refactor: improve readability of aws creds

Author: lklimek

.github/actions/docker/action.yaml

@@ -88,6 +88,8 @@ runs:
         endpoint: ${{ inputs.cache_endpoint }}
         prefix: "cache-layers/${{ inputs.platform }}/"
         cache_to_name: ${{ inputs.cache_to_name }}
+        s3_access_key_id: ${{ inputs.cache_access_key_id }}
+        s3_secret_access_key: ${{ inputs.cache_secret_access_key }}
 
     - name: Set HOME variable to github context
       shell: bash
@@ -153,8 +155,9 @@ runs:
           }
         skip-extraction: ${{ steps.yarn-cache.outputs.cache-hit }}
 
-    - name: Setup sccache vars
+    - name: Configure sccache settings
       uses: ./.github/actions/sccache
+      id: sccache
       with:
         bucket: ${{ inputs.cache_bucket }}
         region: ${{ inputs.cache_region }}
@@ -167,6 +170,7 @@ runs:
     - name: Build and push Docker image ${{ inputs.image }}
       id: docker_build
       uses: docker/build-push-action@v6
+      env: ${{ steps.layer_cache_settings.outputs.env_vars }}
       with:
         context: .
         builder: ${{ steps.buildx.outputs.name }}
@@ -177,14 +181,7 @@ runs:
         platforms: ${{ inputs.platform }}
         secret-files: |
           AWS=${{ env.HOME }}/.aws/credentials
-        build-args: |
-          CARGO_BUILD_PROFILE=${{ inputs.cargo_profile }}
-          SCCACHE_BUCKET=${{ inputs.cache_bucket }}
-          SCCACHE_REGION=${{ inputs.cache_region }}
-          SCCACHE_ENDPOINT=${{ inputs.cache_endpoint }}
-          SCCACHE_S3_KEY_PREFIX=${{ env.SCCACHE_S3_KEY_PREFIX }}
-          SCCACHE_VERSION=${{ env.SCCACHE_VERSION }}
-          AWS_PROFILE=sccache
+        build-args: ${{ steps.sccache.outputs.env_vars }}
         cache-from: ${{ steps.layer_cache_settings.outputs.cache_from }}
         cache-to: ${{ steps.layer_cache_settings.outputs.cache_to }}
         outputs: type=image,name=${{ inputs.image_org }}/${{ inputs.image_name }},push-by-digest=${{ inputs.push_tags != 'true' }},name-canonical=true,push=true

.github/actions/s3-layer-cache-settings/action.yaml

@@ -25,6 +25,12 @@ inputs:
   prefix:
     description: S3 key prefix
     default: "cache-layers/"
+  s3_access_key_id:
+    description: Access key ID for S3 cache
+    required: true
+  s3_secret_access_key:
+    description: Secret access key for S3 cache
+    required: true
   mode:
     description: Cache mode
     default: max
@@ -39,10 +45,22 @@ outputs:
   cache_from:
     description: "String with s3-based cache configuration for docker buildx cache-from option"
     value: ${{ steps.script.outputs.cache_from }}
+  env_vars:
+    description: "Environment variables to set before running docker buildx"
+    value: |
+      AWS_PROFILE=docker-layers
+      AWS_SHARED_CREDENTIALS_FILE=${HOME}/.aws/credentials
 
 runs:
   using: composite
   steps:
+    - name: Configure AWS credentials for s3 layers
+      uses: ./.github/actions/aws_credentials
+      with:
+        access_key_id: ${{ inputs.access_key_id }}
+        secret_access_key: ${{ inputs.secret_access_key }}
+        profile: "docker-layers"
+
     - uses: actions/github-script@v6
       id: script
       with:

.github/actions/sccache/action.yaml

@@ -28,6 +28,20 @@ inputs:
     description: "sccache version"
     default: "0.8.2"
     required: false
+outputs:
+  env_vars:
+    description: "Environment variables to set"
+    value: |
+      AWS_PROFILE=sccache
+      CARGO_INCREMENTAL=0
+      RUSTC_WRAPPER=sccache
+      SCCACHE_BUCKET=${{ inputs.bucket }}
+      SCCACHE_REGION=${{ inputs.region }}
+      SCCACHE_ENDPOINT=${{ inputs.endpoint }}
+      SCCACHE_S3_KEY_PREFIX=sccache/${{ inputs.platform }}/
+      SCCACHE_VERSION=${{ inputs.version }}
+      CC="sccache cc"
+      CXX="sccache c++"
 
 # TODO: Cache deps here to save 1 minute
 runs:
@@ -57,3 +71,5 @@ runs:
         echo "SCCACHE_S3_KEY_PREFIX=sccache/${{ inputs.platform }}/" >> $GITHUB_ENV
         # "SCCACHE_VERSION" is used inside Docker to install the same version of sccache
         echo "SCCACHE_VERSION=${{ inputs.version }}" >> $GITHUB_ENV
+        echo "CC=\"sccache cc\"" >> $GITHUB_ENV
+        echo "CXX=\"sccache c++\"" >> $GITHUB_ENV