action.yml

name: "JAWKS - JWT Keypairs Provisioner"
description: "A GitHub Action used for provisioning JWT keypairs for the JWKS infrastructure deployed using JAWKS."
inputs:
  accessTokenSecretARN:
    description: "ARN of the access token secret."
    required: true
  refreshTokenSecretARN:
    description: "ARN of the refresh token secret."
    required: true
  kidVersionStagePrefix:
    description: "Prefix for the KID version stage."
    required: true
  kidVersionStagePrefixSeparator:
    description: "Separator for the KID version stage prefix."
    required: true
  privateKeysRefreshIntervalInDays:
    description: "Minimum interval in days for refreshing private keys (optional) (Default: 200)."
    required: false
  region:
    description: "AWS region where resources are deployed."
    required: true
  tableName:
    description: "Name of the JWKS table."
    required: true
runs:
  using: "composite"
  steps:
    - uses: oven-sh/setup-bun@v2
    - name: "Provision Private Keys with Bun"
      shell: bash
      run: bunx @csbnlu/jawks-private-keys-provisioner
      env:
        ACCESS_TOKEN_SECRET_ARN: ${{ inputs.accessTokenSecretARN }}
        REFRESH_TOKEN_SECRET_ARN: ${{ inputs.refreshTokenSecretARN }}
        KID_VERSION_STAGE_PREFIX: ${{ inputs.kidVersionStagePrefix }}
        KID_VERSION_STAGE_PREFIX_SEPARATOR: ${{ inputs.kidVersionStagePrefixSeparator }}
        PRIVATE_KEYS_REFRESH_INTERVAL_IN_DAYS: ${{ inputs.privateKeysRefreshIntervalInDays }}
        REGION: ${{ inputs.region }}
        TABLE_NAME: ${{ inputs.tableName }}