aws-samples / aws-proton-terraform-github-actions-sample Goto Github PK
View Code? Open in Web Editor NEWLicense: MIT No Attribution
aws-proton-terraform-github-actions-sample's Issues
GH Actions exits abnormally at the Notify Proton step
I am trying to leverage these GH Actions for a template I am using to define an EKS cluster. The deployment of the resources seems to complete successfully but at the time of notifying Proton the script exits with a syntax error on the aws cli call:
# Get outputs as json
outputs_json=$(terraform output -json)
# The outputs parameters expects a list of key=keyName,valueString=value key=key2Name,valueString=value2 etc...
# So here we convert the output json into a shell array
# NOTE: This will probably not play nicely with complex output objects (non primitives)
formatted_outputs=( $(echo $outputs_json | jq -r "to_entries|map(\"key=\(.key),valueString=\(.value.value|tostring)\")|.[]") )
# Notify proton
aws proton notify-resource-deployment-status-change --region us-west-2 --resource-arn arn:aws:proton:us-west-2:***:environment/myeks --status SUCCEEDED --deployment-id 4bc18b1d-a802-4dcd-8199-246177142027 --outputs ${formatted_outputs[*]}
echo "Notify success!"
shell: /usr/bin/bash --noprofile --norc -e -o pipefail {0}
env:
AWS_DEFAULT_REGION: us-west-2
AWS_REGION: us-west-2
AWS_ACCESS_KEY_ID: ***
AWS_SECRET_ACCESS_KEY: ***
AWS_SESSION_TOKEN: ***
usage: aws [options] <command> <subcommand> [<subcommand> ...] [parameters]
To see help text, you can run:
aws help
aws <command> help
aws <command> <subcommand> help
Unknown options: --name, myeks
Error: Process completed with exit code 252.
Extra "" in --outputs "${formatted_outputs[*]}" resulting in Error parsing parameter
In Notify Proton Step in .github/workflows/proton_run.yml
The line 266
aws proton notify-resource-deployment-status-change --region ${{ needs.get-deployment-data.outputs.proton_region }} --resource-arn ${{ needs.get-deployment-data.outputs.resource_arn }} --status SUCCEEDED --deployment-id ${{ needs.get-deployment-data.outputs.deployment_id }} --outputs "${formatted_outputs[*]}"
gives error similar to:
Error parsing parameter '--outputs': Second instance of key "valueString" encountered for input:
key=security_group_id,valueString=sg-00bd47009c8d7f524 key=subnet_id,valueString=subnet-0dbb1eb78c0ada8b9 key=vpc_arn,valueString=arn:aws:ec2:us-east-1:127511872893:vpc/vpc-029f362a11ac62575
^
This is often because there is a preceding "," instead of a space.
Solution
line 266 needs to be changed to below where --outputs "${formatted_outputs[]}" is changed to --outputs ${formatted_outputs[]}
aws proton notify-resource-deployment-status-change --region ${{ needs.get-deployment-data.outputs.proton_region }} --resource-arn ${{ needs.get-deployment-data.outputs.resource_arn }} --status SUCCEEDED --deployment-id ${{ needs.get-deployment-data.outputs.deployment_id }} --outputs ${formatted_outputs[*]}
Terraform files?
Where are the terraform files?
AWS Account ID is masked in Notify Proton Step
Ref: aws-actions/configure-aws-credentials#304
As configure-aws-credentials masks the AWS Account ID, the --resource-arn ${{ needs.get-deployment-data.outputs.resource_arn }} resolves to a masked (xxx) AWS_ACCOUNTID in the ARN, resulting in step failure.
A solution would be to include mask-aws-account-id: 'no' in Configure AWS Credentials step.
- name: Configure AWS Credentials
id: assume_role
uses: aws-actions/configure-aws-credentials@v1
with:
aws-region: ${{ needs.get-deployment-data.outputs.target_region }}
role-to-assume: ${{ needs.get-deployment-data.outputs.role_arn }}
role-session-name: TF-Github-Actions-Notify-Proton
mask-aws-account-id: 'no'
GH Actions script does not Notify Proton of a terraform apply failure
Upon a failure of a terraform apply, the GH Actions script exits without notifying Proton of the failure. This is a view of the run:
The script never gets to the Notify Proton stage.
This is a snippet of the terraform apply failure (if of interest):
Warning: Experimental feature "module_variable_optional_attrs" is active
│
│ on .terraform/modules/aws-eks-accelerator-for-terraform/modules/launch-templates/locals.tf line 4, in terraform:
│ 4: experiments = [module_variable_optional_attrs]
│
│ Experimental features are subject to breaking changes in future minor or
│ patch releases, based on feedback.
│
│ If you have feedback on the design of this feature, please open a GitHub
│ issue to discuss it.
│
│ (and 18 more similar warnings elsewhere)
╵
╷
│ Error: failed creating IAM Role (aws-preprod-dev-eks-cluster-role): EntityAlreadyExists: Role with name aws-preprod-dev-eks-cluster-role already exists.
│ status code: 409, request id: 957a148c-2189-4a7a-a1fa-ab44ac11e1e6
│
│ with module.aws-eks-accelerator-for-terraform.module.aws_eks.aws_iam_role.cluster[0],
│ on .terraform/modules/aws-eks-accelerator-for-terraform.aws_eks/main.tf line 128, in resource "aws_iam_role" "cluster":
│ 128: resource "aws_iam_role" "cluster" {
│
╵
╷
│ Error: error creating KMS Alias (alias/aws-preprod-dev-eks): AlreadyExistsException: An alias with the name arn:aws:kms:us-west-2:***:alias/aws-preprod-dev-eks already exists
│
│ with module.aws-eks-accelerator-for-terraform.module.kms[0].aws_kms_alias.this,
│ on .terraform/modules/aws-eks-accelerator-for-terraform/modules/aws-kms/main.tf line 29, in resource "aws_kms_alias" "this":
│ 29: resource "aws_kms_alias" "this" {
│
╵
Error: Process completed with exit code 1.
These are known issues that are being addressed in the template. The expectation is that the GH Actions would be able to get to the Notify Proton stage and inform Proton that the deployment failed. Right now the Proton deployment remains in the in progress state indefinitely.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.