Skip to content

feat: Add options to pass task and execution role ARNs #372

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 7 commits into
base: master
Choose a base branch
from
Open

feat: Add options to pass task and execution role ARNs #372

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
594de73
feat: Add options to pass task and execution role ARNs
mskrip Feb 19, 2025
600dae7
Run npm run package
mskrip Feb 19, 2025
eeb0f1d
Merge branch 'master' into master
mskrip Feb 26, 2025
8a3720f
Merge branch 'master' into master
mskrip Mar 4, 2025
a8b0898
Merge branch 'master' into master
mskrip Mar 11, 2025
eeb8810
Merge branch 'master' into master
mskrip Apr 2, 2025
0e73dbf
Merge branch 'master' into master
mskrip May 14, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,12 @@ inputs:
command:
description: 'The command used by ECS to start the container image'
required: false
task-role-arn:
description: 'The full Amazon Resource Name (ARN) of the task role to set for the task definition'
required: false
execution-role-arn:
description: 'The full Amazon Resource Name (ARN) of the execution role to set for the task definition'
required: false
env-files:
description: 'S3 object arns to set env variables onto the container. You can specify multiple files with multi-line YAML strings.'
required: false
Expand Down
10 changes: 10 additions & 0 deletions dist/index.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,8 @@ async function run() {
const logConfigurationOptions = core.getInput("log-configuration-options", { required: false });
const dockerLabels = core.getInput('docker-labels', { required: false });
const command = core.getInput('command', { required: false });
const taskRoleArn = core.getInput('task-role-arn', { required: false });
const executionRoleArn = core.getInput('execution-role-arn', { required: false });

//New inputs to fetch task definition
const taskDefinitionArn = core.getInput('task-definition-arn', { required: false }) || undefined;
Expand Down Expand Up @@ -119,6 +121,14 @@ async function run() {
containerDef.command = command.split(' ')
}

if (taskRoleArn) {
containerDef.taskRoleArn = taskRoleArn;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we add a regex validation for the arn? Need appropriate unit tests as well for these changes.

}

if (executionRoleArn) {
containerDef.executionRoleArn = executionRoleArn;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we add a regex validation for the arn? Need appropriate unit tests as well for these changes.

}

if (envFiles) {
containerDef.environmentFiles = [];
envFiles.split('\n').forEach(function (line) {
Expand Down
10 changes: 10 additions & 0 deletions index.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,8 @@ async function run() {
const logConfigurationOptions = core.getInput("log-configuration-options", { required: false });
const dockerLabels = core.getInput('docker-labels', { required: false });
const command = core.getInput('command', { required: false });
const taskRoleArn = core.getInput('task-role-arn', { required: false });
const executionRoleArn = core.getInput('execution-role-arn', { required: false });

//New inputs to fetch task definition
const taskDefinitionArn = core.getInput('task-definition-arn', { required: false }) || undefined;
Expand Down Expand Up @@ -113,6 +115,14 @@ async function run() {
containerDef.command = command.split(' ')
}

if (taskRoleArn) {
containerDef.taskRoleArn = taskRoleArn;
}

if (executionRoleArn) {
containerDef.executionRoleArn = executionRoleArn;
}

if (envFiles) {
containerDef.environmentFiles = [];
envFiles.split('\n').forEach(function (line) {
Expand Down
224 changes: 224 additions & 0 deletions index.test.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,8 @@ describe('Render task definition', () => {
.mockReturnValueOnce('') // log Configuration Options
.mockReturnValueOnce('') // docker labels
.mockReturnValueOnce('') // command
.mockReturnValueOnce('') // task role arn
.mockReturnValueOnce('') // execution role arn
.mockReturnValueOnce('') // task-definition arn
.mockReturnValueOnce('') // task-definition family
.mockReturnValueOnce('') // task-definition revision
Expand Down Expand Up @@ -263,6 +265,8 @@ describe('Render task definition', () => {
.mockReturnValueOnce('') // log Configuration Options
.mockReturnValueOnce('') // docker labels
.mockReturnValueOnce('') // command
.mockReturnValueOnce('') // task role arn
.mockReturnValueOnce('') // execution role arn
.mockReturnValueOnce('') // task-definition arn
.mockReturnValueOnce('') // task-definition family
.mockReturnValueOnce('') // task-definition revision
Expand Down Expand Up @@ -477,6 +481,8 @@ describe('Render task definition', () => {
.mockReturnValueOnce('')
.mockReturnValueOnce('')
.mockReturnValueOnce('')
.mockReturnValueOnce('')
.mockReturnValueOnce('')
.mockReturnValueOnce('SECRET');
await run();

