Skip to content

Commit 594de73

Browse files
mskripmskrip
committed
feat: Add options to pass task and execution role ARNs
Close aws-actions#183
1 parent a0b65a0 commit 594de73

File tree

3 files changed

+240
-0
lines changed

3 files changed

+240
-0
lines changed

action.yml

+6
Original file line numberDiff line numberDiff line change
@@ -37,6 +37,12 @@ inputs:
3737
command:
3838
description: 'The command used by ECS to start the container image'
3939
required: false
40+
task-role-arn:
41+
description: 'The full Amazon Resource Name (ARN) of the task role to set for the task definition'
42+
required: false
43+
execution-role-arn:
44+
description: 'The full Amazon Resource Name (ARN) of the execution role to set for the task definition'
45+
required: false
4046
env-files:
4147
description: 'S3 object arns to set env variables onto the container. You can specify multiple files with multi-line YAML strings.'
4248
required: false

index.js

+10
Original file line numberDiff line numberDiff line change
@@ -45,6 +45,8 @@ async function run() {
4545
const logConfigurationOptions = core.getInput("log-configuration-options", { required: false });
4646
const dockerLabels = core.getInput('docker-labels', { required: false });
4747
const command = core.getInput('command', { required: false });
48+
const taskRoleArn = core.getInput('task-role-arn', { required: false });
49+
const executionRoleArn = core.getInput('execution-role-arn', { required: false });
4850

4951
//New inputs to fetch task definition
5052
const taskDefinitionArn = core.getInput('task-definition-arn', { required: false }) || undefined;
@@ -113,6 +115,14 @@ async function run() {
113115
containerDef.command = command.split(' ')
114116
}
115117

118+
if (taskRoleArn) {
119+
containerDef.taskRoleArn = taskRoleArn;
120+
}
121+
122+
if (executionRoleArn) {
123+
containerDef.executionRoleArn = executionRoleArn;
124+
}
125+
116126
if (envFiles) {
117127
containerDef.environmentFiles = [];
118128
envFiles.split('\n').forEach(function (line) {

index.test.js

+224
Original file line numberDiff line numberDiff line change
@@ -47,6 +47,8 @@ describe('Render task definition', () => {
4747
.mockReturnValueOnce('') // log Configuration Options
4848
.mockReturnValueOnce('') // docker labels
4949
.mockReturnValueOnce('') // command
50+
.mockReturnValueOnce('') // task role arn
51+
.mockReturnValueOnce('') // execution role arn
5052
.mockReturnValueOnce('') // task-definition arn
5153
.mockReturnValueOnce('') // task-definition family
5254
.mockReturnValueOnce('') // task-definition revision
@@ -263,6 +265,8 @@ describe('Render task definition', () => {
263265
.mockReturnValueOnce('') // log Configuration Options
264266
.mockReturnValueOnce('') // docker labels
265267
.mockReturnValueOnce('') // command
268+
.mockReturnValueOnce('') // task role arn
269+
.mockReturnValueOnce('') // execution role arn
266270
.mockReturnValueOnce('') // task-definition arn
267271
.mockReturnValueOnce('') // task-definition family
268272
.mockReturnValueOnce('') // task-definition revision
@@ -477,6 +481,8 @@ describe('Render task definition', () => {
477481
.mockReturnValueOnce('')
478482
.mockReturnValueOnce('')
479483
.mockReturnValueOnce('')
484+
.mockReturnValueOnce('')
485+
.mockReturnValueOnce('')
480486
.mockReturnValueOnce('SECRET');
481487
await run();
482488

