Replace ramonpaolo/action-upload-s3 with aws-actions/configure-aws-credentials + AWS CLI (#975)

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: thomasnordquist <7721625+thomasnordquist@users.noreply.github.com>

.github/workflows/tests.yml

@@ -73,19 +73,21 @@ jobs:
           TIMESTAMP=$(date +%Y%m%d-%H%M%S)
           FILENAME="pr-${{ github.event.pull_request.number }}-${TIMESTAMP}.gif"
           echo "filename=${FILENAME}" >> $GITHUB_OUTPUT
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-access-key-id: ${{ vars.AWS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: 'eu-central-1'
       - name: Upload to S3 with expiration tag
         id: upload
-        uses: ramonpaolo/action-upload-s3@main
-        with:
-          AWS_BUCKET_NAME: ${{ vars.AWS_BUCKET }}
-          AWS_REGION: 'eu-central-1'
-          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          AWS_ACCESS_KEY_ID: ${{ vars.AWS_KEY_ID }}
-          local_path_upload: './ui-test.gif'
-          bucket_path_upload: '/'
-          name_to_save_on_s3: ${{ steps.filename.outputs.filename }}
-          tags: 'expiration=90days&Source=github-actions&Type=pr-demo-video'
-          zip: false
+        env:
+          AWS_BUCKET: ${{ vars.AWS_BUCKET }}
+          FILENAME: ${{ steps.filename.outputs.filename }}
+        run: |
+          aws s3 cp ./ui-test.gif s3://${AWS_BUCKET}/${FILENAME} \
+            --tagging "expiration=90days&Source=github-actions&Type=pr-demo-video" \
+            --acl public-read
       - name: Generate file URL
         id: fileurl
         env:

CI_CD.md

@@ -75,7 +75,7 @@ Tests the traditional Electron desktop application:
   7. Display test results in GitHub summary
 
 **Artifacts**: 
-- UI test video (GIF format) uploaded to S3
+- UI test video (GIF format) uploaded to S3 using AWS CLI
 - Video is tagged with `expiration=90days` for automatic lifecycle deletion
 - Video is posted to the PR thread as an embedded image
 - Videos expire after 90 days via S3 lifecycle policy
@@ -262,22 +262,24 @@ aws s3api get-bucket-lifecycle-configuration --bucket YOUR_BUCKET_NAME
   - `Source=github-actions` - Identifies source of upload
   - `Type=pr-demo-video` - Categorizes the object type
 - **S3 lifecycle rule**: Automatically deletes objects tagged with `expiration=90days` after 90 days
-- **Upload mechanism**: Uses `ramonpaolo/action-upload-s3@main` GitHub Action with object tagging support
+- **Upload mechanism**: Uses official AWS CLI via `aws-actions/configure-aws-credentials@v4` GitHub Action for authentication, then `aws s3 cp` with object tagging support
 - **gh-pages video**: `video.mp4` in gh-pages branch is served from GitHub Pages, not S3, so it persists indefinitely
 
 #### Required AWS Credentials
 
 The workflow requires the following secrets/variables:
-- `vars.AWS_KEY_ID` - AWS access key ID (requires `s3:PutObject` and `s3:PutObjectTagging` permissions)
+- `vars.AWS_KEY_ID` - AWS access key ID (requires `s3:PutObject`, `s3:PutObjectTagging`, and `s3:PutObjectAcl` permissions)
 - `secrets.AWS_SECRET_ACCESS_KEY` - AWS secret access key
 - `vars.AWS_BUCKET` - S3 bucket name
 - AWS region: `eu-central-1` (hardcoded in workflow)
 
 The S3 bucket must have:
-- Public read access enabled for uploaded objects
+- Public read access enabled for uploaded objects (via ACL or bucket policy)
 - Object tagging enabled
 - Lifecycle policy configured as described above
 
+The workflow uses the official AWS CLI via `aws-actions/configure-aws-credentials@v4` action for secure credential management.
+
 ## Troubleshooting
 
 ### Browser Tests Failing