This repository contains a GitHub action that allows the user to easily invoke the Gruntwork ECS deploy runner from any repository that requires it. This is heavily based on How to configure a production-grade CI-CD workflow for infrastructure code.
- The following environment variables must be set:
AWS_ACCOUNT_ID
- the AWS account ID where the ECS deploy runner is deployed- Make sure this is enclosed in double quotes as otherwise leading zeros will be trimmed.
ECS_DEPLOY_RUNNER_REGION
- region where the ECS deploy runner is deployed.AWS_ACCESS_KEY_ID
andAWS_SECRET_ACCESS_KEY
- AWS credentials for the machine user that invokes the ECS deploy runner.GITHUB_OAUTH_TOKEN
- GitHub personal auth token that can be used to reach Gruntworks repositories.
- A mandatory input variable
command
that currently accepts the following values to execute these commands via the ECS deploy runner:plan
andplan-all
(Terragrunt)apply
andapply-all
(Terragrunt)docker-image-build
(Docker)
- A mandatory input variable
context
must be set to the path in which thecommand
will be executed.
The action also accepts the following optional inputs:
- Versions of the following Gruntwork tools and modules (defaults can be viewed in
action.yaml
):gruntwork-installer-version
terraform-aws-ci-version
terraform-aws-security-version
- The name of the main branch of the repository can be set via the following option (defaults to
main
):main-branch-name
- The following options apply when using the
docker-image-build
command:- a
build_args
input variable can be used to populate the Docker build time arguments. The variable must be populated similar to how it would work when using thedocker build
command, with each separate argument being prepended with--build-arg
- e.g.build_args: --build-arg ARG1 --build-arg ARG2
. - The
ECR_REPO_REGION
environment variable must be set to determine the AWS region where the ECR repository is hosted.
- a
The action does the following:
- It installs Gruntworks tools via a helper script. A Gruntworks subscription is required for this.
- It uses the Gruntworks
infrastructure-deployer
CLI to invoke either theinfrastructure-deploy-script
orbuild-docker-image
scripts on theterraform-planner
,terraform-applier
, or thedocker-image-builder
containers (depending on thecommand
input) that are provided by default with the ECS Deploy Runner.
Below is an example of a workflow that executes terragrunt plan-all
on a push to any branch, and
executes a terragrunt apply-all
on pushes to main
. It utilizes GitHub Environments
that can be used to more granularly set environment variables, and set up environment protection rules.
on:
push:
branches:
- "**"
env:
AWS_ACCOUNT_ID: 123456789012
AWS_REGION: "us-east-1" # Region where the ECS deploy runner is hosted.
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
GITHUB_OAUTH_TOKEN: ${{ secrets.PAT }} # Personal Access Token that allows access to Gruntworks private repositories
jobs:
plan:
runs-on: ubuntu-latest
steps:
- name: Check out the repo
uses: actions/checkout@v2
- name: Terragrunt plan-all
uses: vytautaskubilius/[email protected]
with:
command: plan-all
context: path/to/terragrunt/config
apply:
needs:
- plan
runs-on: ubuntu-latest
if: github.ref == 'refs/heads/main'
steps:
- name: Check out the code
uses: actions/checkout@v2
- name: Terragrunt plan-all
uses: vytautaskubilius/[email protected]
with:
command: apply-all
context: path/to/terragrunt/config
- Add
ami-builder
support.