A GitHub Action to upload HTML report to S3 with OIDC-based authentication.
Use case: You have generated an HTML report of your build process (e.g. Playwright, Allure, coverage report, etc.) and you want to publish it somewhere that people can easily view.
This action does the following:
- Logs in to AWS via OIDC using the configuration specified in
aws-roleandaws-region. Thanks to GitHub and AWS’ OIDC support, we don’t have to put in access key secrets in our workflow. - Generates a random and unguessable URL for the report.
- Configures AWS CLI so that it uploads files faster. This is because test reports tends to have many files.
- Uploads the files specified in the directory
path(this directory is expected to have anindex.htmlfile) to the S3 buckets3-bucket(this bucket is expected to be accessible via a URL specified inview-url). - Generates a job summary with a link to the report file.
Initial AWS setup
This only has to be set up once once.
- Create an S3 bucket. Make sure the bucket is accessible. You can set up a lifecycle policy to delete old files after some time (e.g. 3 months).
- Create an IAM Role and OIDC Provider. You can use this CloudFormation template.
- Grant that role access to the S3 bucket.
In the project that needs to publish a report:
-
Make sure the GitHub Actions have the
id-token: writepermission.permissions: id-token: write contents: read
-
Use the action:
- name: Publish report if: always() uses: eventpop/upload-report-action-s3@main with: aws-role: arn:aws:iam::000000000000:role/github-oidc-Role-AAAAAAAAAAAA aws-region: ap-southeast-1 s3-bucket: my-bucket view-url: https://my-bucket.s3.ap-southeast-1.amazonaws.com name: my-project-report path: allure-report
Tip
At Eventpop, we have a private composite action that calls into this public action with these inputs hardcoded: aws-role, aws-region, s3-bucket and view-url. This allows Eventpop projects to more conveniently publish reports by just specifying the name and path.