Adds support for OIDC IAM roles

README.md

@@ -64,14 +64,16 @@ jobs:
 | `badge_name`                    | Name of the badge file                          | -         | Yes       |
 | `upload_coverage_file`          | Upload coverage file too                        | False     | No        |
 | `bucket_name`                   | Name of the bucket to upload the badge to       | -         | Yes       |
-| `aws_access_key`                | AWS Access Key                                  | -         | Yes       |
-| `aws_secret_key`                | AWS Secret Key                                  | -         | Yes       |
+| `aws_access_key`                | AWS Access Key                                  | -         | No        |
+| `aws_secret_key`                | AWS Secret Key                                  | -         | No        |
 | `coverage_percentage_regex`     | Regex to use in order to get the coverage       | -         | No        |
 | `coverage_percentage_json_path` | Path to use in order to get the coverage        | -         | No        |
 
 **At least one of the arguments `coverage_percentage_regex` or `coverage_percentage_json_path` must be set in 
 order for the action to run based on the format of the coverage report.**
 
+**To use an OIDC IAM role from your environment do not define the `aws_access_key` and `aws_secret_key` input variables**
+
 ### Coverage Percentage Regex Examples
 
 #### Python Coverage Report

action.yml

@@ -1,5 +1,5 @@
-name: 'Create a Coverage Badge in AWS S3'
-description: 'Create a Coverage Badge in AWS S3'
+name: "Create a Coverage Badge in AWS S3"
+description: "Create a Coverage Badge in AWS S3"
 inputs:
   coverage_file:
     description: "Path to the coverage file"
@@ -15,10 +15,10 @@ inputs:
     required: true
   aws_access_key:
     description: "AWS access key"
-    required: true
+    required: false
   aws_secret_key:
     description: "AWS secret key"
-    required: true
+    required: false
   coverage_percentage_regex:
     description: "Regex to use in order to get the coverage percentage."
     required: false
@@ -29,5 +29,5 @@ runs:
   using: "docker"
   image: "Dockerfile"
 branding:
-  icon: 'link'
-  color: 'green'
+  icon: "link"
+  color: "green"

main.py

@@ -7,6 +7,7 @@
 import boto3
 import requests
 from botocore.exceptions import ClientError
+from typing import Optional
 
 logging.basicConfig(
     level=logging.DEBUG,
@@ -41,6 +42,28 @@ def __str__(self) -> str:
 ORANGE_PERCENTAGE_THRESHOLD = 50
 
 
+def create_s3_client(
+    aws_access_key_id: Optional[str] = None, aws_secret_access_key: Optional[str] = None
+) -> boto3.client:
+    """
+    Create an Amazon S3 client using the provided AWS access key and secret key, or
+    fall back to the IAM role associated with the environment if no access key and
+    secret key are provided.
+
+    :param aws_access_key_id: AWS access key ID for authentication (optional)
+    :type aws_access_key_id: Optional[str]
+    :param aws_secret_access_key: AWS secret access key for authentication (optional)
+    :type aws_secret_access_key: Optional[str]
+    :return: S3 client object for interacting with Amazon S3 service
+    :rtype: boto3.client
+    """
+    session = boto3.session.Session(
+        aws_access_key_id=aws_access_key_id,
+        aws_secret_access_key=aws_secret_access_key,
+    )
+    return session.client(service_name="s3", region_name="us-east-1")
+
+
 def get_coverage() -> float:
     """
     Get coverage percentage from parsed coverage file.
@@ -128,7 +151,8 @@ def upload_file(
     file_name: str,
     bucket: str,
     content_type: str = "text/plain",
-    object_name: str = ""
+    object_name: str = "",
+    s3_client: Optional[boto3.client] = None
 ) -> bool:
     """
     Upload a file to an S3 bucket.
@@ -145,17 +169,12 @@ def upload_file(
         f"Upload {file_name} to {bucket} "
         f"as {object_name or file_name}"
     )
-    # If S3 object_name was not specified, use file_name
     if not object_name:
         object_name = file_name
 
-    # Upload the file
-    s3_client = boto3.client(
-        service_name="s3",
-        region_name="us-east-1",
-        aws_access_key_id=ACCESS_KEY,
-        aws_secret_access_key=SECRET_KEY,
-    )
+    if not s3_client:
+        s3_client = create_s3_client(ACCESS_KEY, SECRET_KEY)
+
     try:
         s3_client.upload_file(
             file_name,