shahradr / action-taskcat Goto Github PK
View Code? Open in Web Editor NEWGitHub Action to run taskcat against CloudFormation templates
License: MIT License
GitHub Action to run taskcat against CloudFormation templates
License: MIT License
As part of #5, taskcat output was piped to cat
to disable reprint's multi-line output functionality, by tricking it into believing that it wasn't printing to a terminal. The resulting command is:
taskcat test run | cat
However, because cat
is the last command in the pipeline, it always exits with return code 0, and taskcat failures are masked.
Hello @ShahradR,
Hope you're doing well! I've been trying to set this up, taskcat action with one of my CF repositories. And, thank you for the easy setup. However, there's a potential cfn-lint issue that I'm currently facing with the existing taskcat version this repo deploys. i.e. 0.9.19
There's a CFN resource in my template:
NodeGroup: Type: AWS::EKS::Nodegroup Properties: AmiType: AL2_x86_64 CapacityType: !Ref NodeInstanceCapacity ClusterName: !Sub ${EKSControlPlane}
Where version 0.9.19 fails 'CapacityType: !Ref NodeInstanceCapacity' as a Resource Not Found.
`version 0.9.19
[WARN ] : A newer version of taskcat is available (0.9.23)
[INFO ] : To upgrade pip version [ pip install --upgrade taskcat]
[INFO ] : To upgrade docker version [ docker pull taskcat/taskcat ]`
[ERROR ] : line 200 [3002] [Resource properties are valid] Invalid Property Resources/NodeGroup/Properties/CapacityType
Perhaps relates to aws/aws-cdk#12154
And, I initially set up the taskcat workflow on local as well as on CodePipeline using 0.9.23 and my taskcat test do pass and deploy.
Based on this:
https://github.com/aws-quickstart/quickstart-taskcat-ci
Is there a way we could update the taskcat version. Although the Dockerfile has the latest pull, not sure if it's updated though.
Any assistance is much appreciated
Thanks,
Arnab
When the action-taskcat GitHub Action is invoked from another repository in release v1.1.1, the following error message is returned to the user:
docker: Error response from daemon: OCI runtime create failed: container_linux.go:370: starting container process caused: exec: "dist/index.js": stat dist/index.js: no such file or directory: unknown.
time="2020-12-05T19:05:01Z" level=error msg="error waiting for container: context canceled"
When validating the GitHub Action to see if it's ready to be published to the Marketplace, several checks have failed.
Specifically,
taskcat
is already used by an organization (https://github.com/taskcat)action.yaml
file doesn't specify brandingUsing an AWS Contol Tower-managed Landing Zone solution, we are not able to create new accounts using the quick account provisioning wizard.
Specifically, when the page is loaded, we are immediately returned with the following error.
If we try completing the form and creating the account anyway, an additional error message is returned.
When running Jest tests using nektos/act, the setup-python
action fails while configuring problem matchers.
This issue does not occur when running the action using GitHub-hosted runners—looking at the integration tests, the setup-python
script completes successfully.
We are using this private resource to create and manage EKS controlplane.
Now while running our github actions it is getting failed at lint check step due to this. I have attached screenshot for your reference.
Can we have a option to either disable lint check or just skip certain rules during linting, like we have in other linting tools where we can add rules to skip in configuration file or directly in templates as comments
Thanks
When the commands
parameter is omitted, taskcat shows the command-line help, but returns with exit code 0
. The workflow, believing that all tests have passed, starts the release pipeline.
The GitHub Action should catch scenarios where taskcat's help is outputted, and return a non-zero exit code.
Because this project is configured to use semantic versioning, pull requests opened by Dependabot to update the version for GitHub Actions used in the CI workflow create new releases when merged, since they start with "fix".
Dependabot should be configured to open Action-related pull requests using the "ci" prefix instead, preventing new releases from being created when no new functionality is added to the application, while using a more appropriate scope.
taskcat includes the account ID in its output and logs. While the account ID is not as sensitive as a password or an access key, and is even shared when configuring cross-account access, an attacker can use that information to identify and exploit vulnerable IAM resources, as outlined in this Rhino Security Labs blog post.
Exposing an account ID could make it unsuitable for use in open-source projects, where the pipeline's output, including the would be made available to anyone on the internet.
This issue is to determine a methodology for creating AWS accounts for taskcat's end-to-end tests, whereas the build pipeline would run using GitHub Actions, but while limiting the attack surface.
Implement a minimum viable product, where the GitHub Action can run taskcat and deploy an AWS CloudFormation template to AWS.
