diff --git a/README.md b/README.md index d75f932..87659d4 100644 --- a/README.md +++ b/README.md @@ -81,6 +81,14 @@ The Container Name to forward ALB requests to. The Container Port to forward requests to. +### `execution-role` (optional) + +The Execution Role ARN used by ECS to pull container images and secrets. + +Example: `"arn:aws:iam::012345678910:role/execution-role"` + +Requires the `iam:PassRole` permission for the execution role. + ### `deployment-configuration` (optional) The minimum and maximum percentage of tasks that should be maintained during a deployment. Defaults to `100/200` diff --git a/hooks/command b/hooks/command index aba2f07..ab460b7 100755 --- a/hooks/command +++ b/hooks/command @@ -38,6 +38,7 @@ target_group=${BUILDKITE_PLUGIN_ECS_DEPLOY_TARGET_GROUP:-""} load_balancer_name=${BUILDKITE_PLUGIN_ECS_DEPLOY_LOAD_BALANCER_NAME:-""} target_container=${BUILDKITE_PLUGIN_ECS_DEPLOY_TARGET_CONTAINER_NAME:-""} target_port=${BUILDKITE_PLUGIN_ECS_DEPLOY_TARGET_CONTAINER_PORT:-""} +execution_role=${BUILDKITE_PLUGIN_ECS_DEPLOY_EXECUTION_ROLE:-""} # Resolve any runtime environment variables it has target_group=$(eval "echo $target_group") @@ -113,6 +114,11 @@ register_command="aws ecs register-task-definition \ if [[ -n "${task_role_arn}" ]]; then register_command+=" --task-role-arn ${task_role_arn}" fi + +if [[ -n "${execution_role}" ]]; then + register_command+=" --execution-role-arn ${execution_role}" +fi + json_output=$(eval "$register_command") register_exit_code=$? diff --git a/plugin.yml b/plugin.yml index 4142251..7f1125b 100644 --- a/plugin.yml +++ b/plugin.yml @@ -28,6 +28,8 @@ configuration: type: string target-container-port: type: integer + execution-role: + type: string deployment-config: type: string required: diff --git a/tests/command.bats b/tests/command.bats index 39864ae..824e2bd 100644 --- a/tests/command.bats +++ b/tests/command.bats @@ -235,6 +235,42 @@ load '/usr/local/lib/bats/load.bash' unset BUILDKITE_PLUGIN_ECS_DEPLOY_LOAD_BALANCER_NAME } +@test "Run a deploy with execution role" { + export BUILDKITE_BUILD_NUMBER=1 + export BUILDKITE_PLUGIN_ECS_DEPLOY_CLUSTER=my-cluster + export BUILDKITE_PLUGIN_ECS_DEPLOY_SERVICE=my-service + export BUILDKITE_PLUGIN_ECS_DEPLOY_TASK_FAMILY=hello-world + export BUILDKITE_PLUGIN_ECS_DEPLOY_IMAGE=hello-world:llamas + export BUILDKITE_PLUGIN_ECS_DEPLOY_TASK_DEFINITION=examples/hello-world.json + export BUILDKITE_PLUGIN_ECS_DEPLOY_EXECUTION_ROLE=arn:aws:iam::012345678910:role/world + + stub jq \ + "--arg IMAGE hello-world:llamas '.[0].image=\$IMAGE' : echo '{\"json\":true}'" \ + "'.taskDefinition.revision' : echo 1" \ + "-r '.[0].loadBalancers[0]' : echo null" + + stub aws \ + "ecs register-task-definition --family hello-world --container-definitions '{\"json\":true}' --execution-role-arn arn:aws:iam::012345678910:role/world : echo '{\"taskDefinition\":{\"revision\":1}}'" \ + "ecs describe-services --cluster my-cluster --service my-service --query 'services[?status==\`ACTIVE\`].status' --output text : echo '1'" \ + "ecs describe-services --cluster my-cluster --services my-service --query 'services[?status==\`ACTIVE\`]' : echo 'null'" \ + "ecs update-service --cluster my-cluster --service my-service --task-definition hello-world:1 : echo ok" \ + "ecs wait services-stable --cluster my-cluster --services my-service : echo ok" \ + "ecs describe-services --cluster my-cluster --service my-service : echo ok" + + run "$PWD/hooks/command" + + assert_success + assert_output --partial "Service is up 🚀" + + unstub aws + unstub jq + unset BUILDKITE_PLUGIN_ECS_DEPLOY_CLUSTER + unset BUILDKITE_PLUGIN_ECS_DEPLOY_SERVICE + unset BUILDKITE_PLUGIN_ECS_DEPLOY_TASK_DEFINITION + unset BUILDKITE_PLUGIN_ECS_DEPLOY_IMAGE + unset BUILDKITE_PLUGIN_ECS_DEPLOY_EXECUTION_ROLE +} + @test "Create a service with deployment configuration" { export BUILDKITE_BUILD_NUMBER=1 export BUILDKITE_PLUGIN_ECS_DEPLOY_CLUSTER=my-cluster @@ -270,4 +306,4 @@ load '/usr/local/lib/bats/load.bash' unset BUILDKITE_PLUGIN_ECS_DEPLOY_TASK_DEFINITION unset BUILDKITE_PLUGIN_ECS_DEPLOY_IMAGE unset BUILDKITE_PLUGIN_ECS_DEPLOY_DEPLOYMENT_CONFIGURATION -} \ No newline at end of file +}