using Github actions with codebuild - amazon-web-services

I am using GitHub Actions with CodeBuild but whenever I run the workflow I am getting error message:
STARTING CODEBUILD
[24](https://github.com/jude![Error|563x470](upload://3wIYvCwrkHB6AnfkeJqtWd1cSWI.png)
0143143/CodeBuild/runs/3692850080?check_suite_focus=true#step:4:24)Error: The security token included in the request is invalid
name: 'GitHub Actions For CodeBuild'
on:
pull_request:
branches:
- test
env:
tf_version: 'latest'
tg_version: 'latest'
jobs:
deploy:
name: 'Build and Deploy'
runs-on: ubuntu-latest
steps:
- name: 'checkout'
uses: actions/checkout#v2
- name: configure AWS credentials
uses: aws-actions/configure-aws-credentials#v1
with:
aws-access-key-id: ${{secrets.AWS_ACCESS_KEY_ID}}
aws-secret-access-key: ${{secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-1
role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
role-duration-seconds: 3600
- name: Run CodeBuild
uses: aws-actions/aws-codebuild-run-build#v1
with:
project-name: CodeBuild
buildspec-override: stage/dev-env/buildspec.yml
env-vars-for-codebuild: |
TF_INPUT,
AWS_ACCESS_KEY_ID,
AWS_SECRET_ACCESS_KEY,
AWS_REGION,
ROLE_TO_ASSUME,
ROLE_DURATION_SECONDS,
env:
TF_INPUT: false
AWS_ACCESS_KEY_ID: ${{secrets.AWS_ACCESS_KEY_ID}}
AWS_SECRET_ACCESS_KEY: ${{secrets.AWS_SECRET_ACCESS_KEY }}
AWS_REGION: us-east-1
ROLE_TO_ASSUME: ${{ secrets.AWS_ROLE_TO_ASSUME }}
ROLE_DURATION_SECONDS: 3600[![enter image description here][1]][1]

The error message indicates that the given role or keys are not valid to execute the action.
You set access key and secret key in both the 'configure AWS credentials' and 'Run CodeBuild' steps. Looking into the Repository for 'aws-actions/aws-codebuild-run-build#v1' it seems that it only needs to be configured in the first step. Not sure how many environments you are expecting to deploy to but if there is only one, then env is redundant.
https://github.com/aws-actions/aws-codebuild-run-build
Somethink like this I expect:
steps:
- name: 'checkout'
uses: actions/checkout#v2
- name: configure AWS credentials
uses: aws-actions/configure-aws-credentials#v1
with:
aws-access-key-id: ${{secrets.AWS_ACCESS_KEY_ID}}
aws-secret-access-key: ${{secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-1
role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
role-duration-seconds: 3600
- name: Run CodeBuild
uses: aws-actions/aws-codebuild-run-build#v1
with:
project-name: CodeBuild
buildspec-override: stage/dev-env/buildspec.yml

Related

environment variables between workflow and job for github actions

I'm creating workflow:
where environment variables are sets between workflow and jobs:
While accessing the workflow based env, I'm getting error:
Unrecognized named-value: 'env'. Located at position 1 within expression: env.ACCOUNT_ID
all I want to access the job based env to each steps while referring to workflow based env.
The workflow
env:
AWS_REGION: ${{ vars.AWS_REGION }}
ACCOUNT_ID: ${{ secrets.TRAINING_ACCOUNT_ID }}
jobs:
dev:
runs-on: ubuntu-latest
env:
ECR_REGISTRY: ${{ env.ACCOUNT_ID }}.dkr.ecr.${{env.AWS_REGION}}.amazonaws.com
steps:
- name: build
run: |
aws --region ${{env.AWS_REGION}} ecr get-login-password | docker login --username AWS --password-stdin ${{env.ECR_REGISTRY}}
I found this as answer after a quite trial, if someone has the official answer, please post it.
But to work in my case, this is the hack:
env:
AWS_REGION: ${{ vars.AWS_REGION }}
ACCOUNT_ID: ${{ secrets.TRAINING_ACCOUNT_ID }}
jobs:
dev:
runs-on: ubuntu-latest
env:
ECR_REGISTRY: $ACCOUNT_ID.dkr.ecr.$AWS_REGION.amazonaws.com
steps:
- name: build
run: |
aws --region ${{env.AWS_REGION}} ecr get-login-password | docker login --username AWS --password-stdin ${{env.ECR_REGISTRY}}

Error in aws-actions/configure-aws-credentials#v1-node16 in github actions

I'm facing this error that I don't understand because I'm using the same pipeline in another repo and it never showed me this error:
Run aws-actions/configure-aws-credentials#v1-node16
with:
aws-region: us-east-1
audience: sts.amazonaws.com
Error: Credentials could not be loaded, please check your action inputs: Could not load credentials from any providers
here is my code:
steps:
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials#v1-node16
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-1
they recommended to use this:
build:
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
I tried it but didn't work also.

Github actions configure AWS credentials throws error

I am trying to build docker image and upload it to AWS ECR using Github actions. Had referred articles online and came up with an action file with one of its step as:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials#v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
role-to-assume: ${{ secrets.ROLE }}
aws-region: us-west-2
When I run the workflow, I get an error at this step saying "Error: The security token included in the request is invalid." even though I have provided the correct credentials. What am I missing here?
I wanted to get it connected and move to the next step, which is:
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login#v1
- name: Build, tag, and push image to Amazon ECR
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
ECR_REPOSITORY: test
IMAGE_TAG: test_new
Any help would be appreciated.

Github Actions - Deploy to Amazon ECS: 'task-definition.json: Unexpected token � in JSON at position 0' error

I am using Github action "Deploy to Amazon ECS" to create Docker container from Node.js backend and deploy it on ECS.
During deployment, I receive following error:
Fill in the new image ID in the Amazon ECS task definition
Run aws-actions/amazon-ecs-render-task-definition#v1
Error: /home/runner/work/project-app-strapi/project-app-strapi/task-definition.json: Unexpected token � in JSON at position 0
The task-definition.json was generated by following command (as I am not very experienced with aws ecs CLI and prefer to create the infrastructure using AWS Console):
aws ecs describe-task-definition --task-definition "arn:aws:ecs:eu-west-1:076457945931:task-definition/project-strapi:2" --profile project > task-definition.json
also checked the file and it is valid json that doesn't contain any harmful hidden characters. It looks like this:
{
"taskDefinition": {
"taskDefinitionArn": "arn:aws:ecs:eu-west-1:076457945931:task-definition/project-strapi:2",
"containerDefinitions": [{
"name": "project-app",
"image": "076457945931.dkr.ecr.eu-west-1.amazonaws.com/company/project-strapi",
"cpu": 0,
"portMappings": [{
"containerPort": 1337,
"hostPort": 1337,
"protocol": "tcp"
}],
"essential": true,
... other fields, I don't believe they are needed
}
Workflow file is same as the default aws.yml for this Github Action, no changes were made here (besides filling variables):
name: Deploy to Amazon ECS
on:
push:
branches: [ "main" ]
env:
AWS_REGION: eu-west-1 # set this to your preferred AWS region, e.g. us-west-1
ECR_REPOSITORY: company/project-strapi # set this to your Amazon ECR repository name
ECS_SERVICE: project-strapi # set this to your Amazon ECS service name
ECS_CLUSTER: project-strapi-app # set this to your Amazon ECS cluster name
ECS_TASK_DEFINITION: task-definition.json # set this to the path to your Amazon ECS task definition
# file, e.g. .aws/task-definition.json
CONTAINER_NAME: project-app # set this to the name of the container in the
# containerDefinitions section of your task definition
permissions:
contents: read
jobs:
deploy:
name: Deploy
runs-on: ubuntu-latest
environment: production
steps:
- name: Checkout
uses: actions/checkout#v3
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials#v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ env.AWS_REGION }}
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login#v1
- name: Build, tag, and push image to Amazon ECR
id: build-image
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
IMAGE_TAG: ${{ github.sha }}
run: |
# Build a docker container and
# push it to ECR so that it can
# be deployed to ECS.
docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
echo "::set-output name=image::$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG"
- name: Fill in the new image ID in the Amazon ECS task definition
id: task-def
uses: aws-actions/amazon-ecs-render-task-definition#v1
with:
task-definition: ${{ env.ECS_TASK_DEFINITION }}
container-name: ${{ env.CONTAINER_NAME }}
image: ${{ steps.build-image.outputs.image }}
- name: Deploy Amazon ECS task definition
uses: aws-actions/amazon-ecs-deploy-task-definition#v1
with:
task-definition: ${{ steps.task-def.outputs.task-definition }}
service: ${{ env.ECS_SERVICE }}
cluster: ${{ env.ECS_CLUSTER }}
wait-for-service-stability: true
I tried several things, specifically various changes to formatting of json, changing the directory of the file, but the error remains.
First Download the task-defination file then update the image of the task-defination then update it to the ecs service, then you wont get any issue
- name: Download task definition
run: |
aws ecs describe-task-definition --task-definition **your task defination name** --query taskDefinition > taskdefinition.json
- name: new image in ECS taskdefinition
id: demo
uses: aws-actions/amazon-ecs-render-task-definition#v1
with:
task-definition: taskdefinition.json
container-name: **your container name**
image: ${{ steps.check_files.outputs.**image** }}
- name: updating task-definition file
run: cat ${{ steps.demo.outputs.task-definition }} > taskdefinition.json

How to deploy to aws elastic beanstalk with github actions?

I'm currently trying to do an automated deployment through github actions. Below is my current workflow yaml file:
name: Deploy AWS
on: [workflow_dispatch]
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: 'Git: Checkout source code'
uses: actions/checkout#v1
- name: '.NET Core: Setup'
uses: actions/setup-dotnet#v1
with:
dotnet-version: '3.0.*'
- name: '.NET Core: Get dependencies'
run: dotnet restore
- name: '.NET Core: Build'
run: dotnet build --configuration Debug --no-restore
- name: 'AWS: Timestamp action'
uses: gerred/actions/current-time#master
id: current-time
- name: 'AWS: String replace action'
uses: frabert/replace-string-action#master
id: format-time
with:
pattern: '[:\.]+'
string: "${{ steps.current-time.outputs.time }}"
replace-with: '-'
flags: 'g'
- name: 'AWS: Generate build archive'
run: (cd ./project.Api/bin/Debug/netcoreapp3.0 && zip -r "../../../../${{ steps.format-time.outputs.replaced }}.zip" . -x '*.git*')
- name: 'AWS: Deploying build'
uses: einaregilsson/beanstalk-deploy#v14
with:
aws_access_key: { my_access_key }
aws_secret_key: { my_secret_key }
application_name: api_test
environment_name: my-api-test
version_label: "v${{ steps.format-time.outputs.replaced }}"
region: ap-southeast-2
deployment_package: "${{ steps.format-time.outputs.replaced }}.zip"
- name: 'AWS: Deployment complete'
run: echo Should be on EB now
The current elastic beanstalk environment is setup with a load balancer - which I think is the main issue being caused with the deployment failing. I haven't been able to find a solution on how to deploy to aws elastic beanstalk when the environment contains a load balancer.
I know you had already done this, but it will help needy one :-)
I'm new here so not able to write correctly in box, but yaml code starts from "name:dotnet.." till end ,indent yaml accordingly
name: dotnet -> s3 -> Elastic Beanstalk
on:
workflow_dispatch
#Setting up some environment variables
env:
EB_PACKAGE_S3_BUCKET_NAME : "php-bucket"
EB_APPLICATION_NAME : "dotnet-app"
EB_ENVIRONMENT_NAME : "Dotnetapp-env"
DEPLOY_PACKAGE_NAME : "dotnet-app-${{ github.sha }}.zip"
AWS_REGION_NAME : "af-south-1"
jobs:
build_and_create_Artifact:
runs-on: ubuntu-latest
steps:
- name: Checkout repo
uses: actions/checkout#v3
- name: Setup .NET Core
uses: actions/setup-dotnet#v1
with:
dotnet-version: 6.0.*
- name: Install dependencies
run: dotnet restore
- name: Build
run: dotnet build --configuration Release --no-restore
- name: Test
run: dotnet test --no-restore --verbosity normal
- name: Publish
run: dotnet publish -c Release -o '${{ github.workspace }}/out'
- name: Zip Package
run: |
cd ${{ github.workspace }}/out
zip -r ${{ env.DEPLOY_PACKAGE_NAME }} *
- name: Upload a Build Artifact
uses: actions/upload-artifact#v3.1.0
with:
name: .Net-artifact
path: ${{ github.workspace }}/out/${{ env.DEPLOY_PACKAGE_NAME }}
- name: "Configure AWS Credentials"
uses: aws-actions/configure-aws-credentials#v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID}}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ env.AWS_REGION_NAME }}
- name: "Copy artifact to S3"
run: aws s3 cp ${{ github.workspace }}/out/${{ env.DEPLOY_PACKAGE_NAME }} s3://${{ env.EB_PACKAGE_S3_BUCKET_NAME }}/
- name: "Build Successful"
run: echo "CD part completed successfully"
Deploy_Artifact:
needs: build_and_create_Artifact
runs-on: ubuntu-latest
steps:
- name: "Configure AWS Credentials"
uses: aws-actions/configure-aws-credentials#v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID}}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ env.AWS_REGION_NAME }}
- name: 'AWS: Timestamp action'
uses: gerred/actions/current-time#master
id: current-time
- name: 'AWS: String replace action'
uses: frabert/replace-string-action#master
id: format-time
with:
pattern: '[:\.]+'
string: "${{ steps.current-time.outputs.time }}"
replace-with: '-'
flags: 'g'
- name: "Create Elastic Beanstalk Application Version"
run : aws elasticbeanstalk create-application-version --application-name ${{ env.EB_APPLICATION_NAME }} --version-label version#${{ github.sha }} --source-bundle S3Bucket=${{ env.EB_PACKAGE_S3_BUCKET_NAME }},S3Key=${{ env.DEPLOY_PACKAGE_NAME }} --description SHA_of_app_is_${{ github.sha }}__Created_at__${{ steps.format-time.outputs.replaced }}
- name: "Deploy Application Version"
run: aws elasticbeanstalk update-environment --environment-name ${{ env.EB_ENVIRONMENT_NAME }} --version-label "version#${{ github.sha }}"
- name: "Successfully run CD pipeline"
run: echo "CD part completed successfully"