Specifically, the features required in the MVP would be:
.taskcat.yml
file, located at the root of the repositoryAWS_ACCESS_KEY_ID
and AWS_SECRET_ACCESS_KEY
Eliminate the need for a local Dockerfile—we can directly use the taskcat/taskcat:latest
container image on Docker Hub. Custom scripts can be executed without the need to define a Dockerfile
by using the pre-entrypoint
and post-entrypoint
.
To test the GitHub Action, we need to ensure that the action properly responds to taskcat's different outputs.
Because taskcat is a black box, we need to modify its dependencies and force it down different paths, and produce the outputs we need to test. AWS itself is its main dependency, and largely controls taskcat's behaviors and outputs.
This issue is to investigate a method of mocking those calls, and controlling taskcat's output without using an actual AWS account.
If I'm trying to use taskcat for anything other than "test run", it will fail because the --minimal-output is not recognized. For example, I'm currently using the "lint" command and I get:
Installing collected packages: cfn-lint
Attempting uninstall: cfn-lint
Found existing installation: cfn-lint 0.35.0
Uninstalling cfn-lint-0.35.0:
Successfully uninstalled cfn-lint-0.35.0
Successfully installed cfn-lint-0.45.0
WARNING: You are using pip version 20.2.2; however, version 21.0.1 is available.
You should consider upgrading via the '/usr/local/bin/python -m pip install --upgrade pip' command.
_ _ _
| |_ __ _ ___| | _____ __ _| |_
| __/ _` / __| |/ / __/ _` | __|
| || (_| \__ \ < (_| (_| | |_
\__\__,_|___/_|\_\___\__,_|\__|
version 0.9.23
usage: taskcat [args] <command> [args] [subcommand] [args]
taskcat: error: unrecognized arguments: --minimal-output
https://github.com/ShahradR/action-taskcat/blob/main/entrypoint.sh#L11
To help keep consumers up-to-date with this action without constant workflow updates, GitHub recommends publishing a reference to the major version, and keeping it up-to-date with minor updates and patches. For example, if version v1.2.3
is published, workflows referencing the action using @v1
should automatically run against that latest release.
See "Using release management for actions" on GitHub Docs for more details.
Hi @ShahradR , github taskcat action ShahradR/action-taskcat is failing with nodejs dependency error. This was working fine untill lastweek and started throwing issues from today. Please find the below failure logs.
Step 2/6 : RUN apk add --no-cache nodejs~=12 npm~=12 && rm -rf /var/cache/apk/*
---> Running in 806e412203fa
fetch https://dl-cdn.alpinelinux.org/alpine/v3.15/main/x86_64/APKINDEX.tar.gz
fetch https://dl-cdn.alpinelinux.org/alpine/v3.15/community/x86_64/APKINDEX.tar.gz
ERROR: unable to select packages:
nodejs-current-17.9.0-r0:
breaks: world[nodejs12]12]
satisfies: npm-8.1.3-r0[cmd:node]
npm-8.1.3-r0:
breaks: world[npm
The command '/bin/sh -c apk add --no-cache nodejs~=12 npm~=12 && rm -rf /var/cache/apk/*' returned a non-zero code: 2
Warning: Docker build failed with exit code 2, back off 8.801 seconds before retry.
/usr/bin/docker build -t 2bcf09:4a4711ea98244f109ccac686acafef2b -f "/home/runner/work/_actions/ShahradR/action-taskcat/v2.0.0/Dockerfile" "/home/runner/work/_actions/ShahradR/action-taskcat/v2.0.0"
Sending build context to Docker daemon 1.107MB
Step 1/6 : FROM taskcat/taskcat:latest
---> e8b42812b7ca
Step 2/6 : RUN apk add --no-cache nodejs~=12 npm~=12 && rm -rf /var/cache/apk/*
---> Running in d5b3db10547c
fetch https://dl-cdn.alpinelinux.org/alpine/v3.15/main/x86_64/APKINDEX.tar.gz
fetch https://dl-cdn.alpinelinux.org/alpine/v3.15/community/x86_64/APKINDEX.tar.gz
ERROR: unable to select packages:
nodejs-current-17.9.0-r0:
breaks: world[nodejs12]12]
satisfies: npm-8.1.3-r0[cmd:node]
npm-8.1.3-r0:
breaks: world[npm
The command '/bin/sh -c apk add --no-cache nodejs~=12 npm~=12 && rm -rf /var/cache/apk/*' returned a non-zero code: 2
Warning: Docker build failed with exit code 2, back off 2.588 seconds before retry.
