chore: release v4 (#840)

* chore: release v4

* chore: remove node from matrix in integ tests

* chore: update changelog

Author: peterwoodworth

.github/workflows/package.yml

@@ -28,7 +28,7 @@ jobs:
           npm test
           npm run package
       - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@v3
+        uses: aws-actions/configure-aws-credentials@v4
         with:
           aws-region: us-west-2
           role-to-assume: ${{ secrets.SECRETS_AWS_PACKAGING_ROLE_TO_ASSUME }}

.github/workflows/tests-integ.yml

@@ -12,7 +12,6 @@ jobs:
       fail-fast: false
       matrix:
         os: [[self-hosted, linux-fargate], windows-latest, ubuntu-latest, macos-latest]
-        node: [14, 16, 18]
     name: Run OIDC integ tests
     runs-on: ${{ matrix.os }}
     timeout-minutes: 30
@@ -35,7 +34,6 @@ jobs:
       fail-fast: false
       matrix:
         os: [[self-hosted, linux-fargate], windows-latest, ubuntu-latest, macos-latest]
-        node: [14, 16, 18]
     name: Run OIDC integ tests with existing invalid env vars
     runs-on: ${{ matrix.os }}
     env:
@@ -59,7 +57,6 @@ jobs:
       fail-fast: false
       matrix:
         os: [[self-hosted, linux-fargate], windows-latest, ubuntu-latest, macos-latest]
-        node: [14, 16, 18]
     name: Run access key integ tests
     runs-on: ${{ matrix.os }}
     timeout-minutes: 30
@@ -80,7 +77,6 @@ jobs:
       fail-fast: false
       matrix:
         os: [[self-hosted, linux-fargate], windows-latest, ubuntu-latest, macos-latest]
-        node: [14, 16, 18]
     name: Run access key from env integ tests
     runs-on: ${{ matrix.os }}
     timeout-minutes: 30
@@ -102,7 +98,6 @@ jobs:
       fail-fast: false
       matrix:
         os: [[self-hosted, linux-fargate], windows-latest, ubuntu-latest, macos-latest]
-        node: [14, 16, 18]
     name: Run IAM User integ tests
     runs-on: ${{ matrix.os }}
     timeout-minutes: 30

.github/workflows/tests-unit.yml

@@ -9,7 +9,6 @@ jobs:
       fail-fast: false
       matrix:
         os: [windows-latest, ubuntu-latest, macos-latest]
-        node: [14, 16, 18]
     name: Run unit tests
     runs-on: ${{ matrix.os }}
     timeout-minutes: 5
@@ -19,7 +18,7 @@ jobs:
       - name: "Setup node"
         uses: actions/setup-node@v3
         with:
-          node-version: ${{ matrix.node }}
+          node-version: 20
       - name: "Install dependencies"
         uses: bahmutov/npm-install@v1
       - name: "Run tests"
@@ -34,7 +33,7 @@ jobs:
       - name: "Setup node"
         uses: actions/setup-node@v3
         with:
-          node-version: 16
+          node-version: 20
       - name: "Install dependencies"
         uses: bahmutov/npm-install@v1
       - name: "Lint code"

CHANGELOG.md

@@ -2,6 +2,10 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
+## [4.0.0](https://github.com/aws-actions/configure-aws-credentials/compare/v3.0.2...v4.0.0) (2023-09-11)
+
+* Upgraded runtime to `node20` from `node16`
+
 ## [3.0.2](https://github.com/aws-actions/configure-aws-credentials/compare/v3.0.1...v3.0.2) (2023-09-07)
 
 ### Bug Fixes

README.md

@@ -7,7 +7,15 @@ calls.
 
 ---
 
-### News
+### Recent News
+
+#### v4 Announcement (9/11/23)
+
+We have just released `v4` of Configure AWS Credentials. The only thing that
+changed from `v3` is that the action now runs on `node20` instead of `node16`.
+You can still see the `v3` announcement below, as it is still recent.
+
+#### v3 Announcement (8/23/23)
 
