Skip to content
Launch tools container

Launch tools container #31

Sign in to view logs

Launch tools container

Launch tools container #31

Workflow file for this run

.github/workflows/launch-tools.yaml at 1c00f28
name: Launch tools container
on:
workflow_dispatch:
inputs:
environment:
description: Environment to destroy.
default: development
required: true
type: environment
command:
description: |
Command to run in the tools container in the CMD format: executable,
param1, param2, ...
default: "echo,hello world"
required: true
type: string
permissions:
contents: read
id-token: write
jobs:
launch:
name: Launch tools container in ${{ inputs.environment }}
runs-on: ubuntu-latest
environment: ${{ inputs.environment }}
env:
# Set required variables.
TF_VAR_repo_oidc_arn: ${{ secrets.TF_VAR_REPO_OIDC_ARN }}
TF_VAR_vpc_cidr: ${{ secrets.TF_VAR_VPC_CIDR }}
TF_VAR_vpc_private_subnet_cidrs: ${{ secrets.TF_VAR_VPC_PRIVATE_SUBNET_CIDRS }}
TF_VAR_vpc_public_subnet_cidrs: ${{ secrets.TF_VAR_VPC_PUBLIC_SUBNET_CIDRS }}
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{ secrets.AWS_REGION || 'us-west-1' }}
role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
role-session-name: GitHub_to_AWS_via_FederatedOIDC
# - name: Setup OpenTofu
# uses: opentofu/setup-opentofu@v1
# with:
# tofu_wrapper: false
# - name: Display OpenTofu version
# run: tofu version
# - name: Set optional variables
# env:
# # For any of these that have a value, the corresponding TF_VAR_*
# # environment variable will be set.
# APPLY_DATABASE_UPDATES_IMMEDIATELY: ${{ secrets.TF_VAR_APPLY_DATABASE_UPDATES_IMMEDIATELY }}
# TF_VAR_CONSUMER_CONTAINER_COUNT: ${{ secrets.TF_VAR_CONSUMER_CONTAINER_COUNT }}
# CONSUMER_CPU: ${{ secrets.TF_VAR_CONSUMER_CPU }}
# CONSUMER_MEMORY: ${{ secrets.TF_VAR_CONSUMER_MEMORY }}
# DATABASE_SKIP_FINAL_SNAPSHOT: ${{ secrets.TF_VAR_DATABASE_SKIP_FINAL_SNAPSHOT }}
# DELETION_PROTECTION: ${{ secrets.TF_VAR_DELETION_PROTECTION }}
# DEPLOYMENT_ENVIRONMENTS: ${{ secrets.TF_VAR_DEPLOYMENT_ENVIRONMENTS }}
# ENVIRONMENT: ${{ secrets.TF_VAR_ENVIRONMENT }}
# EXPORT_EXPIRATION: ${{ secrets.TF_VAR_EXPORT_EXPIRATION }}
# IMAGE_TAGS_MUTABLE: ${{ secrets.TF_VAR_IMAGE_TAGS_MUTABLE }}
# KEY_RECOVERY_PERIOD: ${{ secrets.TF_VAR_KEY_RECOVERY_PERIOD }}
# PROGRAM: ${{ secrets.TF_VAR_PROGRAM }}
# PROJECT: ${{ secrets.TF_VAR_PROJECT }}
# REPOSITORY: ${{ secrets.TF_VAR_REPOSITORY }}
# run: |
# variables=(
# "apply_database_updates_immediately" "consumer_container_count"
# "consumer_cpu" "consumer_memory" "database_skip_final_snapshot"
# "deletion_protection" "deployment_environments" "environment"
# "export_expiration" "image_tags_mutable" "key_recovery_period"
# "program" "project" "repository"
# )
# for var in ${variables[@]}; do
# name="$(echo $var | tr '[:lower:]' '[:upper:]')"
# if [ -n "${!name}" ]; then
# echo "Setting TF_VAR_$var"
# echo "TF_VAR_$var=${!name}" >> $GITHUB_ENV
# else
# echo "$name is not set"
# fi
# done
# - name: Initialize OpenTofu
# working-directory: ./tofu/config/service
# run: tofu init
- name: Setup OpenTofu
