I have a Github actions workflow that will be called via either workflow_call or workflow_dispatch and it will take an input of environment, and I want to map that to details about this environment.
I tried...
Example workflow:
name: Deploy Console
on:
workflow_dispatch:
inputs:
environment:
description: "The environment you are releasing to"
required: true
type: environment
release-tag:
description: "The tag that you are releasing"
required: true
type: string
workflow_call: # Only used for Dev.
inputs:
environment:
description: "The environment you are releasing to"
required: true
type: string
release-tag:
description: "The tag that you are releasing"
required: true
type: string
jobs:
deploy:
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
environment:
name: ${{ inputs.environment }}
url: https://console.${{ inputs.environment == 'prod' && '' || format('{0}.', inputs.environment) }}website.com
env:
ARTIFACT_FILENAME: website-console-${{ matrix.angular-build }}-${{ inputs.release-tag }}.tgz
strategy:
matrix:
environment:
- ${{ inputs.environment }}
include:
- environment: dev
s3-bucket: website-dev-console
cloudfront-distribution: 10101010101010
angular-build: dev
- environment: smoke
s3-bucket: website-smoke-console
cloudfront-distribution: 10101010101011
angular-build: prod
- environment: prod
s3-bucket: website-prod-console
cloudfront-distribution: 10101010101012
angular-build: prod
steps:
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials#v1
with:
role-to-assume: arn:aws:iam::123412341234:role/github-oidc-console
aws-region: us-west-2
- uses: robinraju/release-downloader#v1.6
with:
tag: ${{ inputs.release-tag }}
fileName: ${{ env.ARTIFACT_FILENAME }}
- run: tar -xzf ${{ env.ARTIFACT_FILENAME }}
- run: aws s3 sync dist s3://${{ matrix.s3-bucket }} --quiet
- run: aws cloudfront create-invalidation --distribution-id ${{ matrix.cloudfront-distribution }} --paths '/*'
My goal is that when the workflow is called, there is one-and-only-one job spawned. I want some map of configuration that is first-class yaml rather than using an additional step in the job to define it. It doesn't need to be written in matrix form, but that's what I thought would work, although this iteration has the workflow spawning 3 jobs, one for each environment.
Related
In our github repository, we have a github action that calls a reusable workflow in an environment.
name: Pull Request Merged
concurrency:
group: ${{ github.ref }}
on:
pull_request:
types: [closed]
jobs:
deploy_to_stage:
if: |
github.event.pull_request.merged == true &&
contains(github.event.pull_request.labels.*.name, 'Stage')
name: Deploy to Stage
uses: ./.github/workflows/deploy.yml
with:
environment: Stage
secrets: inherit
The reusable workflow is roughly as follows:
name: deploy
on:
workflow_call:
secrets:
AWS_ACCESS_KEY_ID:
required: true
AWS_SECRET_ACCESS_KEY:
required: true
jobs:
deployment:
runs-on: ubuntu-latest
steps:
[...]
How can I access the value of the environment name (here: "Stage") in a step of the reusable workflow?
It's not possible to get this value from the workflow context.
A workaround could be adding an environment input in the reusable workflow receiving the value:
name: deploy
on:
workflow_call:
inputs:
environment:
required: true
secrets:
AWS_ACCESS_KEY_ID:
required: true
AWS_SECRET_ACCESS_KEY:
required: true
Then, you could access the input value from anywhere in the reusable workflow by using ${{ inputs.environment }}.
You could use environment secrets to store the stage name within that deployment environment, then access the environment variable within your script (eg bash script) or as a component of the action ${{ env.DAY_OF_WEEK == 'Monday' }} (ref)
I am using a reusable workflow, and the calling workflow does not report a failure if the reused workflow fails.
If I were to call the workflow directly, a failure would occur and get reported which is the expected behaviour.
What needs to be done to be able to report a failure in the workflow?
