Lets the workflow set, e.g., public-read on the uploaded object so the
HTTPS URL is actually downloadable without further configuration. Empty
default means no ACL is sent — required for modern AWS buckets with
Object Ownership = "Bucket owner enforced" that reject any ACL.
Validates the value against the AWS canned-ACL list at config time so
typos fail before the upload runs. Wires the input through action.yml,
config, and the orchestrator; adds a unit test that the ACL is forwarded
to PutObjectInput when set and omitted when empty.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
After a successful S3 upload, log the HTTPS URL so the workflow run
output shows where the artefact was published. Uses the regional
virtual-hosted form for AWS S3 and path-style for custom endpoints,
matching how NewClient configures the client.
The URL is what the object would be served at if the bucket allows
public reads — the orchestrator does not assert anything about the
bucket's access policy.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Leon Mika