Add support for running tasks (#1)

* Add run task action * Update README
smitp · Jul 3, 2020 · e7e45f0 · e7e45f0
1 parent 7218b9c
commit e7e45f0
Show file tree

Hide file tree

Showing 9 changed files with 286 additions and 1,215 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
diff --git a/LICENSE b/LICENSE
@@ -1,6 +1,6 @@
 MIT License
 
-Copyright 2019 Amazon.com, Inc. or its affiliates.
+Copyright (c) 2020 Smit Patel
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

diff --git a/README.md b/README.md
@@ -1,33 +1,33 @@
-## Amazon ECS "Deploy Task Definition" Action for GitHub Actions
+## Amazon ECS "Run Task" Action for GitHub Actions
 
-Registers an Amazon ECS task definition and deploys it to an ECS service.
+Runs an Amazon ECS task on ECS cluster.
 
 **Table of Contents**
 
 <!-- toc -->
 
+- [Amazon ECS "Run Task" Action for GitHub Actions](#amazon-ecs-run-task-action-for-github-actions)
 - [Usage](#usage)
-    + [Task definition file](#task-definition-file)
-    + [Task definition container image values](#task-definition-container-image-values)
+  - [Task definition file](#task-definition-file)
+  - [Task definition container image values](#task-definition-container-image-values)
 - [Credentials and Region](#credentials-and-region)
 - [Permissions](#permissions)
-- [AWS CodeDeploy Support](#aws-codedeploy-support)
 - [Troubleshooting](#troubleshooting)
 - [License Summary](#license-summary)
-- [Security Disclosures](#security-disclosures)
 
 <!-- tocstop -->
 
 ## Usage
 
 ```yaml
-    - name: Deploy to Amazon ECS
-      uses: aws-actions/amazon-ecs-deploy-task-definition@v1
+    - name: Run Task on Amazon ECS
+      uses: smitp/amazon-ecs-run-task@v1
       with:
         task-definition: task-definition.json
-        service: my-service
         cluster: my-cluster
-        wait-for-service-stability: true
+        count: 1
+        started-by: github-actions-${{ github.actor }}
+        wait-for-finish: true
 ```
 
 See [action.yml](action.yml) for the full documentation for this action's inputs and outputs.
@@ -93,13 +93,14 @@ The task definition file can be updated prior to deployment with the new contain
         container-name: my-container
         image: ${{ steps.build-image.outputs.image }}
 
-    - name: Deploy Amazon ECS task definition
-      uses: aws-actions/amazon-ecs-deploy-task-definition@v1
+    - name: Run Task on Amazon ECS
+      uses: smitp/amazon-ecs-run-task@v1
       with:
-        task-definition: ${{ steps.task-def.outputs.task-definition }}
-        service: my-service
+        task-definition: task-definition.json
         cluster: my-cluster
-        wait-for-service-stability: true
+        count: 1
+        started-by: github-actions-${{ github.actor }}
+        wait-for-finish: true
 ```
 
 ## Credentials and Region
@@ -142,94 +143,27 @@ This action requires the following minimum set of permissions:
          ]
       },
       {
-         "Sid":"DeployService",
-         "Effect":"Allow",
-         "Action":[
-            "ecs:UpdateService",
-            "ecs:DescribeServices"
-         ],
-         "Resource":[
-            "arn:aws:ecs:<region>:<aws_account_id>:service/<cluster_name>/<service_name>"
-         ]
-      }
-   ]
-}
-```
-
-Note: the policy above assumes the account has opted in to the ECS long ARN format.
-
-## AWS CodeDeploy Support
-
-For ECS services that uses the `CODE_DEPLOY` deployment controller, additional configuration is needed for this action:
-
-```yaml
-    - name: Deploy to Amazon ECS
-      uses: aws-actions/amazon-ecs-deploy-task-definition@v1
-      with:
-        task-definition: task-definition.json
-        service: my-service
-        cluster: my-cluster
-        wait-for-service-stability: true
-        codedeploy-appspec: appspec.json
-        codedeploy-application: my-codedeploy-application
-        codedeploy-deployment-group: my-codedeploy-deployment-group
-```
-
-The minimal permissions require access to CodeDeploy:
-
-```json
-{
-   "Version":"2012-10-17",
-   "Statement":[
-      {
-         "Sid":"RegisterTaskDefinition",
-         "Effect":"Allow",
-         "Action":[
-            "ecs:RegisterTaskDefinition"
-         ],
-         "Resource":"*"
-      },
-      {
-         "Sid":"PassRolesInTaskDefinition",
-         "Effect":"Allow",
-         "Action":[
-            "iam:PassRole"
-         ],
-         "Resource":[
-            "arn:aws:iam::<aws_account_id>:role/<task_definition_task_role_name>",
-            "arn:aws:iam::<aws_account_id>:role/<task_definition_task_execution_role_name>"
-         ]
+         "Sid": "RunTask",
+         "Effect": "Allow",
+         "Action": "ecs:RunTask",
+         "Resource": "arn:aws:ecs:<region>:<aws_account_id>:task-definition/*:*"
       },
       {
-         "Sid":"DeployService",
-         "Effect":"Allow",
-         "Action":[
-            "ecs:DescribeServices",
-            "codedeploy:GetDeploymentGroup",
-            "codedeploy:CreateDeployment",
-            "codedeploy:GetDeployment",
-            "codedeploy:GetDeploymentConfig",
-            "codedeploy:RegisterApplicationRevision"
-         ],
-         "Resource":[
-            "arn:aws:ecs:<region>:<aws_account_id>:service/<cluster_name>/<service_name>",
-            "arn:aws:codedeploy:<region>:<aws_account_id>:deploymentgroup:<application_name>/<deployment_group_name>",
-            "arn:aws:codedeploy:<region>:<aws_account_id>:deploymentconfig:*",
-            "arn:aws:codedeploy:<region>:<aws_account_id>:application:<application_name>"
-         ]
+         "Sid": "DescribeTasks",
+         "Effect": "Allow",
+         "Action": "ecs:DescribeTasks",
+         "Resource": "arn:aws:ecs:<region>:<aws_account_id>:task/*"
       }
    ]
 }
 ```
 