@@ -523,6 +529,8 @@ describe('Render task definition', () => {
523529
.mockReturnValueOnce('') // log Configuration Options
524530
.mockReturnValueOnce('') // Docker Labels
525531
.mockReturnValueOnce('') // Command Options
532+
.mockReturnValueOnce('') // task role arn
533+
.mockReturnValueOnce('') // execution role arn
526534
.mockReturnValueOnce('task-definition-arn') // task definition arn
527535
.mockReturnValueOnce('task-definition-family') // task definition family
528536
.mockReturnValueOnce(0); // task definition revision
@@ -544,6 +552,8 @@ describe('Render task definition', () => {
544552
.mockReturnValueOnce('') // log Configuration Options
545553
.mockReturnValueOnce('') // Docker Labels
546554
.mockReturnValueOnce('') // Command Options
555+
.mockReturnValueOnce('') // task role arn
556+
.mockReturnValueOnce('') // execution role arn
547557
.mockReturnValueOnce('') // task definition arn
548558
.mockReturnValueOnce("task-definition-family") // task definition family
549559
.mockReturnValueOnce(10); // task definition revision
@@ -569,6 +579,8 @@ describe('Render task definition', () => {
569579
.mockReturnValueOnce('') // log Configuration Options
570580
.mockReturnValueOnce('') // Docker Labels
571581
.mockReturnValueOnce('') // Command Options
582+
.mockReturnValueOnce('') // task role arn
583+
.mockReturnValueOnce('') // execution role arn
572584
.mockReturnValueOnce('') // task definition arn
573585
.mockReturnValueOnce("task-definition-family") // task definition family
574586
.mockReturnValueOnce(0); // task definition revision
@@ -595,6 +607,8 @@ describe('Render task definition', () => {
595607
.mockReturnValueOnce('') // log Configuration Options
596608
.mockReturnValueOnce('') // Docker Labels
597609
.mockReturnValueOnce('') // Command Options
610+
.mockReturnValueOnce('') // task role arn
611+
.mockReturnValueOnce('') // execution role arn
598612
.mockReturnValueOnce('task-definition-arn') // task definition arn
599613
.mockReturnValueOnce('') // task definition family
600614
.mockReturnValueOnce(0); // task definition revision
@@ -621,6 +635,8 @@ describe('Render task definition', () => {
621635
.mockReturnValueOnce('') // log Configuration Options
622636
.mockReturnValueOnce('') // Docker Labels
623637
.mockReturnValueOnce('') // Command Options
638+
.mockReturnValueOnce('') // task role arn
639+
.mockReturnValueOnce('') // execution role arn
624640
.mockReturnValueOnce('task-definition-arn') // task definition arn
625641
.mockReturnValueOnce('') // task definition family
626642
.mockReturnValueOnce(0); //task definition revision
@@ -644,6 +660,8 @@ describe('Render task definition', () => {
644660
.mockReturnValueOnce('') // log Configuration Options
645661
.mockReturnValueOnce('') // Docker Labels
646662
.mockReturnValueOnce('') // Command Options
663+
.mockReturnValueOnce('') // task role arn
664+
.mockReturnValueOnce('') // execution role arn
647665
.mockReturnValueOnce('task-definition-arn') //task definition arn
648666
.mockReturnValueOnce('task-definition-family') //task definition family
649667
.mockReturnValueOnce(10); //task definition revision
@@ -667,6 +685,8 @@ describe('Render task definition', () => {
667685
.mockReturnValueOnce('') // log Configuration Options
668686
.mockReturnValueOnce('') // Docker Labels
669687
.mockReturnValueOnce('') // Command Options
688+
.mockReturnValueOnce('') // task role arn
689+
.mockReturnValueOnce('') // execution role arn
670690
.mockReturnValueOnce('task-definition-arn') // task definition arn
671691
.mockReturnValueOnce('task-definition-family') // task definition family
672692
.mockReturnValueOnce(0); // task definition revision
@@ -692,6 +712,8 @@ describe('Render task definition', () => {
692712
.mockReturnValueOnce('') // log Configuration Options
693713
.mockReturnValueOnce('') // Docker Labels
694714
.mockReturnValueOnce('') // Command Options
715+
.mockReturnValueOnce('') // task role arn
716+
.mockReturnValueOnce('') // execution role arn
695717
.mockReturnValueOnce('') // task definition arn
696718
.mockReturnValueOnce('') // task definition family
697719
.mockReturnValueOnce(10); // task definition revision
@@ -978,4 +1000,206 @@ describe('Render task definition', () => {
9781000
}, null, 2)
9791001
);
9801002
});
1003+
1004+
test('renders a task definition task role arn', async () => {
1005+
core.getInput = jest
1006+
.fn()
1007+
.mockReturnValueOnce('task-definition.json')
1008+
.mockReturnValueOnce('web')
1009+
.mockReturnValueOnce('nginx:latest')
1010+
.mockReturnValueOnce('')
1011+
.mockReturnValueOnce('')
1012+
