Skip to content

Commit

Permalink
Merge pull request #41 from sonikro/major-refactoring
Browse files Browse the repository at this point in the history 
Major refactoring
  • Loading branch information
@sonikro
sonikro authored Oct 25, 2023
2 parents 7e98947 + 8c9191d commit 40839ee
Show file tree
Hide file tree
Showing 39 changed files with 165,872 additions and 1,800 deletions.
3 changes: 2 additions & 1 deletion .devcontainer/devcontainer.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,8 @@
"image": "mcr.microsoft.com/devcontainers/typescript-node:1-18-bullseye",
"features": {
"ghcr.io/devcontainers/features/common-utils:2": {},
"ghcr.io/devcontainers/features/docker-outside-of-docker:1": {}
"ghcr.io/devcontainers/features/docker-outside-of-docker:1": {},
"ghcr.io/devcontainers/features/aws-cli:1": {}
},

// Features to add to the dev container. More info: https://containers.dev/features.
Expand Down
21 changes: 21 additions & 0 deletions .env.example
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
INPUT_TAGS=""
INPUT_CPU="256"
INPUT_ECS_CLUSTER_NAME=""
INPUT_EXECUTION_ROLE_ARN=""
INPUT_IMAGE=""
INPUT_MEMORY="512"
INPUT_POLLING_INTERVAL="2"
INPUT_POST_COMPLETE_LOG_CYCLES="4"
INPUT_REGION="us-east-1"
INPUT_ROLE_ARN=""
INPUT_RUN=""
INPUT_SECURITY_GROUP_ID=""
INPUT_SHELL="sh"
INPUT_SUBNET_IDS=""
INPUT_TASK_ROLE_ARN=""
INPUT_VPC_ID=""
AWS_PROFILE=""
AWS_SDK_LOAD_CONFIG=1
AWS_CONFIG_FILE=<YOUR_HOME_PATH_HERE>/.aws/saml2aws/temp_creds
GITHUB_WORKSPACE=<LOCAL_FOLDER_TO_UPLOAD>
NODE_ENV=development
17 changes: 17 additions & 0 deletions .ghadocs.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
{
"paths": {
"action": "action.yml",
"readme": "README.md"
},
"show_logo": true,
"versioning": {
"enabled": true,
"override": "",
"prefix": "v",
"branch": "main"
},
"owner": "sonikro",
"repo": "aws-run",
"title_prefix": "GitHub Action: ",
"pretty": true
}
1 change: 1 addition & 0 deletions .github/CODEOWNERS
View file
Validating CODEOWNERS rules …
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
* @sonikro
20 changes: 20 additions & 0 deletions .vscode/launch.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
{
// Use IntelliSense to learn about possible attributes.
// Hover to view descriptions of existing attributes.
// For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
"version": "0.2.0",
"configurations": [
{
"name": "Run Locally",
"type": "node",
"request": "launch",
"cwd": "${workspaceRoot}",
"runtimeExecutable": "npm",
"runtimeArgs": [
"run-script",
"start:local"
],
"outputCapture": "std"
}
]
}
6 changes: 6 additions & 0 deletions .vscode/settings.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
{
"editor.codeActionsOnSave": {
"source.fixAll.eslint": true
},
"eslint.validate": ["typescript"]
}
30 changes: 29 additions & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,33 @@

This action allows you to run a script inside of your AWS Account, without having to spin up your own runner. By leveraging the power of ECS Tasks, you can use any docker image, and run any script inside of your Job, as if that script was being executed inside of the runner, however, the script is remotely executed inside of your AWS VPC, which grants your step special access to private resources, such as RDS Databases, Internal Loadbalancers, and much more.