Calling Workflow
name: Deploy to dev
on:
push:
branches:
- 'main'
permissions:
id-token: write
contents: read
pull-requests: write
jobs:
call-workflow-passing-data:
uses: ./.github/workflows/deploy-to-env.yml
with:
environment: dev
secrets: inherit
continue-on-error: false
Reused Workflow
name: Deploy to Environment
on:
workflow_call:
inputs:
environment:
required: true
type: string
permissions:
id-token: write
contents: read
pull-requests: write
jobs:
validate:
runs-on:
- my-custom-runner
name: Apply Terraform
environment:
name: ${{ inputs.environment }}
env:
TF_VAR_environment: dev
steps:
- name: Checkout this repo
uses: actions/checkout#v3
- uses: actions/setup-node#v3
with:
node-version: 14
- uses: hashicorp/setup-terraform#v2
with:
terraform_version: 1.2.3
- name: Terraform fmt
id: fmt
run: terraform fmt -check
continue-on-error: false
- name: Terraform Init
id: init
run: terraform -chdir=terraform/src init
- name: Terraform Plan
id: plan
run: terraform plan
continue-on-error: false
- name: Terraform Apply
id: apply
run: terraform apply
continue-on-error: false
- name: Terraform outputs
id: outputs
run: terraform output -json
continue-on-error: true
I would like to use custom environment variables related to specific environment based on environment selection from dropdown during deployment. How to get the custom variables related to specific environment from environment variable section. Any suggestions on how this can be achieved.
name: Adios CD pipeline.
on:
workflow_dispatch:
inputs:
ENVIRONMENT:
type: choice
description: 'Select the Environment to deploy'
required: true
options:
- dev
- qa
- uat
- load
- prod
default: 'dev'
env:
Dev:
AWS_REGION: "us-east-1"
STAGE: "${{ github.event.inputs.ENVIRONMENT }}"
SYSTEM: "ADIOSAPP"
QA:
AWS_REGION: "us-east-1"
STAGE: "${{ github.event.inputs.ENVIRONMENT }}"
SYSTEM: "ADIOSAPP"
jobs:
build:
name: "Deploying ${{ github.ref_name }} branch to ${{ github.event.inputs.ENVIRONMENT }} environment"
runs-on: ubuntu-latest
environment: ${{ github.event.inputs.ENVIRONMENT }}
steps:
- name: Checkout
uses: actions/checkout#v3
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials#v1
with:
aws-region: ${{ env.AWS_REGION }}
As you already know mapping is not allowed at this place, byt you could use fromJson to mimic this:
on:
workflow_dispatch:
inputs:
ENVIRONMENT:
type: choice
description: 'Select the Environment to deploy'
required: true
options:
- dev
- qa
- uat
- load
- prod
default: 'dev'
env:
AWS_REGION: ${{ fromJSON('{"dev":"us-east-1","qa":"us-east-1"}')[github.event.inputs.ENVIRONMENT] }}
STAGE: "${{ github.event.inputs.ENVIRONMENT }}"
SYSTEM: ${{ fromJSON('{"dev":"ADIOSAPP","qa":"ADIOSAPP"}')[github.event.inputs.ENVIRONMENT] }}
jobs:
build:
name: "Deploying ${{ github.ref_name }} branch to ${{ github.event.inputs.ENVIRONMENT }} environment"
runs-on: ubuntu-latest
#environment: ${{ github.event.inputs.ENVIRONMENT }}
steps:
- name: Checkout
uses: actions/checkout#v3
- name: Print env
run: echo "${{ env.AWS_REGION }}"
I think you can also use secrets in different environments.
Hi everyone, I am building Github actions workflow to use master and develop branches.
I know that i can check out branch by reusing actions like below, but how do i actually pass variable form the manual workflow_dispatch dropdown?
uses: actions/checkout#v2
with:
ref: develop
Since workflows can be created only in default branch, the only workaround is to create trigger workflow that is reusing core workflow and passing branch as parameter.
UPDATE
Here is the code for master (production) branch
name: Trigger ECR deploy
on:
release:
types: [published]
workflow_dispatch:
jobs:
deploy-terraform:
uses: <reusable-workflow-path>
with:
AWS_REGION: "ap-south-1"
ECR_REPOSITORY: "repo-name-here"
BRANCH: "master"
secrets:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
This is another file for staging env
name: Trigger ECR deploy
on:
release:
types: [published]
workflow_dispatch:
jobs:
deploy-terraform:
uses: <reusable-workflow-url>
with:
AWS_REGION: "ap-south-1"
ECR_REPOSITORY: "repo-name-here"
BRANCH: "develop"
ENVIRONMENT: "staging"
secrets:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
Both these files are in master branch at the moment. I recreated staging file in develop branch (i kept the name of the file the same). However, when i go to trigger workflow i still get this error as seen on screenshot. The parameters that I pass to reusable workflow is like a workaround.
