-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Adds action for tagging ecs resources (#20)
- Loading branch information
1 parent
bcdb996
commit d2bea9c
Showing
7 changed files
with
258 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,58 @@ | ||
--- | ||
|
||
name: 'Test tag-ecs-resource action' | ||
description: 'Runs validation against the tag-ecs-resource action' | ||
|
||
inputs: | ||
aws-account-id: | ||
description: 'The AWS Account id' | ||
required: true | ||
|
||
runs: | ||
using: 'composite' | ||
steps: | ||
- name: 'Setup brew' | ||
uses: Homebrew/actions/setup-homebrew@master | ||
|
||
- name: 'Install BATS' | ||
shell: bash | ||
run: brew install bats-core | ||
|
||
- name: 'Checkout' | ||
uses: actions/checkout@v3 | ||
|
||
- name: 'Use local actions' | ||
uses: ./.github/actions/use-local-actions | ||
|
||
- name: 'Configure AWS Credentials' | ||
uses: aws-actions/configure-aws-credentials@v1-node16 | ||
with: | ||
aws-region: 'us-east-1' | ||
role-to-assume: arn:aws:iam::${{ inputs.aws-account-id }}:role/github-actions-tests | ||
|
||
- name: 'Rewrite task definition file' | ||
shell: bash | ||
run: | | ||
sed -i.bak 's/{{ tag }}/${{ github.sha }}/g' '${{ github.action_path }}/task-definition.yml' | ||
sed -i.bak 's/{{ account_id }}/${{ inputs.aws-account-id }}/g' '${{ github.action_path }}/task-definition.yml' | ||
- name: 'Publish a new revision of the task definition' | ||
id: new-revision | ||
uses: aws-actions/amazon-ecs-deploy-task-definition@v1 | ||
with: | ||
task-definition: ${{ github.action_path }}/task-definition.yml | ||
|
||
- name: 'Run tag-ecs-resource action' | ||
uses: ./actions/tag-ecs-resource | ||
with: | ||
resource-arn: ${{ steps.new-revision.outputs.task-definition-arn }} | ||
tags: | | ||
version=${{ github.sha }} | ||
test=yes | ||
- name: 'Validate' | ||
shell: bash | ||
run: bats --verbose-run -r ${{ github.action_path }}/tag-ecs-resource.bats | ||
env: | ||
VERSION: ${{ github.sha }} | ||
RESOURCE_ARN: ${{ steps.new-revision.outputs.task-definition-arn }} |
21 changes: 21 additions & 0 deletions
21
.github/actions/test-tag-ecs-resource/tag-ecs-resource.bats
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
#!/usr/bin/env bats | ||
|
||
function setup() { | ||
: | ||
} | ||
|
||
function teardown() { | ||
: | ||
} | ||
|
||
@test "it should have tagged the version" { | ||
run aws ecs describe-task-definition \ | ||
--task-definition "$RESOURCE_ARN" \ | ||
--no-cli-pager \ | ||
--output text \ | ||
--include TAGS \ | ||
--query 'tags[?key==`version`].value' | ||
|
||
[ "$status" -eq 0 ] | ||
[ "$output" = "$VERSION" ] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
--- | ||
|
||
family: github-actions-tests | ||
taskRoleArn: arn:aws:iam::{{ account_id }}:role/github-actions-tests-task | ||
executionRoleArn: arn:aws:iam::{{ account_id }}:role/github-actions-tests-execution | ||
networkMode: awsvpc | ||
cpu: '256' | ||
memory: '1024' | ||
containerDefinitions: | ||
- name: github-actions-tests | ||
image: alpine:latest | ||
command: [tail, -f, /dev/null] | ||
essential: true | ||
logConfiguration: | ||
logDriver: awslogs | ||
options: | ||
awslogs-group: github-actions-tests | ||
awslogs-region: us-east-1 | ||
awslogs-stream-prefix: github-actions-tests | ||
environment: | ||
- name: APPLICATION | ||
value: github-actions-tests | ||
- name: APP_VERSION | ||
value: '{{ tag }}' | ||
dockerLabels: | ||
application: github-actions-tests | ||
version: '{{ tag }}' | ||
requiresCompatibilities: | ||
- EC2 | ||
- FARGATE |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
