anthropics/claude-code-action
1
0
Fork 0
mirror of https://github.com/anthropics/claude-code-action.git synced 2026-01-22 22:44:13 +08:00
Code Issues Packages Projects Releases Wiki Activity

added: AWS_BEARER_TOKEN_BEDROCK authentication capabilities (#692)

Browse Source
This commit is contained in:
Jose Garcia
2025-11-20 18:47:12 -03:00
committed by GitHub
parent 4318310481
commit c2edeab4c3
4 changed files with 55 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
action.yml
View File

@@ -250,6 +250,7 @@ runs:
AWS_ACCESS_KEY_ID: ${{ env.AWS_ACCESS_KEY_ID }} AWS_ACCESS_KEY_ID: ${{ env.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ env.AWS_SECRET_ACCESS_KEY }} AWS_SECRET_ACCESS_KEY: ${{ env.AWS_SECRET_ACCESS_KEY }}
AWS_SESSION_TOKEN: ${{ env.AWS_SESSION_TOKEN }} AWS_SESSION_TOKEN: ${{ env.AWS_SESSION_TOKEN }}
AWS_BEARER_TOKEN_BEDROCK: ${{ env.AWS_BEARER_TOKEN_BEDROCK }}
ANTHROPIC_BEDROCK_BASE_URL: ${{ env.ANTHROPIC_BEDROCK_BASE_URL || (env.AWS_REGION && format('https://bedrock-runtime.{0}.amazonaws.com', env.AWS_REGION)) }} ANTHROPIC_BEDROCK_BASE_URL: ${{ env.ANTHROPIC_BEDROCK_BASE_URL || (env.AWS_REGION && format('https://bedrock-runtime.{0}.amazonaws.com', env.AWS_REGION)) }}
# GCP configuration # GCP configuration

1
base-action/action.yml
View File

@@ -159,6 +159,7 @@ runs:
AWS_ACCESS_KEY_ID: ${{ env.AWS_ACCESS_KEY_ID }} AWS_ACCESS_KEY_ID: ${{ env.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ env.AWS_SECRET_ACCESS_KEY }} AWS_SECRET_ACCESS_KEY: ${{ env.AWS_SECRET_ACCESS_KEY }}
AWS_SESSION_TOKEN: ${{ env.AWS_SESSION_TOKEN }} AWS_SESSION_TOKEN: ${{ env.AWS_SESSION_TOKEN }}
AWS_BEARER_TOKEN_BEDROCK: ${{ env.AWS_BEARER_TOKEN_BEDROCK }}
ANTHROPIC_BEDROCK_BASE_URL: ${{ env.ANTHROPIC_BEDROCK_BASE_URL || (env.AWS_REGION && format('https://bedrock-runtime.{0}.amazonaws.com', env.AWS_REGION)) }} ANTHROPIC_BEDROCK_BASE_URL: ${{ env.ANTHROPIC_BEDROCK_BASE_URL || (env.AWS_REGION && format('https://bedrock-runtime.{0}.amazonaws.com', env.AWS_REGION)) }}
# GCP configuration # GCP configuration

28
base-action/src/validate-env.ts
View File

@@ -23,17 +23,25 @@ export function validateEnvironmentVariables() {
); );
} }
} else if (useBedrock) { } else if (useBedrock) {
const requiredBedrockVars = { const awsRegion = process.env.AWS_REGION;
AWS_REGION: process.env.AWS_REGION, const awsAccessKeyId = process.env.AWS_ACCESS_KEY_ID;
AWS_ACCESS_KEY_ID: process.env.AWS_ACCESS_KEY_ID, const awsSecretAccessKey = process.env.AWS_SECRET_ACCESS_KEY;
AWS_SECRET_ACCESS_KEY: process.env.AWS_SECRET_ACCESS_KEY, const awsBearerToken = process.env.AWS_BEARER_TOKEN_BEDROCK;
};
Object.entries(requiredBedrockVars).forEach(([key, value]) => { // AWS_REGION is always required for Bedrock
if (!value) { if (!awsRegion) {
errors.push(`${key} is required when using AWS Bedrock.`); errors.push("AWS_REGION is required when using AWS Bedrock.");
} }
});
// Either bearer token OR access key credentials must be provided
const hasAccessKeyCredentials = awsAccessKeyId && awsSecretAccessKey;
const hasBearerToken = awsBearerToken;
if (!hasAccessKeyCredentials && !hasBearerToken) {
errors.push(
"Either AWS_BEARER_TOKEN_BEDROCK or both AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY are required when using AWS Bedrock.",
);
}
} else if (useVertex) { } else if (useVertex) {
const requiredVertexVars = { const requiredVertexVars = {
ANTHROPIC_VERTEX_PROJECT_ID: process.env.ANTHROPIC_VERTEX_PROJECT_ID, ANTHROPIC_VERTEX_PROJECT_ID: process.env.ANTHROPIC_VERTEX_PROJECT_ID,

