Downloading a workflow file from AWS S3 bucket and run a same workflow in GitHub action

I have 2 workflow files(wf_1 & wf_2) in the same repo inside the .github/workflows directory.
the wf_1 downloads a check.yml(check.yml is apart of another private repository in the same org, and being uploaded to the S3 through another workflow) in the repo from an AWS S3 bucket, and wf_2 builds and pushes the container images to the Docker repository.

I want my workflow execution to follow the following sequence:

  • Download the check.yml workflow from AWS S3 (which wf_1 already does)
  • Run downloaded workflow file (check.yml ) → unable to link this with next workflow (wf_2)
  • After a successful run of check.yml, run wf_2

Approaches i looked for:

  • I tried using the workflow_run event but it won’t work as it requires the workflow to be present in the default repo
  • I also looked into workflow_dispatch but the same condition applies here as above.

wf_1.yml

name: Copy Github Actions to run
on:
  push:
    branches:
      - main
  pull_request:
    types:
      - opened
      - edited
      - synchronize
    branches:
      - main
jobs:
  pull-action-from-s3:
    runs-on: ubuntu-latest
    name: Pull action from S3
    steps:
    - name: Checkout
      uses: actions/checkout@v2

    - name: Configure AWS credentials from Actions account
      uses: aws-actions/configure-aws-credentials@v1
      with:
        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
        aws-region: ${{ secrets.AWS_REGION }}

    - name: Copy Github Action from the core rep with the AWS CLI
      run: |
        aws s3 sync  s3_uri_here local_dir_here

check.yml

name: CI workflow
on:
  push:
    branches:
      - main
jobs:
  other_thing_goes_here

wf_2.yml

name: Build and Push to ECR
on:
 workflow_run:
      workflows: ["CI Workflow"]
      types:
        - completed
jobs:
  push-to-ecr:
      runs-on: ubuntu-latest
      name: Build & Push to ECR
      steps:
         step_goes_here

There is no way to run a workflow through GitHub Actions that’s not part of the repository. What is the goal behind hosting the workflow file elsewhere? Maybe there is another way to achieve it.

1 Like

you can have a checkout step and clone that custom action/composite action if you are hosting it in a private repo. See this example**

downside is that you have to pass creds (depends on your org policies you can create a read-only user and grant it access to repositories hosting this actions) the create a secret at the org level and make that credential available to whole org

2 Likes

@peimanja thanks!
I am thinking of doing same now but my check.yml is not an action, it just a simple workflow file which uses bunch of actions from GitHub market place.
I need to make it as an proper action, then I can do a composite run.
I guess I need to make it as a proper action file and then use it.

@airtower-luna I agree with your point.

What is the goal behind hosting the workflow file elsewhere? Maybe there is another way to achieve it.

The idea is to run the same action across different repositories within an org whenever a PR gets raised.
The idea behind uploading action from a different repo to S3 bucket was, reusing the same workflow across repo’s without using PAT (if we create a dedicated repo for priavte action and use, we need a PAT to access that, which is not feasible - I haven’t tried creating a bot account with access, need to think on security measures as well.)