Skip to content

Add a way to disable cleanup script #1545

New issue
New issue
Open
Open
Add a way to disable cleanup script#1545
Labels
feature-requestA feature should be added or improved.needs-triageThis issue still needs to be triaged
@drornir

Description

@drornir
drornir
opened on Nov 10, 2025

Describe the feature

I would like a way to disable the cleanup script that runs on the action post action.
Currently the cleanup script unconditionally unsets the env variables set by this action when output-env-credentials inputs s true.

https://github.com/aws-actions/configure-aws-credentials/blob/main/src/cleanup/index.ts
https://github.com/aws-actions/configure-aws-credentials/blob/main/action.yml#L7

Use Case

It's useful when creating a composite action.
The current behavior makes it impossible to use this action as part of a generic "setup environment" composite action.

For example, consider this contrived example:

The action:

# .github/actions/setup/action.yml
name: "Setup Environment"

runs:
  using: "composite"
  steps:
    - name: Some custom code that sets other 
      shell: bash
      run: "..."
    - name: Configure AWS Credentials
      uses: aws-actions/configure-aws-credentials@v4
      with:
        aws-region: eu-central-1
        role-to-assume: arn:aws:iam::1234567890:role/MyRole

And workflow:

on:
     workflow_dispatch:

jobs:
  my-job:
    runs-on: ubuntu-24.04
    steps:
      - uses: actions/checkout@4
      
      - name: Using The Above Action
        uses: ./.github/actions/setup

      - name: Some AWS API Call
        runs: 'bash ./s3-upload.sh'

Currently, the step "Some AWS API Call" will not be authenticated because the environment variables were reset by the cleanup step that ran at the post script of the action.

Proposed Solution

Add a post-if with an env var and/or input

Example usage:

    - name: Configure AWS Credentials
      uses: aws-actions/configure-aws-credentials@v4
      env:
         AWS_CONFIGURE_ACTION_SKIP_CLEANUP: true
      with:
        aws-region: eu-central-1
        role-to-assume: arn:aws:iam::1234567890:role/MyRole

and implementation in action.yaml

  post: dist/cleanup/index.js
  post-if: env.AWS_CONFIGURE_ACTION_SKIP_CLEANUP != 'true'

Other Information

I'm more than happy to implement this and make a PR, I was wondering if there is maybe an existing decision to not do that (e.g security issue) that would prevent this from being merged before I write the PR and test it.

Acknowledgements

  • I may be able to implement this feature request
  • This feature might incur a breaking change

Metadata

Metadata

Assignees

No one assigned

    Labels

    feature-requestA feature should be added or improved.needs-triageThis issue still needs to be triaged

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions