We Keep Coding

Pulumi AccessKey.encryptedSecret won't work

I'm currently trying to set some GitHub Actions Secret, which are my AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY,
But I'm unable to get access to my AWS_SECRET_ACCESS_KEY by using the AccessKey.encryptedSecret method, even though I'm able to access AWS_ACCESS_KEY_ID or Region, or whatever other values.
This is my code:
const makeSecret = (secretName: string, value: pulumi.Input<string>) => (
new github.ActionsSecret(
secretName,
{
repository: githubRepoName,
secretName,
plaintextValue: value,
}
)
)
if (!iamUserConfig) {
const accessKey = new aws.iam.AccessKey("cra-ts-access-policy", {
user: iamUser.name
});
pulumi.all([accessKey.id, accessKey.encryptedSecret]).apply(([
AWS_ACCESS_KEY_ID,
AWS_SECRET_ACCESS_KEY
]) => {
makeSecret('AWS_SECRET_ACCESS_KEY', AWS_SECRET_ACCESS_KEY);
makeSecret('AWS_ACCESS_KEY_ID', AWS_ACCESS_KEY_ID);
});
}
I have tried different approaches in code, still same result.
I would run pulumi up command without any issues, but when running my github workflow on push to master I get the following error
'aws-secret-access-key' must be provided if 'aws-access-key-id' is provided
This is my .github/workflow/main.yml file
name: cra-ts
on:
push:
branches: [ master ]
pull_request:
branches: [ master ]
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
jobs:
# This workflow contains a single job called "build"
build:
# The type of runner that the job will run on
runs-on: ubuntu-latest
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- uses: actions/checkout#v2
- uses: actions/setup-node#v2
with:
node-version: '14'
- name: Install
run: npm install
- name: Build
run: npm build
- name: Configure AWS Creds
uses: aws-actions/configure-aws-credentials#v1
with:
aws-region: ${{ secrets.AWS_REGION }}
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
- env:
BUCKET_NAME: ${{ secrets.BUCKET_NAME }}
run: aws s3 sync build/ s3://$BUCKET_NAME --delete
And this is my package.json:
"devDependencies": {
"#types/node": "^14"
},
"dependencies": {
"#pulumi/pulumi": "^3.22.1",
"#pulumi/aws": "^4.34.0",
"#pulumi/awsx": "^0.32.0",
"#pulumi/github": "^4.9.1"
}
I have been stuck on this for days, if you need more details let me know so I can provide them. Appreciate the help. Thanks

Github Workflows CI/CD failing

My CI/CD pipeline that is using github workflows is failing giving the following error:
Error: Unable to process command '##[add-path]/opt/hostedtoolcache/aws/0.0.0/x64' successfully.
Error: The add-path command is disabled. Please upgrade to using Environment Files or opt into unsecure command execution by setting the ACTIONS_ALLOW_UNSECURE_COMMANDS environment variable to true. For more information see: https://github.blog/changelog/2020-10-01-github-actions-deprecating-set-env-and-add-path-commands/
This is my container.yml file
name: deploy-container
on:
push:
branches:
- master
- develop
paths:
- "packages/container/**"
defaults:
run:
working-directory: packages/container
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v2
- run: npm install
- run: npm run build
- uses: chrislennon/action-aws-cli#v1.1
- run: aws s3 sync dist s3://${{ secrets.AWS_S3_BUCKET_NAME }}/container/latest
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
Any idea why this might be happening. Thanks in advance

I know the Tutorial which this is from, use
- name: ACTIONS_ALLOW_UNSECURE_COMMANDS
run: echo 'ACTIONS_ALLOW_UNSECURE_COMMANDS=true' >> $GITHUB_ENV
before
- uses: chrislennon/action-aws-cli#v1.1
and it should work.

jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v2
- run: npm install
- run: npm run build
- uses: aws-actions/configure-aws-credentials#v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-1
- run: aws s3 sync dist s3://${{ secrets.AWS_S3_BUCKET_NAME }}/container/latest

