actually build the thing

package.json

@@ -1,6 +1,6 @@
 {
-  "name": "cache-s3",
-  "version": "1.0.0",
+  "name": "actions-s3-caching",
+  "version": "1.0.3",
   "private": true,
   "description": "Cache dependencies and build outputs",
   "main": "dist/restore/index.js",
@@ -13,7 +13,7 @@
   },
   "repository": {
     "type": "git",
-    "url": "git+https://github.com/dmolik/actions-cache-s3.git"
+    "url": "git+https://github.com/dmolik/actions-s3-caching.git"
   },
   "keywords": [
     "actions",
@@ -28,7 +28,9 @@
     "@actions/exec": "^1.0.1",
     "@actions/io": "^1.1.0",
     "@aws-sdk/client-s3": "^3.51.0",
-    "@aws-sdk/types": "^3.50.0"
+    "@aws-sdk/types": "^3.50.0",
+    "@aws-sdk/client-sts": "^3.50.0",
+    "@aws-sdk/credential-provider-web-identity": "^3.50.0"
   },
   "devDependencies": {
     "@types/jest": "^27.4.0",

src/utils/actionUtils.ts

@@ -1,8 +1,8 @@
 import * as core from "@actions/core";
-
 import { Inputs, Outputs, RefKey, State } from "../constants";
-
-import {CommonPrefix, InputSerialization, S3ClientConfig} from "@aws-sdk/client-s3";
+import { CommonPrefix, InputSerialization, S3ClientConfig } from "@aws-sdk/client-s3";
+import { fromTokenFile } from "@aws-sdk/credential-provider-web-identity";
+import { getDefaultRoleAssumerWithWebIdentity } from "@aws-sdk/client-sts";
 
 export function isGhes(): boolean {
     const ghUrl = new URL(
@@ -82,12 +82,18 @@ export function getInputS3ClientConfig(): S3ClientConfig | undefined {
     if (!s3BucketName) {
         return undefined
     }
+
     const credentials = core.getInput(Inputs.AWSAccessKeyId) ? {
         credentials: {
           accessKeyId: core.getInput(Inputs.AWSAccessKeyId),
           secretAccessKey: core.getInput(Inputs.AWSSecretAccessKey)
         }
-    } : null
+    } : {
+        credentials: fromTokenFile({
+          roleAssumerWithWebIdentity: getDefaultRoleAssumerWithWebIdentity(),
+        })
+    }
+
     const s3config = {
         ...credentials,
         region: core.getInput(Inputs.AWSRegion),