Skip to content

Commit

Permalink
Adds action for tagging ecs resources (#20)
Browse files Browse the repository at this point in the history
  • Loading branch information
mike-carey authored Feb 21, 2023
1 parent bcdb996 commit d2bea9c
Show file tree
Hide file tree
Showing 7 changed files with 258 additions and 0 deletions.
58 changes: 58 additions & 0 deletions .github/actions/test-tag-ecs-resource/action.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,58 @@
---

name: 'Test tag-ecs-resource action'
description: 'Runs validation against the tag-ecs-resource action'

inputs:
aws-account-id:
description: 'The AWS Account id'
required: true

runs:
using: 'composite'
steps:
- name: 'Setup brew'
uses: Homebrew/actions/setup-homebrew@master

- name: 'Install BATS'
shell: bash
run: brew install bats-core

- name: 'Checkout'
uses: actions/checkout@v3

- name: 'Use local actions'
uses: ./.github/actions/use-local-actions

- name: 'Configure AWS Credentials'
uses: aws-actions/configure-aws-credentials@v1-node16
with:
aws-region: 'us-east-1'
role-to-assume: arn:aws:iam::${{ inputs.aws-account-id }}:role/github-actions-tests

- name: 'Rewrite task definition file'
shell: bash
run: |
sed -i.bak 's/{{ tag }}/${{ github.sha }}/g' '${{ github.action_path }}/task-definition.yml'
sed -i.bak 's/{{ account_id }}/${{ inputs.aws-account-id }}/g' '${{ github.action_path }}/task-definition.yml'
- name: 'Publish a new revision of the task definition'
id: new-revision
uses: aws-actions/amazon-ecs-deploy-task-definition@v1
with:
task-definition: ${{ github.action_path }}/task-definition.yml

- name: 'Run tag-ecs-resource action'
uses: ./actions/tag-ecs-resource
with:
resource-arn: ${{ steps.new-revision.outputs.task-definition-arn }}
tags: |
version=${{ github.sha }}
test=yes
- name: 'Validate'
shell: bash
run: bats --verbose-run -r ${{ github.action_path }}/tag-ecs-resource.bats
env:
VERSION: ${{ github.sha }}
RESOURCE_ARN: ${{ steps.new-revision.outputs.task-definition-arn }}
21 changes: 21 additions & 0 deletions .github/actions/test-tag-ecs-resource/tag-ecs-resource.bats
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
#!/usr/bin/env bats

function setup() {
:
}

function teardown() {
:
}

@test "it should have tagged the version" {
run aws ecs describe-task-definition \
--task-definition "$RESOURCE_ARN" \
--no-cli-pager \
--output text \
--include TAGS \
--query 'tags[?key==`version`].value'

[ "$status" -eq 0 ]
[ "$output" = "$VERSION" ]
}
30 changes: 30 additions & 0 deletions .github/actions/test-tag-ecs-resource/task-definition.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
---

family: github-actions-tests
taskRoleArn: arn:aws:iam::{{ account_id }}:role/github-actions-tests-task
executionRoleArn: arn:aws:iam::{{ account_id }}:role/github-actions-tests-execution
networkMode: awsvpc
cpu: '256'
memory: '1024'
containerDefinitions:
- name: github-actions-tests
image: alpine:latest
command: [tail, -f, /dev/null]
essential: true
logConfiguration:
logDriver: awslogs
options:
awslogs-group: github-actions-tests
awslogs-region: us-east-1
awslogs-stream-prefix: github-actions-tests
environment:
- name: APPLICATION
value: github-actions-tests
- name: APP_VERSION
value: '{{ tag }}'
dockerLabels:
application: github-actions-tests
version: '{{ tag }}'
requiresCompatibilities:
- EC2
- FARGATE
30 changes: 30 additions & 0 deletions .github/workflows/test-tag-ecs-resource.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
---

name: 'Run tag-ecs-resource action'

on:
pull_request:
paths:
- actions/tag-ecs-resource/*
- .github/actions/test-tag-ecs-resource/*

permissions:
id-token: write
contents: read

defaults:
run:
shell: bash

jobs:
test-tag-ecs-resource-action:
name: 'Uses the tag-ecs-resource action'
runs-on: ubuntu-latest
steps:
- name: 'Checkout actions'
uses: actions/checkout@v3