 We have recently released `v3` of Configure AWS Credentials! With this new
 release we have migrated the code to TypeScript, and have also migrated away
@@ -82,7 +90,7 @@ To do that, you would add the following step to your workflow:
 
 ```yaml
     - name: Configure AWS Credentials
-      uses: aws-actions/configure-aws-credentials@v3
+      uses: aws-actions/configure-aws-credentials@v4
       with:
         role-to-assume: arn:aws:iam::123456789100:role/my-github-actions-role
         aws-region: us-east-2
@@ -111,15 +119,15 @@ jobs:
     - name: Checkout
       uses: actions/checkout@v3
     - name: Configure AWS credentials from Test account
-      uses: aws-actions/configure-aws-credentials@v3
+      uses: aws-actions/configure-aws-credentials@v4
       with:
         role-to-assume: arn:aws:iam::111111111111:role/my-github-actions-role-test
         aws-region: us-east-1
     - name: Copy files to the test website with the AWS CLI
       run: |
         aws s3 sync . s3://my-s3-test-website-bucket
     - name: Configure AWS credentials from Production account
-      uses: aws-actions/configure-aws-credentials@v3
+      uses: aws-actions/configure-aws-credentials@v4
       with:
         role-to-assume: arn:aws:iam::222222222222:role/my-github-actions-role-prod
         aws-region: us-west-2
@@ -209,7 +217,7 @@ within the Action. See [issue 419](https://github.com/aws-actions/configure-aws-
 You can skip this session tagging by providing
 `role-skip-session-tagging` as true in the action's inputs:
 ```yaml
-      uses: aws-actions/configure-aws-credentials@v3
+      uses: aws-actions/configure-aws-credentials@v4
       with:
         role-skip-session-tagging: true
 ```
@@ -220,13 +228,13 @@ You can skip this session tagging by providing
 An IAM policy in stringified JSON format that you want to use as an inline session policy.
 Depending on preferences, the JSON could be written on a single line like this:
 ```yaml
-      uses: aws-actions/configure-aws-credentials@v3
+      uses: aws-actions/configure-aws-credentials@v4
       with:
          inline-session-policy: '{"Version":"2012-10-17","Statement":[{"Sid":"Stmt1","Effect":"Allow","Action":"s3:List*","Resource":"*"}]}'
 ```
 Or we can have a nicely formatted JSON as well:
 ```yaml
-      uses: aws-actions/configure-aws-credentials@v3
+      uses: aws-actions/configure-aws-credentials@v4
       with:
          inline-session-policy: >-
           {
@@ -246,13 +254,13 @@ Or we can have a nicely formatted JSON as well:
 The Amazon Resource Names (ARNs) of the IAM managed policies that you want to use as managed session policies.
 The policies must exist in the same account as the role. You can pass a single managed policy like this:
 ```yaml
-      uses: aws-actions/configure-aws-credentials@v3
+      uses: aws-actions/configure-aws-credentials@v4
       with:
          managed-session-policies: arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess
 ```
 And we can pass multiple managed policies likes this:
 ```yaml
-      uses: aws-actions/configure-aws-credentials@v3
+      uses: aws-actions/configure-aws-credentials@v4
       with:
          managed-session-policies: |
           arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess
@@ -295,7 +303,7 @@ When the JWT is created, an audience needs to be specified. By default, the audi
 
 ```yaml
     - name: Configure AWS Credentials for China region audience
-      uses: aws-actions/configure-aws-credentials@v3
+      uses: aws-actions/configure-aws-credentials@v4
       with:
         audience: sts.amazonaws.com.cn
         aws-region: us-east-3
@@ -407,7 +415,7 @@ You can use this action to simply configure the region and account ID in the
 environment, and then use the runner's credentials for all AWS API calls made by
 your Actions workflow:
 ```yaml
-uses: aws-actions/configure-aws-credentials@v3
+uses: aws-actions/configure-aws-credentials@v4
 with:
   aws-region: us-east-2
 ```
@@ -417,7 +425,7 @@ APIs called by your Actions workflow.
 Or, you can use this action to assume a role, and then use the role credentials
 for all AWS API calls made by your Actions workflow:
 ```yaml
-uses: aws-actions/configure-aws-credentials@v3
+uses: aws-actions/configure-aws-credentials@v4
 with:
   aws-region: us-east-2
   role-to-assume: my-github-actions-role
@@ -440,7 +448,7 @@ environment.
 
 Manually configured proxy:
 ```yaml
-uses: aws-actions/configure-aws-credentials@v3
+uses: aws-actions/configure-aws-credentials@v4
 with:
   aws-region: us-east-2
   role-to-assume: my-github-actions-role
@@ -470,7 +478,7 @@ should include the AWS CLI by default.
 ### AssumeRoleWithWebIdentity (recommended)
 ```yaml
     - name: Configure AWS Credentials
-      uses: aws-actions/configure-aws-credentials@v3
+      uses: aws-actions/configure-aws-credentials@v4
       with:
         aws-region: us-east-2
         role-to-assume: arn:aws:iam::123456789100:role/my-github-actions-role
@@ -481,13 +489,13 @@ In this example, the Action will load the OIDC token from the GitHub-provided en
 ### AssumeRole with role previously assumed by action in same workflow
 ```yaml
     - name: Configure AWS Credentials
-      uses: aws-actions/configure-aws-credentials@v3
+      uses: aws-actions/configure-aws-credentials@v4
       with:
         aws-region: us-east-2
         role-to-assume: arn:aws:iam::123456789100:role/my-github-actions-role
         role-session-name: MySessionName
     - name: Configure other AWS Credentials
-      uses: aws-actions/configure-aws-credentials@v3
+      uses: aws-actions/configure-aws-credentials@v4
       with:
         aws-region: us-east-2
         role-to-assume: arn:aws:iam::987654321000:role/my-second-role
@@ -499,7 +507,7 @@ In this two-step example, the first step will use OIDC to assume the role `arn:a
 ### AssumeRole with static IAM credentials in repository secrets
 ```yaml
     - name: Configure AWS Credentials
-      uses: aws-actions/configure-aws-credentials@v3
+      uses: aws-actions/configure-aws-credentials@v4
       with:
         aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
         aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
@@ -515,7 +523,7 @@ In this example, the secret `AWS_ROLE_TO_ASSUME` contains a string like `arn:aws
 ```yaml
     - name: Configure AWS Credentials 1
       id: creds
-      uses: aws-actions/configure-aws-credentials@v3
+      uses: aws-actions/configure-aws-credentials@v4
       with:
         aws-region: us-east-2
         role-to-assume: arn:aws:iam::123456789100:role/my-github-actions-role
@@ -524,7 +532,7 @@ In this example, the secret `AWS_ROLE_TO_ASSUME` contains a string like `arn:aws
       run: |
         aws sts get-caller-identity
     - name: Configure AWS Credentials 2
-      uses: aws-actions/configure-aws-credentials@v3
+      uses: aws-actions/configure-aws-credentials@v4
       with:
         aws-region: us-east-2
         aws-access-key-id: ${{ steps.creds.outputs.aws-access-key-id }}