Amazon App Mesh Virtual Node Action for GitHub Actions

Creates an Amazon App Mesh Virtual Node

Table of Contents

• Amazon App Mesh Virtual Node Action for GitHub Actions
• Usage
  • Creating the resource
  • Deleting the resource
• Credentials and Region
• Permissions
• Troubleshooting

Usage

Creating the resource

- name: App Mesh Virtual Node
  uses: scribd/amazon-appmesh-virtual-node-action@v1
  with:
    name: my-virtual-node
    mesh-name: my-mesh-name
    spec: |
      {
        "httpRoute": {
          "action": {
              "weightedTargets": [
                  {
                      "virtualNode": "my-virtual-node",
                      "weight": 1
                  }
              ]
          },
          "match": {
              "prefix": "/"
          }
        }
      }
    tags: |
      [
        {
          "key": "tags-must",
          "value": "be-passed-in-as-a-json-string"
        },
        {
          "key": "this-is-because",
          "value": "GitHub Actions translates these values into Environment Variables"
        }
      ]

Deleting the resource

Deleting the resource requires name, mesh-name, and action to be specified as delete. mesh-owner may be supplied if required. Any additional parameters will be ignored.

- name: App Mesh Virtual Node
  uses: scribd/amazon-appmesh-virtual-node-action@v1
  with:
    name: my-virtual-node
    mesh-name: my-mesh-name
    action: delete

See action.yml for the full documentation for this action's inputs and outputs.

Credentials and Region

This action relies on the default behavior of the AWS SDK for Javascript to determine AWS credentials and region. Use the aws-actions/configure-aws-credentials action to configure the GitHub Actions environment with environment variables containing AWS credentials and your desired region.

We recommend following Amazon IAM best practices for the AWS credentials used in GitHub Actions workflows, including:

• Do not store credentials in your repository's code. You may use GitHub Actions secrets to store credentials and redact credentials from GitHub Actions workflow logs.
• Create an individual IAM user with an access key for use in GitHub Actions workflows, preferably one per repository. Do not use the AWS account root user access key.
• Grant least privilege to the credentials used in GitHub Actions workflows. Grant only the permissions required to perform the actions in your GitHub Actions workflows. See the Permissions section below for the permissions required by this action.
• Rotate the credentials used in GitHub Actions workflows regularly.
• Monitor the activity of the credentials used in GitHub Actions workflows.

Permissions

This action requires the following minimum set of permissions:

{
  "Version":"2012-10-17",
  "Statement":[
    {
      "Sid":"DeployNode",
      "Effect":"Allow",
      "Action":[
        "appmesh:DescribeVirtualNode",
        "appmesh:DeleteGatewayRoute",
        "appmesh:CreateVirtualNode"
      ],
      "Resource":[
        "arn:aws:appmesh:us-east-1:1234567890:mesh/my-mesh-name/virtualNode/my-virtual-node"
      ]
    }
  ]
}

Troubleshooting

This action emits debug logs to help troubleshoot deployment failures. To see the debug logs, create a secret named ACTIONS_STEP_DEBUG with value true in your repository.

To run this action from your workstation, you should supply your environment variables with the env command, since BASH will (correctly) refuse to set environment variables with dashes in them.

If submitting an issue, please include output styled after the following example, it'll help greatly! Don't forget to redact any sensitive data from your submission.

See this example:

env 'ACTIONS_STEP_DEBUG=true' "GITHUB_WORKSPACE=$(pwd)" 'AWS_REGION=us-east-1' 'INPUT_SPEC={"a": "b", "c": [{"d": "e"}]}' 'INPUT_MESH-NAME=example-mesh' 'INPUT_NAME=my-service' 'INPUT_TAGS=[{"Key": "hello", "Value": "world"}]' node  index.js

Development

Releases are cut using semantic-release.

Please write commit messages following Angular commit guidelines