.mockReturnValueOnce('')
1013+
.mockReturnValueOnce('')
1014+
.mockReturnValueOnce('')
1015+
.mockReturnValueOnce('')
1016+
.mockReturnValueOnce('arn:aws:iam::0123456789:role/task-role');
1017+
1018+
await run();
1019+
1020+
expect(tmp.fileSync).toHaveBeenNthCalledWith(1, {
1021+
tmpdir: '/home/runner/work/_temp',
1022+
prefix: 'task-definition-',
1023+
postfix: '.json',
1024+
keep: true,
1025+
discardDescriptor: true
1026+
});
1027+
1028+
expect(fs.writeFileSync).toHaveBeenNthCalledWith(1, 'new-task-def-file-name',
1029+
JSON.stringify({
1030+
family: 'task-def-family',
1031+
containerDefinitions: [
1032+
{
1033+
name: "web",
1034+
image: "nginx:latest",
1035+
environment: [
1036+
{
1037+
name: "FOO",
1038+
value: "bar"
1039+
},
1040+
{
1041+
name: "DONT-TOUCH",
1042+
value: "me"
1043+
},
1044+
{
1045+
name: "HELLO",
1046+
value: "world"
1047+
},
1048+
{
1049+
name: "EXAMPLE",
1050+
value: "here"
1051+
}
1052+
],
1053+
environmentFiles: [
1054+
{
1055+
value: "arn:aws:s3:::s3_bucket_name/envfile_object_name.env",
1056+
type: "s3"
1057+
}
1058+
],
1059+
secrets: [
1060+
{
1061+
name: "EXISTING_SECRET",
1062+
valueFrom: "arn:aws:ssm:region:0123456789:parameter/existingSecret"
1063+
},
1064+
{
1065+
name: "SSM_SECRET",
1066+
valueFrom: "arn:aws:ssm:region:0123456789:parameter/secret"
1067+
},
1068+
{
1069+
name: "SM_SECRET",
1070+
valueFrom: "arn:aws:secretsmanager:us-east-1:0123456789:secret:secretName"
1071+
}
1072+
],
1073+
logConfiguration: {
1074+
logDriver: "awslogs",
1075+
options: {
1076+
"awslogs-create-group": "true",
1077+
"awslogs-group": "/ecs/web",
1078+
"awslogs-region": "us-east-1",
1079+
"awslogs-stream-prefix": "ecs"
1080+
}
1081+
},
1082+
dockerLabels : {
1083+
"key1":"value1",
1084+
"key2":"value2"
1085+
},
1086+
command : ["npm", "start", "--nice", "--please"],
1087+
taskRoleArn: "arn:aws:iam::0123456789:role/task-role",
1088+
},
1089+
{
1090+
name: "sidecar",
1091+
image: "hello"
1092+
}
1093+
],
1094+
tags: [
1095+
{
1096+
key: "project",
1097+
value: "mytaskdef"
1098+
}
1099+
]
1100+
}, null, 2)
1101+
);
1102+
});
1103+
1104+
test('renders a task definition execution role arn', async () => {
1105+
core.getInput = jest
1106+
.fn()
1107+
.mockReturnValueOnce('task-definition.json')
1108+
.mockReturnValueOnce('web')
1109+
.mockReturnValueOnce('nginx:latest')
1110+
.mockReturnValueOnce('')
1111+
.mockReturnValueOnce('')
1112+
.mockReturnValueOnce('')
1113+
.mockReturnValueOnce('')
1114+
.mockReturnValueOnce('')
1115+
.mockReturnValueOnce('')
1116+
.mockReturnValueOnce('')
1117+
.mockReturnValueOnce('arn:aws:iam::0123456789:role/execution-role');
1118+
1119+
await run();
1120+
1121+
expect(tmp.fileSync).toHaveBeenNthCalledWith(1, {
1122+
tmpdir: '/home/runner/work/_temp',
1123+
prefix: 'task-definition-',
1124+
postfix: '.json',
1125+
keep: true,
1126+
discardDescriptor: true
1127+
});
1128+
1129+
expect(fs.writeFileSync).toHaveBeenNthCalledWith(1, 'new-task-def-file-name',
1130+
JSON.stringify({
1131+
family: 'task-def-family',
1132+
containerDefinitions: [
1133+
{
1134+
name: "web",
1135+
image: "nginx:latest",
1136+
environment: [
1137+
{
1138+
name: "FOO",
1139+
value: "bar"
1140+
},
1141+
{
1142+
name: "DONT-TOUCH",
1143+
value: "me"
1144+
},
1145+
{
1146+
name: "HELLO",
1147+
value: "world"
1148+
},
1149+
{
1150+
name: "EXAMPLE",
1151+
value: "here"
1152+
}
1153+
],
1154+
environmentFiles: [
1155+
{
1156+
value: "arn:aws:s3:::s3_bucket_name/envfile_object_name.env",
1157+
type: "s3"
1158+
}
1159+
],
1160+
secrets: [
1161+
{
1162+
name: "EXISTING_SECRET",
1163+
valueFrom: "arn:aws:ssm:region:0123456789:parameter/existingSecret"
1164+
},
1165+
{
1166+
name: "SSM_SECRET",
1167+
valueFrom: "arn:aws:ssm:region:0123456789:parameter/secret"
1168+
},
1169+
{
1170+
name: "SM_SECRET",
1171+
valueFrom: "arn:aws:secretsmanager:us-east-1:0123456789:secret:secretName"
1172+
}
1173+
],
1174+
logConfiguration: {
1175+
logDriver: "awslogs",
1176+
options: {
1177+
"awslogs-create-group": "true",
1178+
"awslogs-group": "/ecs/web",
1179+
"awslogs-region": "us-east-1",
1180+
"awslogs-stream-prefix": "ecs"
1181+
}
1182+
},
1183+
dockerLabels : {
1184+
"key1":"value1",
1185+
"key2":"value2"
1186+
},
1187+
command : ["npm", "start", "--nice", "--please"],
1188+
taskRoleArn: "arn:aws:iam::0123456789:role/task-role",
1189+
executionRoleArn: "arn:aws:iam::0123456789:role/execution-role",
1190+
},
1191+
{
1192+
name: "sidecar",
1193+
image: "hello"
1194+
}
1195+
],
1196+
tags: [
1197+
{
1198+
key: "project",
1199+
value: "mytaskdef"
1200+
}
1201+
]
1202+
}, null, 2)
1203+
);
1204+
});
9811205
});

0 commit comments

Comments
 (0)