- name: 'Test tag-ecs-resource action'
uses: ./.github/actions/test-tag-ecs-resource
with:
aws-account-id: ${{ secrets.AWS_ACCOUNT_ID }}
28 changes: 28 additions & 0 deletions actions/tag-ecs-resource/action.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
---

name: 'Tag ECS resource'
description: 'Tags an ECS resource'

inputs:
resource-arn:
description: 'The ARN of the resource to tag'
required: true

tags:
description: |
Key value pairs to attach to the resource.
Example:
tags: |
version=v1
owner=carl
default: ''

runs:
using: 'composite'
steps:
- name: 'Tag resource'
run: ${{ github.action_path }}/tag-resource.sh "${{ inputs.resource-arn }}"
shell: bash
env:
TAGS: ${{ inputs.tags }}
49 changes: 49 additions & 0 deletions actions/tag-ecs-resource/tag-resource.bats
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
#!/usr/bin/env bats

load tag-resource.sh

function setup() {
export AWS_CMD_FILE="$BATS_TEST_TMPDIR/aws.cmd"
export -f aws

export RESOURCE_ARN=my-resource-arn
export TAGS='Foo=bar
team=my-team
owner=anonymous
'
}

function teardown() {
rm -f "$AWS_CMD_FILE"
}

function aws() {
echo "$*" >> "$AWS_CMD_FILE"
}

@test "it should error out if no resource arn is provided" {
run tag-resource

[ "$status" -ne 0 ]
}

@test "it should tag the resource" {
run tag-resource "$RESOURCE_ARN"

cat "$AWS_CMD_FILE"

[ "$status" -eq 0 ]
[ -f "$AWS_CMD_FILE" ]
[[ "$(< "$AWS_CMD_FILE")" =~ "ecs tag-resource --resource my-resource-arn --tags key=Foo,value=bar".* ]]
[[ "$(< "$AWS_CMD_FILE")" =~ .*"ecs tag-resource --resource my-resource-arn --tags key=team,value=my-team".* ]]
[[ "$(< "$AWS_CMD_FILE")" =~ .*"ecs tag-resource --resource my-resource-arn --tags key=owner,value=anonymous" ]]
}

@test "it should do nothing with no tags" {
export TAGS=''

run tag-resource "$RESOURCE_ARN"

[ "$status" -eq 0 ]
! [ -f "$AWS_CMD_FILE" ]
}
42 changes: 42 additions & 0 deletions actions/tag-ecs-resource/tag-resource.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
#!/usr/bin/env bash

function tag-resource() {
set -eo pipefail

local resource_arn="${1:-}"
[ -n "$resource_arn" ] || {
echo "[ERROR] Resource arn not provided" >&2
return 1
}

[ -n "${TAGS:-}" ] || {
echo "[INFO ] No tags provided" >&2
return 0
}

# Split up tags in put them in the format desired
# Input: key=value
# Output: key=$key,value=$value
while IFS= read -r tag_var; do
# Remove blank space around the string
tag_var="$(echo "${tag_var?}" | xargs)"
key="${tag_var%=*}"
val="${tag_var#*=}"

[ -n "${tag_var?}" ] || continue

tag="key=$key,value=$val"

echo "[INFO ] Setting the $key tag" >&2
aws ecs tag-resource \
--resource "$resource_arn" \
--tags "$tag"
done <<<"$TAGS"
}

if [ "${BASH_SOURCE[0]}" = "$0" ]; then
set -u

tag-resource "${@:-}"
exit $?
fi

0 comments on commit d2bea9c

Please sign in to comment.