Skip to content

sourcetoad/aws-codedeploy-action

Use this GitHub action with your project
Add this Action to an existing workflow or create a new one
View on Marketplace

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

AWS CodeDeploy Action

To automatically deploy applications to EC2 via CodeDeploy. Looking for ECS?


Usage

The best example is just a snippet of the workflow with all options.

Laravel (All Properties) Example

- name: AWS CodeDeploy
  uses: sourcetoad/aws-codedeploy-action@v1
  with:
    aws_access_key: ${{ secrets.AWS_ACCESS_KEY }}
    aws_secret_key: ${{ secrets.AWS_SECRET_KEY }}
    aws_region: us-east-1
    codedeploy_name: project
    codedeploy_group: prod
    codedeploy_register_only: true
    s3_bucket: project-codedeploy
    s3_folder: production
    excluded_files: '.git/* .env storage/framework/cache/* node_modules/*'
    max_polling_iterations: 60
    directory: ./

Laravel (Only Required) Example

- name: Configure AWS Credentials
  uses: aws-actions/configure-aws-credentials@v1
  with:
    role-to-assume: arn:aws:iam::123456789100:role/my-github-actions-role
    aws-region: us-east-2

- name: AWS CodeDeploy
  uses: sourcetoad/aws-codedeploy-action@v1
  with:
    codedeploy_name: project
    codedeploy_group: prod
    s3_bucket: project-codedeploy
    s3_folder: production
  • Remember to set specific permissions so we can communicate with the GitHub OIDC Endpoint.
permissions:
    id-token: write
    contents: read

Customizing

inputs

Following inputs can be used as step.with keys

Name Required Type Description
aws_access_key No String IAM Access Key.
aws_secret_key No String IAM Secret Key.
aws_region No String AWS Region (default: us-east-1).
codedeploy_name Yes String CodeDeploy Project Name.
codedeploy_group Yes String CodeDeploy Project Group.
codedeploy_config_name No String If provided, override the default CodeDeploy Configuration name
codedeploy_register_only No Boolean If true, revision is registered not deployed.
codedeploy_file_exists_behavior No String If provided, override the default CodeDeploy File Exists Behavior
s3_bucket Yes String S3 Bucket for archive to be uploaded.
s3_folder Yes String S3 Folder for archive to be uploaded within bucket.
excluded_files No String Space delimited list of patterns to exclude from archive
directory No String Directory to archive. Defaults to root of project.
custom_zip_flags No String Flags to pass to zip command. (ie zip "$FLAGS" ...)
archive No String Zip to deploy. Defaults to empty (thus ignored)
max_polling_iterations No Number Number of 15s iterations to poll max. (default: 60)
dry_run No Boolean If true, no connection to AWS is made. Just local zip creation.

outputs

Following outputs can be used after execution of the job.

Name Description
zip_filename Filename of generated zip file.
etag ETag for the generated zip file reported by AWS.
deployment_id The CodeDeploy deployment id

Skip waiting during deployment

Some projects may not want to poll for a completion of a build. Setting max_polling_iterations to 0 will exit the script after the deployment was kicked off. Progress will have to be monitored elsewhere.

Archive or Build

Some projects may have a complex build system or even build the archive in a previous step. This is where directory and archive come into play:

  • By default, directory will be used to zip that directory and deployed.
  • If archive is non-empty, it will be used in place of directory
  • archive must be zip filename including extension (ie prod-backend-20220202.zip).

IAM Permissions

You shouldn't be using a root user. Below are snippets of an inline policies with suggested permissions for the action.

  • You might need to adapt these to fit your use case.
  • You will need to insert proper resources/ARNs to make the snippets below valid.
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:Get*",
        "s3:List*",
        "s3:PutObject",
        "s3:ListMultipartUploadParts",
        "s3:AbortMultipartUpload"
      ],
      "Resource": [
        "arn:aws:s3:::project-codedeploy/*"
      ]
    }
  ]
}
  • This restricts the action to uploading an object and listing/getting the object so it can obtain the location for CodeDeploy
  • It is restricted to a specific bucket.

For deploying via CodeDeploy you will need another set of permissions.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "codedeploy:CreateDeployment"
            ],
            "Effect": "Allow",
            "Resource": [
                "arn:aws:codedeploy:codedeploy-arn"
            ]
        },
        {
            "Action": [
                "codedeploy:Batch*",
                "codedeploy:Get*",
                "codedeploy:List*",
                "codedeploy:RegisterApplicationRevision"
            ],
            "Effect": "Allow",
            "Resource": "*"
        }
    ]
}
  • These permissions are a rough example of allowing the user to list/get/register a revision for all resources
  • A specific permission statement exists to lock creating the deployment to a specific resource