--- | ||
|
||
name: 'Run tag-ecs-resource action' | ||
|
||
on: | ||
pull_request: | ||
paths: | ||
- actions/tag-ecs-resource/* | ||
- .github/actions/test-tag-ecs-resource/* | ||
|
||
permissions: | ||
id-token: write | ||
contents: read | ||
|
||
defaults: | ||
run: | ||
shell: bash | ||
|
||
jobs: | ||
test-tag-ecs-resource-action: | ||
name: 'Uses the tag-ecs-resource action' | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: 'Checkout actions' | ||
uses: actions/checkout@v3 | ||
|
||
- name: 'Test tag-ecs-resource action' | ||
uses: ./.github/actions/test-tag-ecs-resource | ||
with: | ||
aws-account-id: ${{ secrets.AWS_ACCOUNT_ID }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
--- | ||
|
||
name: 'Tag ECS resource' | ||
description: 'Tags an ECS resource' | ||
|
||
inputs: | ||
resource-arn: | ||
description: 'The ARN of the resource to tag' | ||
required: true | ||
|
||
tags: | ||
description: | | ||
Key value pairs to attach to the resource. | ||
Example: | ||
tags: | | ||
version=v1 | ||
owner=carl | ||
default: '' | ||
|
||
runs: | ||
using: 'composite' | ||
steps: | ||
- name: 'Tag resource' | ||
run: ${{ github.action_path }}/tag-resource.sh "${{ inputs.resource-arn }}" | ||
shell: bash | ||
env: | ||
TAGS: ${{ inputs.tags }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,49 @@ | ||
#!/usr/bin/env bats | ||
|
||
load tag-resource.sh | ||
|
||
function setup() { | ||
export AWS_CMD_FILE="$BATS_TEST_TMPDIR/aws.cmd" | ||
export -f aws | ||
|
||
export RESOURCE_ARN=my-resource-arn | ||
export TAGS='Foo=bar | ||
team=my-team | ||
owner=anonymous | ||
' | ||
} | ||
|
||
function teardown() { | ||
rm -f "$AWS_CMD_FILE" | ||
} | ||
|
||
function aws() { | ||
echo "$*" >> "$AWS_CMD_FILE" | ||
} | ||
|
||
@test "it should error out if no resource arn is provided" { | ||
run tag-resource | ||
|
||
[ "$status" -ne 0 ] | ||
} | ||
|
||
@test "it should tag the resource" { | ||
run tag-resource "$RESOURCE_ARN" | ||
|
||
cat "$AWS_CMD_FILE" | ||
|
||
[ "$status" -eq 0 ] | ||
[ -f "$AWS_CMD_FILE" ] | ||
[[ "$(< "$AWS_CMD_FILE")" =~ "ecs tag-resource --resource my-resource-arn --tags key=Foo,value=bar".* ]] | ||
[[ "$(< "$AWS_CMD_FILE")" =~ .*"ecs tag-resource --resource my-resource-arn --tags key=team,value=my-team".* ]] | ||
[[ "$(< "$AWS_CMD_FILE")" =~ .*"ecs tag-resource --resource my-resource-arn --tags key=owner,value=anonymous" ]] | ||
} | ||
|
||
@test "it should do nothing with no tags" { | ||
export TAGS='' | ||
|
||
run tag-resource "$RESOURCE_ARN" | ||
|
||
[ "$status" -eq 0 ] | ||
! [ -f "$AWS_CMD_FILE" ] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
#!/usr/bin/env bash | ||
|
||
function tag-resource() { | ||
set -eo pipefail | ||
|
||
local resource_arn="${1:-}" | ||
[ -n "$resource_arn" ] || { | ||
echo "[ERROR] Resource arn not provided" >&2 | ||
return 1 | ||
} | ||
|
||
[ -n "${TAGS:-}" ] || { | ||
echo "[INFO ] No tags provided" >&2 | ||
return 0 | ||
} | ||
|
||
# Split up tags in put them in the format desired | ||
# Input: key=value | ||
# Output: key=$key,value=$value | ||
while IFS= read -r tag_var; do | ||
# Remove blank space around the string | ||
tag_var="$(echo "${tag_var?}" | xargs)" | ||
key="${tag_var%=*}" | ||
val="${tag_var#*=}" | ||
|
||
[ -n "${tag_var?}" ] || continue | ||
|
||
tag="key=$key,value=$val" | ||
|
||
echo "[INFO ] Setting the $key tag" >&2 | ||
aws ecs tag-resource \ | ||
--resource "$resource_arn" \ | ||
--tags "$tag" | ||
done <<<"$TAGS" | ||
} | ||
|
||
if [ "${BASH_SOURCE[0]}" = "$0" ]; then | ||
set -u | ||
|
||
tag-resource "${@:-}" | ||
exit $? | ||
fi |