set to public).--follow-symlinkswon't hurt and fixes some weird symbolic link problems that may come up.- Most importantly,
--deletepermanently deletes files in the S3 bucket that are not present in the latest version of your repository/build. - Optional tip: If you're uploading the root of your repository, adding
--exclude '.git/*'prevents your.gitfolder from syncing, which would expose your source code history if your project is closed-source. (To exclude more than one pattern, you must have one--excludeflag per exclusion. The single quotes are also important!)
name: Upload Website
on:
push:
branches:
- master
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@master
- uses: jakejarvis/s3-sync-action@master
with:
args: --acl public-read --follow-symlinks --delete
env:
AWS_S3_BUCKET: ${{ secrets.AWS_S3_BUCKET }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_REGION: 'us-west-1' # optional: defaults to us-east-1
SOURCE_DIR: 'public' # optional: defaults to entire repositoryConfiguration
The following settings must be passed as environment variables as shown in the example. Sensitive information, especially AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY, should be set as encrypted secrets β otherwise, they'll be public to anyone browsing your repository's source code and CI logs.
| Key | Value | Suggested Type | Required | Default |
|---|---|---|---|---|
AWS_ACCESS_KEY_ID |
Your AWS Access Key. More info here. | secret env |
Yes | N/A |
AWS_SECRET_ACCESS_KEY |
Your AWS Secret Access Key. More info here. | secret env |
Yes | N/A |
AWS_S3_BUCKET |
The name of the bucket you're syncing to. For example, jarv.is or my-app-releases. |
secret env |
Yes | N/A |
AWS_REGION |
The region where you created your bucket. Set to us-east-1 by default. Full list of regions here. |
env |
No | us-east-1 |
AWS_S3_ENDPOINT |
The endpoint URL of the bucket you're syncing to. Can be used for VPC scenarios or for non-AWS services using the S3 API, like DigitalOcean Spaces. | env |
No | Automatic (s3.amazonaws.com or AWS's region-specific equivalent) |
DEST_DIR |
The local dir you wish to sync. For example, data. |
env |
No | No default |
DEST_FILE |
The local file you wish to sync. For example, data.csv. |
env |
No | no default |
License
This project is distributed under the MIT license.