<!-- start inputs -->

| **Input** | **Description** | **Default** | **Required** |
| ------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------ | ------------ |
| **`role_arn`** | Role ARN to be used to create/execute the required infrastructure on AWS | | **true** |
| **`execution_role_arn`** | Role ARN to be used to as execution role for the ECS Task that will run the script. Defaults to ROLE_ARN | | **false** |
| **`task_role_arn`** | Role ARN to be used as Task Role arn for the ECS Task that will run the script. Defaults to ROLE_ARN | | **false** |
| **`memory`** | Amount of memory to be used by the remote ECS Task (Must be a FARGATE Compatible combination. See https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-cpu-memory-error.html) | `512` | **false** |
| **`cpu`** | Amount of vCPU to be used by the remote ECS Task (Must be a FARGATE Compatible combination. See https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-cpu-memory-error.html) | `256` | **false** |
| **`ecs_cluster_name`** | The name of the ECS Cluster where the Tasks will run. It will be automatically created if it doesn't exist | `github-actions-aws-run` | **false** |
| **`image`** | Name of the docker container to be used for the step execution | | **true** |
| **`region`** | AWS Region to execute the operations | `us-east-1` | **true** |
| **`security_group_id`** | Security Group to be used by the ECS Task. If not informed, a temporary security group will be created with access to the internet | | **false** |
| **`run`** | Script that will be executed in the remote environment | | **true** |
| **`shell`** | Name of the shell to be used in the container to execute the run script | | **true** |
| **`subnet_ids`** | Subnet ID of where the Task will be executed. If no subnet_ids is specified, the task will find one automatically within the VPC | | **false** |
| **`vpc_id`** | VPC ID of where the Task will be executed | | **true** |
| **`tags`** | The list of custom tags to be added to all resources created on AWS with. | | **false** |
| **`polling_interval`** | The amount of time (in seconds) between polling cloudwatch logs. | `2` | **false** |
| **`post_complete_log_cycles`** | Number of polling cycles to try getting logs after the ecs task completes. | `4` | **false** |
| **`upload_includes`** | Array of string paths to include while uploading the runner workspace to the ECS Task. Excludes apply before includes. See https://docs.aws.amazon.com/cli/latest/reference/s3/#use-of-exclude-and-include-filters | | **false** |
| **`upload_excludes`** | Array of string paths to exclude while uploading the runner workspace to the ECS Task. Excludes apply before includes. See https://docs.aws.amazon.com/cli/latest/reference/s3/#use-of-exclude-and-include-filters | | **false** |
| **`download_includes`** | Array of string paths to include while downloading the runner workspace from the ECS Task. Excludes apply before includes. See https://docs.aws.amazon.com/cli/latest/reference/s3/#use-of-exclude-and-include-filters | | **false** |
| **`download_excludes`** | Array of string paths to exclude while downloading the runner workspace from the ECS Task. Excludes apply before includes. See https://docs.aws.amazon.com/cli/latest/reference/s3/#use-of-exclude-and-include-filters | | **false** |

<!-- end inputs -->

## Benefits

- Use IaC (such as Terraform) to manipulate resources that are in Private VPCs (such as RDS, Opensearch, etc)
Expand Down Expand Up @@ -246,8 +273,9 @@ In the execution phase, the action will:
- [X] Map all GitHub Contexts/ENVS into the ECS Container
- [X] Ability to upload artifacts back to GitHub (if your remote execution generates artifacts)
- [ ] Find a way to map environment variables from the remote shell, back to the runner (after execution)
- [ ] Change the TearDown step to run as a **post** action on GHA, so take advantages of errors/cancellations
- [X] Change the TearDown step to run as a **post** action on GHA, so take advantages of errors/cancellations
- [ ] Make it compatible with [Windows Containers](https://aws.amazon.com/blogs/containers/running-windows-containers-with-amazon-ecs-on-aws-fargate/)
## Developing the action locally
Expand Down
31 changes: 27 additions & 4 deletions action.yml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
name: 'aws-run'
description: 'Runs a shellscript inside of an AWS VPC'
author: 'Jonathan Nagayoshi'
name: aws-run
description: Runs a remote workload inside of an AWS VPC using ECS Fargate Tasks
author: Jonathan Nagayoshi
inputs:
role_arn:
required: true
Expand Down Expand Up @@ -45,7 +45,30 @@ inputs:
vpc_id:
required: true
description: VPC ID of where the Task will be executed

tags:
required: false
description: A multiline string in the format of KEY=VALUE of custom tags to be added to all resources created on AWS
polling_interval:
required: false
default: 2
description: The amount of time (in seconds) between polling cloudwatch logs.
post_complete_log_cycles:
required: false
default: 4
description: Number of polling cycles to try getting logs after the ecs task completes.
upload_includes:
required: false
description: Array of string paths to include while uploading the runner workspace to the ECS Task. Excludes apply before includes. See https://docs.aws.amazon.com/cli/latest/reference/s3/#use-of-exclude-and-include-filters
upload_excludes:
required: false
description: Array of string paths to exclude while uploading the runner workspace to the ECS Task. Excludes apply before includes. See https://docs.aws.amazon.com/cli/latest/reference/s3/#use-of-exclude-and-include-filters
download_includes:
required: false
description: Array of string paths to include while downloading the runner workspace from the ECS Task. Excludes apply before includes. See https://docs.aws.amazon.com/cli/latest/reference/s3/#use-of-exclude-and-include-filters
download_excludes:
required: false
description: Array of string paths to exclude while downloading the runner workspace from the ECS Task. Excludes apply before includes. See https://docs.aws.amazon.com/cli/latest/reference/s3/#use-of-exclude-and-include-filters
runs:
using: 'node16'
main: 'dist/index.js'
post: 'dist/cleanup/index.js'
Loading

0 comments on commit 40839ee

Please sign in to comment.