Expand Down Expand Up @@ -523,6 +529,8 @@ describe('Render task definition', () => {
.mockReturnValueOnce('') // log Configuration Options
.mockReturnValueOnce('') // Docker Labels
.mockReturnValueOnce('') // Command Options
.mockReturnValueOnce('') // task role arn
.mockReturnValueOnce('') // execution role arn
.mockReturnValueOnce('task-definition-arn') // task definition arn
.mockReturnValueOnce('task-definition-family') // task definition family
.mockReturnValueOnce(0); // task definition revision
Expand All @@ -544,6 +552,8 @@ describe('Render task definition', () => {
.mockReturnValueOnce('') // log Configuration Options
.mockReturnValueOnce('') // Docker Labels
.mockReturnValueOnce('') // Command Options
.mockReturnValueOnce('') // task role arn
.mockReturnValueOnce('') // execution role arn
.mockReturnValueOnce('') // task definition arn
.mockReturnValueOnce("task-definition-family") // task definition family
.mockReturnValueOnce(10); // task definition revision
Expand All @@ -569,6 +579,8 @@ describe('Render task definition', () => {
.mockReturnValueOnce('') // log Configuration Options
.mockReturnValueOnce('') // Docker Labels
.mockReturnValueOnce('') // Command Options
.mockReturnValueOnce('') // task role arn
.mockReturnValueOnce('') // execution role arn
.mockReturnValueOnce('') // task definition arn
.mockReturnValueOnce("task-definition-family") // task definition family
.mockReturnValueOnce(0); // task definition revision
Expand All @@ -595,6 +607,8 @@ describe('Render task definition', () => {
.mockReturnValueOnce('') // log Configuration Options
.mockReturnValueOnce('') // Docker Labels
.mockReturnValueOnce('') // Command Options
.mockReturnValueOnce('') // task role arn
.mockReturnValueOnce('') // execution role arn
.mockReturnValueOnce('task-definition-arn') // task definition arn
.mockReturnValueOnce('') // task definition family
.mockReturnValueOnce(0); // task definition revision
Expand All @@ -621,6 +635,8 @@ describe('Render task definition', () => {
.mockReturnValueOnce('') // log Configuration Options
.mockReturnValueOnce('') // Docker Labels
.mockReturnValueOnce('') // Command Options
.mockReturnValueOnce('') // task role arn
.mockReturnValueOnce('') // execution role arn
.mockReturnValueOnce('task-definition-arn') // task definition arn
.mockReturnValueOnce('') // task definition family
.mockReturnValueOnce(0); //task definition revision
Expand All @@ -644,6 +660,8 @@ describe('Render task definition', () => {
.mockReturnValueOnce('') // log Configuration Options
.mockReturnValueOnce('') // Docker Labels
.mockReturnValueOnce('') // Command Options
.mockReturnValueOnce('') // task role arn
.mockReturnValueOnce('') // execution role arn
.mockReturnValueOnce('task-definition-arn') //task definition arn
.mockReturnValueOnce('task-definition-family') //task definition family
.mockReturnValueOnce(10); //task definition revision
Expand All @@ -667,6 +685,8 @@ describe('Render task definition', () => {
.mockReturnValueOnce('') // log Configuration Options
.mockReturnValueOnce('') // Docker Labels
.mockReturnValueOnce('') // Command Options
.mockReturnValueOnce('') // task role arn
.mockReturnValueOnce('') // execution role arn
.mockReturnValueOnce('task-definition-arn') // task definition arn
.mockReturnValueOnce('task-definition-family') // task definition family
.mockReturnValueOnce(0); // task definition revision
Expand All @@ -692,6 +712,8 @@ describe('Render task definition', () => {
.mockReturnValueOnce('') // log Configuration Options
.mockReturnValueOnce('') // Docker Labels
.mockReturnValueOnce('') // Command Options
.mockReturnValueOnce('') // task role arn
.mockReturnValueOnce('') // execution role arn
.mockReturnValueOnce('') // task definition arn
.mockReturnValueOnce('') // task definition family
.mockReturnValueOnce(10); // task definition revision
Expand Down Expand Up @@ -978,4 +1000,206 @@ describe('Render task definition', () => {
}, null, 2)
);
});

test('renders a task definition task role arn', async () => {
core.getInput = jest
.fn()
.mockReturnValueOnce('task-definition.json')
.mockReturnValueOnce('web')
.mockReturnValueOnce('nginx:latest')
.mockReturnValueOnce('')
.mockReturnValueOnce('')
.mockReturnValueOnce('')
.mockReturnValueOnce('')
.mockReturnValueOnce('')
.mockReturnValueOnce('')
.mockReturnValueOnce('arn:aws:iam::0123456789:role/task-role');