uses: ./.github/actions/setup-opentofu
env:
TF_VAR_APPLY_DATABASE_UPDATES_IMMEDIATELY: ${{ secrets.TF_VAR_APPLY_DATABASE_UPDATES_IMMEDIATELY }}
TF_VAR_DATABASE_SKIP_FINAL_SNAPSHOT: ${{ secrets.TF_VAR_DATABASE_SKIP_FINAL_SNAPSHOT }}
TF_VAR_CONSUMER_CONTAINER_COUNT: ${{ secrets.TF_VAR_CONSUMER_CONTAINER_COUNT }}
TF_VAR_CONSUMER_CPU: ${{ secrets.TF_VAR_CONSUMER_CPU }}
TF_VAR_CONSUMER_MEMORY: ${{ secrets.TF_VAR_CONSUMER_MEMORY }}
TF_VAR_DELETION_PROTECTION: ${{ secrets.TF_VAR_DELETION_PROTECTION }}
TF_VAR_DEPLOYMENT_ENVIRONMENTS: ${{ secrets.TF_VAR_DEPLOYMENT_ENVIRONMENTS }}
TF_VAR_EXPORT_EXPIRATION: ${{ secrets.TF_VAR_EXPORT_EXPIRATION }}
TF_VAR_IMAGE_TAGS_MUTABLE: ${{ secrets.TF_VAR_IMAGE_TAGS_MUTABLE }}
TF_VAR_KEY_RECOVERY_PERIOD: ${{ secrets.TF_VAR_KEY_RECOVERY_PERIOD }}
TF_VAR_PROGRAM: ${{ secrets.TF_VAR_PROGRAM }}
TF_VAR_REPO_OIDC_ARN: ${{ secrets.TF_VAR_REPO_OIDC_ARN }}
TF_VAR_REPOSITORY: ${{ secrets.TF_VAR_REPOSITORY }}
TF_VAR_VPC_CIDR: ${{ secrets.TF_VAR_VPC_CIDR }}
TF_VAR_VPC_PRIVATE_SUBNET_CIDRS: ${{ secrets.TF_VAR_VPC_PRIVATE_SUBNET_CIDRS }}
TF_VAR_VPC_PUBLIC_SUBNET_CIDRS: ${{ secrets.TF_VAR_VPC_PUBLIC_SUBNET_CIDRS }}
with:
config: service
- name: Get OpenTofu outputs
id: outputs
working-directory: ./tofu/config/service
run: |
OUTPUTS=$(tofu output -json | jq -c)
echo "OUTPUTS=$OUTPUTS"
echo "outputs=$OUTPUTS" >> $GITHUB_OUTPUT
- name: Parse subnets
id: subnets
env:
SUBNETS: ${{ toJson(fromJson(steps.outputs.outputs.outputs).container_subnets.value) }}
run: |
SUBNET_STRING=$(echo "$SUBNETS" | jq -r '.[]')
echo "subnets<<EOF" >> $GITHUB_OUTPUT
echo "$SUBNET_STRING" >> $GITHUB_OUTPUT
echo "EOF" >> $GITHUB_OUTPUT
- name: Parse command
id: command
env:
COMMAND: ${{ inputs.command }}
run: |
IFS=',' read -ra parts <<< "$COMMAND"
COMMAND_STRING=$(printf "%s\n" "${parts[@]}")
echo "command<<EOF" >> $GITHUB_OUTPUT
echo "$COMMAND_STRING" >> $GITHUB_OUTPUT
echo "EOF" >> $GITHUB_OUTPUT
# - name: Show outputs
# run: echo "${{ steps.command.outputs.command }}"
- name: Launch container
id: run-task
uses: geekcell/github-action-aws-ecs-run-task@v5
with:
cluster: ${{ secrets.TF_VAR_PROJECT }}-${{ secrets.TF_VAR_ENVIRONMENT }}
task-definition: ${{ secrets.TF_VAR_PROJECT }}-${{ secrets.TF_VAR_ENVIRONMENT }}-tools
override-container: ${{ secrets.TF_VAR_PROJECT }}-${{ secrets.TF_VAR_ENVIRONMENT }}-tools
assign-public-ip: DISABLED
tail-logs: true
task-wait-until-stopped: true
# The block style indicator (|) is necessary to tell YAML to preserve
# newlines.
override-container-command: |
${{ steps.command.outputs.command }}
subnet-ids: |
${{ steps.subnets.outputs.subnets }}
security-group-ids: |
${{ fromJson(steps.outputs.outputs.outputs).task_security_group_id.value }}