Launch tools container #29

Workflow file for this run

.github/workflows/launch-tools.yaml at 23d28c1

	name: Launch tools container

	on:
	workflow_dispatch:
	inputs:
	environment:
	description: Environment to destroy.
	default: development
	required: true
	type: environment
	command:
	description: \|
	Command to run in the tools container in the CMD format: executable,
	param1, param2, ...
	default: "echo,hello world"
	required: true
	type: string

	permissions:
	contents: read
	id-token: write

	jobs:
	launch:
	name: Launch tools container in ${{ inputs.environment }}
	runs-on: ubuntu-latest
	environment: ${{ inputs.environment }}
	env:
	# Set required variables.
	TF_VAR_repo_oidc_arn: ${{ secrets.TF_VAR_REPO_OIDC_ARN }}
	TF_VAR_vpc_cidr: ${{ secrets.TF_VAR_VPC_CIDR }}
	TF_VAR_vpc_private_subnet_cidrs: ${{ secrets.TF_VAR_VPC_PRIVATE_SUBNET_CIDRS }}
	TF_VAR_vpc_public_subnet_cidrs: ${{ secrets.TF_VAR_VPC_PUBLIC_SUBNET_CIDRS }}
	steps:
	- name: Checkout code
	uses: actions/checkout@v4
	- name: Set up AWS credentials
	uses: aws-actions/configure-aws-credentials@v4
	with:
	aws-region: ${{ secrets.AWS_REGION \|\| 'us-west-1' }}
	role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
	role-session-name: GitHub_to_AWS_via_FederatedOIDC
	- name: Setup OpenTofu
	uses: opentofu/setup-opentofu@v1
	with:
	tofu_wrapper: false
	- name: Display OpenTofu version
	run: tofu version
	- name: Set optional variables
	env:
	# For any of these that have a value, the corresponding TF_VAR_*
	# environment variable will be set.
	APPLY_DATABASE_UPDATES_IMMEDIATELY: ${{ secrets.TF_VAR_APPLY_DATABASE_UPDATES_IMMEDIATELY }}
	TF_VAR_CONSUMER_CONTAINER_COUNT: ${{ secrets.TF_VAR_CONSUMER_CONTAINER_COUNT }}
	CONSUMER_CPU: ${{ secrets.TF_VAR_CONSUMER_CPU }}
	CONSUMER_MEMORY: ${{ secrets.TF_VAR_CONSUMER_MEMORY }}
	DATABASE_SKIP_FINAL_SNAPSHOT: ${{ secrets.TF_VAR_DATABASE_SKIP_FINAL_SNAPSHOT }}
	DELETION_PROTECTION: ${{ secrets.TF_VAR_DELETION_PROTECTION }}
	DEPLOYMENT_ENVIRONMENTS: ${{ secrets.TF_VAR_DEPLOYMENT_ENVIRONMENTS }}
	ENVIRONMENT: ${{ secrets.TF_VAR_ENVIRONMENT }}
	EXPORT_EXPIRATION: ${{ secrets.TF_VAR_EXPORT_EXPIRATION }}
	IMAGE_TAGS_MUTABLE: ${{ secrets.TF_VAR_IMAGE_TAGS_MUTABLE }}
	KEY_RECOVERY_PERIOD: ${{ secrets.TF_VAR_KEY_RECOVERY_PERIOD }}
	PROGRAM: ${{ secrets.TF_VAR_PROGRAM }}
	PROJECT: ${{ secrets.TF_VAR_PROJECT }}
	REPOSITORY: ${{ secrets.TF_VAR_REPOSITORY }}
	run: \|
	variables=(
	"apply_database_updates_immediately" "consumer_container_count"
	"consumer_cpu" "consumer_memory" "database_skip_final_snapshot"
	"deletion_protection" "deployment_environments" "environment"
	"export_expiration" "image_tags_mutable" "key_recovery_period"
	"program" "project" "repository"
	)
	for var in ${variables[@]}; do
	name="$(echo $var \| tr '[:lower:]' '[:upper:]')"
	if [ -n "${!name}" ]; then
	echo "Setting TF_VAR_$var"
	echo "TF_VAR_$var=${!name}" >> $GITHUB_ENV
	else
	echo "$name is not set"
	fi
	done
	- name: Initialize OpenTofu
	working-directory: ./tofu/config/service
	run: tofu init
	- name: Get OpenTofu outputs
	id: outputs
	working-directory: ./tofu/config/service
	run: \|
	OUTPUTS=$(tofu output -json \| jq -c)
	echo "OUTPUTS=$OUTPUTS"
	echo "outputs=$OUTPUTS" >> $GITHUB_OUTPUT
	- name: Parse subnets
	id: subnets
	env:
	SUBNETS: ${{ toJson(fromJson(steps.outputs.outputs.outputs).container_subnets.value) }}
	run: \|
	SUBNET_STRING=$(echo "$SUBNETS" \| jq -r '.[]')
	echo "subnets<<EOF" >> $GITHUB_OUTPUT
	echo "$SUBNET_STRING" >> $GITHUB_OUTPUT
	echo "EOF" >> $GITHUB_OUTPUT
	- name: Parse command
	id: command
	env:
	COMMAND: ${{ inputs.command }}
	run: \|
	IFS=',' read -ra parts <<< "$COMMAND"
	COMMAND_STRING=$(printf "%s\n" "${parts[@]}")
	echo "command<<EOF" >> $GITHUB_OUTPUT
	echo "$COMMAND_STRING" >> $GITHUB_OUTPUT
	echo "EOF" >> $GITHUB_OUTPUT
	# - name: Show outputs
	# run: echo "${{ steps.command.outputs.command }}"
	- name: Launch container
	id: run-task
	uses: geekcell/github-action-aws-ecs-run-task@v5
	with:
	cluster: ${{ secrets.TF_VAR_PROJECT }}-${{ secrets.TF_VAR_ENVIRONMENT }}
	task-definition: ${{ secrets.TF_VAR_PROJECT }}-${{ secrets.TF_VAR_ENVIRONMENT }}-tools
	override-container: ${{ secrets.TF_VAR_PROJECT }}-${{ secrets.TF_VAR_ENVIRONMENT }}-tools
	assign-public-ip: DISABLED
	tail-logs: true
	task-wait-until-stopped: true
	# The block style indicator (\|) is necessary to tell YAML to preserve
	# newlines.
	override-container-command: \|
	${{ steps.command.outputs.command }}
	subnet-ids: \|
	${{ steps.subnets.outputs.subnets }}
	security-group-ids: \|
	${{ fromJson(steps.outputs.outputs.outputs).task_security_group_id.value }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Launch tools container #29

Workflow file

Launch tools container #29

Uh oh!

Jobs

Run details

Workflow file for this run