Google App Engine GitHub Action: Error: Unexpected token � in JSON at position 0

I'm trying to deploy my Django API on to Google App Engine using GitHub CI/CD, but I'm getting a strange error that doesn't provide any stack trace in my deploy job. My build job with unit tests and code coverage passes.
main.yaml:
name: Python application
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
defaults:
run:
working-directory: src
jobs:
build:
runs-on: ubuntu-latest
services:
postgres:
image: postgres:10.8
env:
POSTGRES_USER: postgres
POSTGRES_PASSWORD: postgres
POSTGRES_DB: github_actions
ports:
- 5433:5432
options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5
steps:
- uses: actions/checkout#v2
- name: Set up Python 3.9
uses: actions/setup-python#v2
with:
python-version: 3.9
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -r requirements.txt
- name: Test with Unittest
env:
SECRET_KEY: ${{ secrets.SECRET_KEY }}
DB_NAME: ${{ secrets.DB_NAME }}
DB_USER: ${{ secrets.DB_USER }}
DB_PASSWORD: ${{ secrets.DB_PASSWORD }}
DB_HOST: ${{ secrets.DB_HOST }}
DB_PORT: ${{ secrets.DB_PORT }}
DB_ENGINE: ${{ secrets.DB_ENGINE }}
run: |
coverage run manage.py test && coverage report --fail-under=75 && coverage xml
mv coverage.xml ../
- name: Report coverage to Codecov
env:
SECRET_KEY: ${{ secrets.SECRET_KEY }}
DB_NAME: ${{ secrets.DB_NAME }}
DB_USER: ${{ secrets.DB_USER }}
DB_PASSWORD: ${{ secrets.DB_PASSWORD }}
DB_HOST: ${{ secrets.DB_HOST }}
DB_PORT: ${{ secrets.DB_PORT }}
DB_ENGINE: ${{ secrets.DB_ENGINE }}
uses: codecov/codecov-action#v1
with:
token: ${{ secrets.CODECOV_TOKEN }}
files: ./coverage.xml
directory: ./coverage/reports/
fail_ci_if_error: true
deploy:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout#v2
- name: Deploy to App Engine
id: deploy
uses: google-github-actions/deploy-appengine#v0.2.0
with:
project_id: ${{ secrets.GCP_PROJECT_ID }}
deliverables: app.yaml
credentials: ${{ secrets.GOOGLE_APPLICATION_CREDENTIALS }}
version: v1
- name: Test
run: curl "${{ steps.deploy.outputs.url }}
app.yaml:
runtime: python39
instance_class: B1
service: deploy
basic_scaling:
max_instances: 1
idle_timeout: 10m
Here are the two errors I'm getting:
I also get another strange error in app.yaml, which causes the workflow to not run. I thought from the Google App Engine documentation for this file that we didn't need to include an on trigger. I'm not sure if it's caused by the error in main.yaml.
Is there an easy way to fix this error?
UPDATE: After trying v0.4.0 of the GitHub Action, I get the same error, but I found out that my GOOGLE_APPLICATION_CREDENTIALS are causing the error.
{
"type": "service_account",
"project_id": "***",
"private_key_id": "***",
"private_key": "-----BEGIN PRIVATE KEY-----***=\n-----END PRIVATE KEY-----\n",
"client_email": "***#appspot.gserviceaccount.com",
"client_id": "***",
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
"token_uri": "https://oauth2.googleapis.com/token",
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
"client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/***%40appspot.gserviceaccount.com"
}
I replaced all private information with ***, but the JSON is definitely still valid.

NuxtJS and Github User Pages

Github has two kind of pages:
User
Projects
I have a User page. So I want to publish from the master branch. I want to use NuxtJS. NuxtJS generates a CI file when you install it. Following https://nuxtjs.org/docs/2.x/deployment/github-pages I also set up a CD file whereas I went for npm instead of yarn.
So I have
ci.yml
name: ci
on:
push:
branches:
- main
- master
pull_request:
branches:
- main
- master
jobs:
ci:
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ubuntu-latest]
node: [14]
steps:
- name: Checkout 🛎
uses: actions/checkout#master
- name: Setup node env 🏗
uses: actions/setup-node#v2.1.2
with:
node-version: ${{ matrix.node }}
check-latest: true
- name: Cache node_modules 📦
uses: actions/cache#v2
with:
path: ~/.npm
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-node-
- name: Install dependencies 👨🏻‍💻
run: npm ci
- name: Run linter 👀
run: npm run lint
cd.yml
name: cd
on: [push, pull_request]
jobs:
cd:
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ubuntu-latest]
node: [14]
steps:
- name: Checkout
uses: actions/checkout#master
- name: Setup node env
uses: actions/setup-node#v2.1.2
with:
node-version: ${{ matrix.node }}
- name: Install dependencies
run: npm ci
- name: Generate
run: npm run generate
- name: Deploy
uses: peaceiris/actions-gh-pages#v3
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
publish_dir: ./dist
Now if I understood it correctly: Those actions will generate and create the static sites i.e. the dist directory. In the cd.yml file we then set:
name: Deploy
uses: peaceiris/actions-gh-pages#v3
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
publish_dir: ./dist
So everything seems okay but we did use peaceiris/actions-gh-pages#v3 which seems to create a gh_pages branch, so it seems my cd.yml file might be wrong?
If I go to my user github page I just see the readme.md displayed. What do I do wrong?

Specify the publish_branch parameter for the actions-gh-pages action (see docs):
- name: Deploy
uses: peaceiris/actions-gh-pages#v3
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
publish_dir: ./dist
# new
publish_branch: master

How to deploy to aws elastic beanstalk with github actions?