/usr/bin/docker build -t 2bcf09:4a4711ea98244f109ccac686acafef2b -f "/home/runner/work/_actions/ShahradR/action-taskcat/v2.0.0/Dockerfile" "/home/runner/work/_actions/ShahradR/action-taskcat/v2.0.0"
Sending build context to Docker daemon 1.107MB
Step 1/6 : FROM taskcat/taskcat:latest
---> e8b42812b7ca
Step 2/6 : RUN apk add --no-cache nodejs~=12 npm~=12 && rm -rf /var/cache/apk/*
---> Running in 4169df0786f6
fetch https://dl-cdn.alpinelinux.org/alpine/v3.15/main/x86_64/APKINDEX.tar.gz
fetch https://dl-cdn.alpinelinux.org/alpine/v3.15/community/x86_64/APKINDEX.tar.gz
ERROR: unable to select packages:
nodejs-current-17.9.0-r0:
breaks: world[nodejs12]12]
satisfies: npm-8.1.3-r0[cmd:node]
npm-8.1.3-r0:
breaks: world[npm
The command '/bin/sh -c apk add --no-cache nodejs~=12 npm~=12 && rm -rf /var/cache/apk/*' returned a non-zero code: 2
Error: Docker build failed with exit code 2
The README file lists the GitHub Action input as command
instead of commands
(plural). People who would reference the documentation to build their GitHub workflows would run into issues.
Line 49 in e0980da
Add code scanning support to the project to help identify security vulnerabilities and errors in the project's code. This is done by setting up a new workflow that runs CodeQL against source code in the repository.
To better interface with the GitHub libraries, we can switch to JavaScript/TypeScript and leverage @actions/core
, @actions/github
, and other libraries in the GitHub Actions Toolkit.
This would mean re-writing the shell scripts used as the entrypoint to the taskcat Docker container, and migrate the Java integration tests to TypeScript, using the new language as a basis for all future development.
When running the taskcat GitHub Action, the workflow returns the following error.
Current runner version: '2.165.2'
Prepare workflow directory
Prepare all required actions
Download action repository 'ShahradR/action-taskcat@27f8287c36fcdfc8e98920c2f1fcb1de3c6a3f8e'
##[error]'taskcat/taskcat:latest' should be either '[path]/Dockerfile' or 'docker://image[:tag]'.
Full logs can be found here.
Following the advice posted in aws-ia/taskcat#586, the README file should be updated to direct users reporting issues specific to taskcat (as opposed to the GitHub Action hosted in this repo) to the aws-quickstart/taskcat repository.
Looks like the docker build is broken because of a PyYAML issue.
I have cloned the project and when i run docker build .
I get the following.
➜ docker build .
Sending build context to Docker daemon 3.072kB
Step 1/5 : FROM python:3.8.13-alpine3.15
---> 4f8aa9cb1a05
Step 2/5 : RUN apk add --no-cache python3-dev~3.9 gcc~10 libc-dev~0.7 nodejs~16 npm~8 && rm -rf /var/cache/apk/*
---> Using cache
---> ee3a1e3e1455
Step 3/5 : RUN pip3 install --upgrade pip
---> Using cache
---> b53ed27bdc04
Step 4/5 : RUN pip3 install taskcat==0.9.40
---> Running in 7a1e8ce3586f
Collecting taskcat==0.9.40
Downloading taskcat-0.9.40.tar.gz (124 kB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 124.8/124.8 kB 1.7 MB/s eta 0:00:00
Installing build dependencies: started
Installing build dependencies: finished with status 'done'
Getting requirements to build wheel: started
Getting requirements to build wheel: finished with status 'done'
Preparing metadata (pyproject.toml): started
Preparing metadata (pyproject.toml): finished with status 'done'
Collecting pathspec==0.10.3 (from taskcat==0.9.40)
Downloading pathspec-0.10.3-py3-none-any.whl (29 kB)
Collecting reprint (from taskcat==0.9.40)
Downloading reprint-0.6.0-py2.py3-none-any.whl (6.0 kB)
Collecting tabulate<1.0,>=0.8.2 (from taskcat==0.9.40)
Downloading tabulate-0.9.0-py3-none-any.whl (35 kB)
Collecting cfn-lint<1.0,>=0.72.0 (from taskcat==0.9.40)
Downloading cfn_lint-0.83.0-py3-none-any.whl.metadata (16 kB)
Requirement already satisfied: setuptools>=40.4.3 in /usr/local/lib/python3.8/site-packages (from taskcat==0.9.40) (57.5.0)
Collecting boto3<2.0,>=1.9.21 (from taskcat==0.9.40)
Downloading boto3-1.28.68-py3-none-any.whl.metadata (6.7 kB)
Collecting botocore<2.0,>=1.12.21 (from taskcat==0.9.40)
Downloading botocore-1.31.68-py3-none-any.whl.metadata (6.1 kB)
Collecting yattag<2.0,>=1.10.0 (from taskcat==0.9.40)
Downloading yattag-1.15.1.tar.gz (28 kB)
Preparing metadata (setup.py): started
Preparing metadata (setup.py): finished with status 'done'
Collecting PyYAML~=5.1 (from taskcat==0.9.40)
Downloading PyYAML-5.4.1.tar.gz (175 kB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 175.1/175.1 kB 2.1 MB/s eta 0:00:00
Installing build dependencies: started
Installing build dependencies: finished with status 'done'
Getting requirements to build wheel: started
Getting requirements to build wheel: finished with status 'error'
error: subprocess-exited-with-error
× Getting requirements to build wheel did not run successfully.