Can you confirm that your workflow files are in .github/workflows/<workflow.yml>?
Also, to answer your original question about being presented with variable inputs in the GUI, you will need to define the variables within the on.workflow_dispactch section (https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#workflow_dispatch):
name: Trigger ECR deploy
on:
release:
types: [published]
workflow_dispatch:
inputs:
AWS_REGION:
description: 'AWS Region to deploy in'
required: true
default: 'ap-south-1'
type: choice
options:
- ap-south-1
- ap-south-2
- ....
ECR_REPO:
description: 'ECR repository'
required: true
type: string
BRANCH:
description: 'Branch to use'
required: true
default: 'master'
type: choice
options:
- master
- develop
jobs:
deploy-terraform:
uses: <reusable-workflow-path>
with:
AWS_REGION: ${{ inputs.AWS_REGION }}
ECR_REPOSITORY: ${{ inputs.ECR_REPO }}
BRANCH: ${{ inputs.BRANCH }}
secrets:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
This issue has been resolved a while ago. As Sir GuiFalourd mentioned in the comments, files indeed should be in both branches to be accessible. I cannot say exactly why that didn't work, but I realized that to allow workflows in staging and prod branches to function properly and don't cause overwrite on merge (unless we ignore it), I needed to create a universal workflow that allows conditional run.
You can use the following to check.
official docs - workflow_dispatch
on:
workflow_dispatch:
inputs:
logLevel:
description: 'Log level'
required: true
default: 'warning'
type: choice
options:
- info
- warning
- debug
tags:
description: 'Test scenario tags'
required: false
type: boolean
environment:
description: 'Environment to run tests against'
type: environment
required: true
jobs:
log-the-inputs:
runs-on: ubuntu-latest
steps:
- run: |
echo "Log level: $LEVEL"
echo "Tags: $TAGS"
echo "Environment: $ENVIRONMENT"
env:
LEVEL: ${{ inputs.logLevel }}
TAGS: ${{ inputs.tags }}
ENVIRONMENT: ${{ inputs.environment }}
[![enter image description here][2]][2]
on:
push:
branches:
- soubhagya
name: Deploy to Amazon ECS
jobs:
deploy:
name: Deploy
runs-on: ubuntu-latest
environment: production
steps:
- name: Checkout
uses: actions/checkout#v2
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials#v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: af-south-1
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login#v1
- name: Build, tag, and push image to Amazon ECR
id: build-image
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
ECR_REPOSITORY: new-cgafrica-backend
IMAGE_TAG: ${{ github.sha }}
run: |
# Build a docker container and
# push it to ECR so that it can
# be deployed to ECS.
docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
echo "::set-output name=image::$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG"
- name: Fill in the new image ID in the Amazon ECS task definition
id: cgafrica-new-backend-task
uses: aws-actions/amazon-ecs-render-task-definition#v1
with:
task-definition: task-definition.json
container-name: cgafrica-backend-container
image: ${{ steps.build-image.outputs.image }}
- name: Deploy Amazon ECS task definition
uses: aws-actions/amazon-ecs-deploy-task-definition#v1
with:
task-definition: ${{ steps.task-def.outputs.task-definition }}
service: cgafrica-backend-service
cluster: cgafrica-backend-cluster
wait-for-service-stability: true
Here is my yaml file code added. Please check
I have shared my task-definition.json and github actions pipeline progress.
But, I am getting some error Input required and not supplied: task-definition
Please let me know what is the issue here
The problem is in the last step - Deploy Amazon ECS task definition
The problematic part is ${{ steps.task-def.outputs.task-definition }} which doesn't refer to an existing step. There is not step with id task-def.
In order to work it should be: ${{ steps.cgafrica-new-backend-task.outputs.task-definition }}
- name: Deploy Amazon ECS task definition
uses: aws-actions/amazon-ecs-deploy-task-definition#v1
with:
task-definition: ${{ steps.cgafrica-new-backend-task.outputs.task-definition }}
service: cgafrica-backend-service
cluster: cgafrica-backend-cluster
wait-for-service-stability: true