I'm currently trying to do an automated deployment through github actions. Below is my current workflow yaml file:
name: Deploy AWS
on: [workflow_dispatch]
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: 'Git: Checkout source code'
uses: actions/checkout#v1
- name: '.NET Core: Setup'
uses: actions/setup-dotnet#v1
with:
dotnet-version: '3.0.*'
- name: '.NET Core: Get dependencies'
run: dotnet restore
- name: '.NET Core: Build'
run: dotnet build --configuration Debug --no-restore
- name: 'AWS: Timestamp action'
uses: gerred/actions/current-time#master
id: current-time
- name: 'AWS: String replace action'
uses: frabert/replace-string-action#master
id: format-time
with:
pattern: '[:\.]+'
string: "${{ steps.current-time.outputs.time }}"
replace-with: '-'
flags: 'g'
- name: 'AWS: Generate build archive'
run: (cd ./project.Api/bin/Debug/netcoreapp3.0 && zip -r "../../../../${{ steps.format-time.outputs.replaced }}.zip" . -x '*.git*')
- name: 'AWS: Deploying build'
uses: einaregilsson/beanstalk-deploy#v14
with:
aws_access_key: { my_access_key }
aws_secret_key: { my_secret_key }
application_name: api_test
environment_name: my-api-test
version_label: "v${{ steps.format-time.outputs.replaced }}"
region: ap-southeast-2
deployment_package: "${{ steps.format-time.outputs.replaced }}.zip"
- name: 'AWS: Deployment complete'
run: echo Should be on EB now
The current elastic beanstalk environment is setup with a load balancer - which I think is the main issue being caused with the deployment failing. I haven't been able to find a solution on how to deploy to aws elastic beanstalk when the environment contains a load balancer.

I know you had already done this, but it will help needy one :-)
I'm new here so not able to write correctly in box, but yaml code starts from "name:dotnet.." till end ,indent yaml accordingly
name: dotnet -> s3 -> Elastic Beanstalk
on:
workflow_dispatch
#Setting up some environment variables
env:
EB_PACKAGE_S3_BUCKET_NAME : "php-bucket"
EB_APPLICATION_NAME : "dotnet-app"
EB_ENVIRONMENT_NAME : "Dotnetapp-env"
DEPLOY_PACKAGE_NAME : "dotnet-app-${{ github.sha }}.zip"
AWS_REGION_NAME : "af-south-1"
jobs:
build_and_create_Artifact:
runs-on: ubuntu-latest
steps:
- name: Checkout repo
uses: actions/checkout#v3
- name: Setup .NET Core
uses: actions/setup-dotnet#v1
with:
dotnet-version: 6.0.*
- name: Install dependencies
run: dotnet restore
- name: Build
run: dotnet build --configuration Release --no-restore
- name: Test
run: dotnet test --no-restore --verbosity normal
- name: Publish
run: dotnet publish -c Release -o '${{ github.workspace }}/out'
- name: Zip Package
run: |
cd ${{ github.workspace }}/out
zip -r ${{ env.DEPLOY_PACKAGE_NAME }} *
- name: Upload a Build Artifact
uses: actions/upload-artifact#v3.1.0
with:
name: .Net-artifact
path: ${{ github.workspace }}/out/${{ env.DEPLOY_PACKAGE_NAME }}
- name: "Configure AWS Credentials"
uses: aws-actions/configure-aws-credentials#v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID}}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ env.AWS_REGION_NAME }}
- name: "Copy artifact to S3"
run: aws s3 cp ${{ github.workspace }}/out/${{ env.DEPLOY_PACKAGE_NAME }} s3://${{ env.EB_PACKAGE_S3_BUCKET_NAME }}/
- name: "Build Successful"
run: echo "CD part completed successfully"
Deploy_Artifact:
needs: build_and_create_Artifact
runs-on: ubuntu-latest
steps:
- name: "Configure AWS Credentials"
uses: aws-actions/configure-aws-credentials#v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID}}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ env.AWS_REGION_NAME }}
- name: 'AWS: Timestamp action'
uses: gerred/actions/current-time#master
id: current-time
- name: 'AWS: String replace action'
uses: frabert/replace-string-action#master
id: format-time
with:
pattern: '[:\.]+'
string: "${{ steps.current-time.outputs.time }}"
replace-with: '-'
flags: 'g'
- name: "Create Elastic Beanstalk Application Version"
run : aws elasticbeanstalk create-application-version --application-name ${{ env.EB_APPLICATION_NAME }} --version-label version#${{ github.sha }} --source-bundle S3Bucket=${{ env.EB_PACKAGE_S3_BUCKET_NAME }},S3Key=${{ env.DEPLOY_PACKAGE_NAME }} --description SHA_of_app_is_${{ github.sha }}__Created_at__${{ steps.format-time.outputs.replaced }}
- name: "Deploy Application Version"
run: aws elasticbeanstalk update-environment --environment-name ${{ env.EB_ENVIRONMENT_NAME }} --version-label "version#${{ github.sha }}"
- name: "Successfully run CD pipeline"
run: echo "CD part completed successfully"