await run();

expect(tmp.fileSync).toHaveBeenNthCalledWith(1, {
tmpdir: '/home/runner/work/_temp',
prefix: 'task-definition-',
postfix: '.json',
keep: true,
discardDescriptor: true
});

expect(fs.writeFileSync).toHaveBeenNthCalledWith(1, 'new-task-def-file-name',
JSON.stringify({
family: 'task-def-family',
containerDefinitions: [
{
name: "web",
image: "nginx:latest",
environment: [
{
name: "FOO",
value: "bar"
},
{
name: "DONT-TOUCH",
value: "me"
},
{
name: "HELLO",
value: "world"
},
{
name: "EXAMPLE",
value: "here"
}
],
environmentFiles: [
{
value: "arn:aws:s3:::s3_bucket_name/envfile_object_name.env",
type: "s3"
}
],
secrets: [
{
name: "EXISTING_SECRET",
valueFrom: "arn:aws:ssm:region:0123456789:parameter/existingSecret"
},
{
name: "SSM_SECRET",
valueFrom: "arn:aws:ssm:region:0123456789:parameter/secret"
},
{
name: "SM_SECRET",
valueFrom: "arn:aws:secretsmanager:us-east-1:0123456789:secret:secretName"
}
],
logConfiguration: {
logDriver: "awslogs",
options: {
"awslogs-create-group": "true",
"awslogs-group": "/ecs/web",
"awslogs-region": "us-east-1",
"awslogs-stream-prefix": "ecs"
}
},
dockerLabels : {
"key1":"value1",
"key2":"value2"
},
command : ["npm", "start", "--nice", "--please"],
taskRoleArn: "arn:aws:iam::0123456789:role/task-role",
},
{
name: "sidecar",
image: "hello"
}
],
tags: [
{
key: "project",
value: "mytaskdef"
}
]
}, null, 2)
);
});

test('renders a task definition execution role arn', async () => {
core.getInput = jest
.fn()
.mockReturnValueOnce('task-definition.json')
.mockReturnValueOnce('web')
.mockReturnValueOnce('nginx:latest')
.mockReturnValueOnce('')
.mockReturnValueOnce('')
.mockReturnValueOnce('')
.mockReturnValueOnce('')
.mockReturnValueOnce('')
.mockReturnValueOnce('')
.mockReturnValueOnce('')
.mockReturnValueOnce('arn:aws:iam::0123456789:role/execution-role');

await run();

expect(tmp.fileSync).toHaveBeenNthCalledWith(1, {
tmpdir: '/home/runner/work/_temp',
prefix: 'task-definition-',
postfix: '.json',
keep: true,
discardDescriptor: true
});

expect(fs.writeFileSync).toHaveBeenNthCalledWith(1, 'new-task-def-file-name',
JSON.stringify({
family: 'task-def-family',
containerDefinitions: [
{
name: "web",
image: "nginx:latest",
environment: [
{
name: "FOO",
value: "bar"
},
{
name: "DONT-TOUCH",
value: "me"
},
{
name: "HELLO",
value: "world"
},
{
name: "EXAMPLE",
value: "here"
}
],
environmentFiles: [
{
value: "arn:aws:s3:::s3_bucket_name/envfile_object_name.env",
type: "s3"
}
],
secrets: [
{
name: "EXISTING_SECRET",
valueFrom: "arn:aws:ssm:region:0123456789:parameter/existingSecret"
},
{
name: "SSM_SECRET",
valueFrom: "arn:aws:ssm:region:0123456789:parameter/secret"
},
{
name: "SM_SECRET",
valueFrom: "arn:aws:secretsmanager:us-east-1:0123456789:secret:secretName"
}
],
logConfiguration: {
logDriver: "awslogs",
options: {
"awslogs-create-group": "true",
"awslogs-group": "/ecs/web",
"awslogs-region": "us-east-1",
"awslogs-stream-prefix": "ecs"
}
},
dockerLabels : {
"key1":"value1",
"key2":"value2"
},
command : ["npm", "start", "--nice", "--please"],
taskRoleArn: "arn:aws:iam::0123456789:role/task-role",
executionRoleArn: "arn:aws:iam::0123456789:role/execution-role",
},
{
name: "sidecar",
image: "hello"
}
],
tags: [
{
key: "project",
value: "mytaskdef"
}
]
}, null, 2)
);
});
});