+Note: the policy above assumes the account has opted in to the ECS long ARN format.
+
 ## Troubleshooting
 
 This action emits debug logs to help troubleshoot deployment failures.  To see the debug logs, create a secret named `ACTIONS_STEP_DEBUG` with value `true` in your repository.
 
 ## License Summary
 
 This code is made available under the MIT license.
-
-## Security Disclosures
-
-If you would like to report a potential security issue in this project, please do not create a GitHub issue.  Instead, please follow the instructions [here](https://aws.amazon.com/security/vulnerability-reporting/) or [email AWS security directly](mailto:aws-security@amazon.com).
diff --git a/action.yml b/action.yml
@@ -1,38 +1,32 @@
-name: 'Amazon ECS "Deploy Task Definition" Action for GitHub Actions'
-description: 'Registers an Amazon ECS task definition, and deploys it to an ECS service'
+name: 'Amazon ECS "Run Task" Action for GitHub Actions'
+description: 'Runs an Amazon ECS task'
 branding:
   icon: 'cloud'
   color: 'orange'
 inputs:
   task-definition:
-    description: 'The path to the ECS task definition file to register'
+    description: 'The name of ECS task definition'
     required: true
-  service:
-    description: 'The name of the ECS service to deploy to. The action will only register the task definition if no service is given.'
-    required: false
   cluster:
-    description: "The name of the ECS service's cluster.  Will default to the 'default' cluster"
+    description: "The name of the ECS cluster. Will default to the 'default' cluster"
+    required: true
+  count:
+    description: "The count of tasks to run. Will default to the 1"
+    required: true
+  started-by:
+    description: "The value of the task started-by"
     required: false
-  wait-for-service-stability:
-    description: 'Whether to wait for the ECS service to reach stable state after deploying the new task definition. Valid value is "true". Will default to not waiting.'
+  wait-for-finish:
+    description: "Whether to wait for tasks to reach stopped state. Will default to not waiting"
     required: false
   wait-for-minutes:
-    description: 'How long to wait for the ECS service to reach stable state, in minutes (default: 30 minutes, max: 6 hours). For CodeDeploy deployments, any wait time configured in the CodeDeploy deployment group will be added to this value.'
-    required: false
-  codedeploy-appspec:
-    description: "The path to the AWS CodeDeploy AppSpec file, if the ECS service uses the CODE_DEPLOY deployment controller. Will default to 'appspec.yaml'."
-    required: false
-  codedeploy-application:
-    description: "The name of the AWS CodeDeploy application, if the ECS service uses the CODE_DEPLOY deployment controller. Will default to 'AppECS-{cluster}-{service}'."
-    required: false
-  codedeploy-deployment-group:
-    description: "The name of the AWS CodeDeploy deployment group, if the ECS service uses the CODE_DEPLOY deployment controller. Will default to 'DgpECS-{cluster}-{service}'."
+    description: 'How long to wait for the task reach stopped state, in minutes (default: 30 minutes, max: 6 hours).'
     required: false
 outputs:
   task-definition-arn:
     description: 'The ARN of the registered ECS task definition'
-  codedeploy-deployment-id:
-    description: 'The deployment ID of the CodeDeploy deployment (if the ECS service uses the CODE_DEPLOY deployment controller'
+  task-arn:
+    description: 'The ARN of the ECS task'
 runs:
   using: 'node12'
   main: 'dist/index.js'