45
base-action/test/validate-env.test.ts
View File

@@ -17,6 +17,7 @@ describe("validateEnvironmentVariables", () => {
delete process.env.AWS_ACCESS_KEY_ID; delete process.env.AWS_ACCESS_KEY_ID;
delete process.env.AWS_SECRET_ACCESS_KEY; delete process.env.AWS_SECRET_ACCESS_KEY;
delete process.env.AWS_SESSION_TOKEN; delete process.env.AWS_SESSION_TOKEN;
delete process.env.AWS_BEARER_TOKEN_BEDROCK;
delete process.env.ANTHROPIC_BEDROCK_BASE_URL; delete process.env.ANTHROPIC_BEDROCK_BASE_URL;
delete process.env.ANTHROPIC_VERTEX_PROJECT_ID; delete process.env.ANTHROPIC_VERTEX_PROJECT_ID;
delete process.env.CLOUD_ML_REGION; delete process.env.CLOUD_ML_REGION;
@@ -92,31 +93,58 @@ describe("validateEnvironmentVariables", () => {
); );
}); });
test("should fail when AWS_ACCESS_KEY_ID is missing", () => { test("should fail when only AWS_SECRET_ACCESS_KEY is provided without bearer token", () => {
process.env.CLAUDE_CODE_USE_BEDROCK = "1"; process.env.CLAUDE_CODE_USE_BEDROCK = "1";
process.env.AWS_REGION = "us-east-1"; process.env.AWS_REGION = "us-east-1";
process.env.AWS_SECRET_ACCESS_KEY = "test-secret-key"; process.env.AWS_SECRET_ACCESS_KEY = "test-secret-key";
expect(() => validateEnvironmentVariables()).toThrow( expect(() => validateEnvironmentVariables()).toThrow(
"AWS_ACCESS_KEY_ID is required when using AWS Bedrock.", "Either AWS_BEARER_TOKEN_BEDROCK or both AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY are required when using AWS Bedrock.",
); );
}); });
test("should fail when AWS_SECRET_ACCESS_KEY is missing", () => { test("should fail when only AWS_ACCESS_KEY_ID is provided without bearer token", () => {
process.env.CLAUDE_CODE_USE_BEDROCK = "1"; process.env.CLAUDE_CODE_USE_BEDROCK = "1";
process.env.AWS_REGION = "us-east-1"; process.env.AWS_REGION = "us-east-1";
process.env.AWS_ACCESS_KEY_ID = "test-access-key"; process.env.AWS_ACCESS_KEY_ID = "test-access-key";
expect(() => validateEnvironmentVariables()).toThrow( expect(() => validateEnvironmentVariables()).toThrow(
"AWS_SECRET_ACCESS_KEY is required when using AWS Bedrock.", "Either AWS_BEARER_TOKEN_BEDROCK or both AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY are required when using AWS Bedrock.",
); );
}); });
test("should report all missing Bedrock variables", () => { test("should pass when AWS_BEARER_TOKEN_BEDROCK is provided instead of access keys", () => {
process.env.CLAUDE_CODE_USE_BEDROCK = "1";
process.env.AWS_REGION = "us-east-1";
process.env.AWS_BEARER_TOKEN_BEDROCK = "test-bearer-token";
expect(() => validateEnvironmentVariables()).not.toThrow();
});
test("should pass when both bearer token and access keys are provided", () => {
process.env.CLAUDE_CODE_USE_BEDROCK = "1";
process.env.AWS_REGION = "us-east-1";
process.env.AWS_BEARER_TOKEN_BEDROCK = "test-bearer-token";
process.env.AWS_ACCESS_KEY_ID = "test-access-key";
process.env.AWS_SECRET_ACCESS_KEY = "test-secret-key";
expect(() => validateEnvironmentVariables()).not.toThrow();
});
test("should fail when no authentication method is provided", () => {
process.env.CLAUDE_CODE_USE_BEDROCK = "1";
process.env.AWS_REGION = "us-east-1";
expect(() => validateEnvironmentVariables()).toThrow(
"Either AWS_BEARER_TOKEN_BEDROCK or both AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY are required when using AWS Bedrock.",
);
});
test("should report missing region and authentication", () => {
process.env.CLAUDE_CODE_USE_BEDROCK = "1"; process.env.CLAUDE_CODE_USE_BEDROCK = "1";
expect(() => validateEnvironmentVariables()).toThrow( expect(() => validateEnvironmentVariables()).toThrow(
/AWS_REGION is required when using AWS Bedrock.*AWS_ACCESS_KEY_ID is required when using AWS Bedrock.*AWS_SECRET_ACCESS_KEY is required when using AWS Bedrock/s, /AWS_REGION is required when using AWS Bedrock.*Either AWS_BEARER_TOKEN_BEDROCK or both AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY are required when using AWS Bedrock/s,
); );
}); });
}); });
@@ -204,10 +232,7 @@ describe("validateEnvironmentVariables", () => {
" - AWS_REGION is required when using AWS Bedrock.", " - AWS_REGION is required when using AWS Bedrock.",
); );
expect(error!.message).toContain( expect(error!.message).toContain(
" - AWS_ACCESS_KEY_ID is required when using AWS Bedrock.", " - Either AWS_BEARER_TOKEN_BEDROCK or both AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY are required when using AWS Bedrock.",
);
expect(error!.message).toContain(
" - AWS_SECRET_ACCESS_KEY is required when using AWS Bedrock.",
); );
}); });
}); });