│ exit code: 1
╰─> [62 lines of output]
running egg_info
writing lib3/PyYAML.egg-info/PKG-INFO
writing dependency_links to lib3/PyYAML.egg-info/dependency_links.txt
writing top-level names to lib3/PyYAML.egg-info/top_level.txt
/tmp/pip-build-env-7mupscpq/overlay/lib/python3.8/site-packages/setuptools/config/setupcfg.py:293: _DeprecatedConfig: Deprecated config in `setup.cfg`
!!
********************************************************************************
The license_file parameter is deprecated, use license_files instead.
By 2023-Oct-30, you need to update your project and remove deprecated calls
or your builds will no longer be supported.
See https://setuptools.pypa.io/en/latest/userguide/declarative_config.html for details.
********************************************************************************
!!
parsed = self.parsers.get(option_name, lambda x: x)(value)
Traceback (most recent call last):
File "/usr/local/lib/python3.8/site-packages/pip/_vendor/pyproject_hooks/_in_process/_in_process.py", line 353, in <module>
main()
File "/usr/local/lib/python3.8/site-packages/pip/_vendor/pyproject_hooks/_in_process/_in_process.py", line 335, in main
json_out['return_val'] = hook(**hook_input['kwargs'])
File "/usr/local/lib/python3.8/site-packages/pip/_vendor/pyproject_hooks/_in_process/_in_process.py", line 118, in get_requires_for_build_wheel
return hook(config_settings)
File "/tmp/pip-build-env-7mupscpq/overlay/lib/python3.8/site-packages/setuptools/build_meta.py", line 355, in get_requires_for_build_wheel
return self._get_build_requires(config_settings, requirements=['wheel'])
File "/tmp/pip-build-env-7mupscpq/overlay/lib/python3.8/site-packages/setuptools/build_meta.py", line 325, in _get_build_requires
self.run_setup()
File "/tmp/pip-build-env-7mupscpq/overlay/lib/python3.8/site-packages/setuptools/build_meta.py", line 341, in run_setup
exec(code, locals())
File "<string>", line 271, in <module>
File "/tmp/pip-build-env-7mupscpq/overlay/lib/python3.8/site-packages/setuptools/__init__.py", line 103, in setup
return distutils.core.setup(**attrs)
File "/tmp/pip-build-env-7mupscpq/overlay/lib/python3.8/site-packages/setuptools/_distutils/core.py", line 185, in setup
return run_commands(dist)
File "/tmp/pip-build-env-7mupscpq/overlay/lib/python3.8/site-packages/setuptools/_distutils/core.py", line 201, in run_commands
dist.run_commands()
File "/tmp/pip-build-env-7mupscpq/overlay/lib/python3.8/site-packages/setuptools/_distutils/dist.py", line 969, in run_commands
self.run_command(cmd)
File "/tmp/pip-build-env-7mupscpq/overlay/lib/python3.8/site-packages/setuptools/dist.py", line 989, in run_command
super().run_command(command)
File "/tmp/pip-build-env-7mupscpq/overlay/lib/python3.8/site-packages/setuptools/_distutils/dist.py", line 988, in run_command
cmd_obj.run()
File "/tmp/pip-build-env-7mupscpq/overlay/lib/python3.8/site-packages/setuptools/command/egg_info.py", line 318, in run
self.find_sources()
File "/tmp/pip-build-env-7mupscpq/overlay/lib/python3.8/site-packages/setuptools/command/egg_info.py", line 326, in find_sources
mm.run()
File "/tmp/pip-build-env-7mupscpq/overlay/lib/python3.8/site-packages/setuptools/command/egg_info.py", line 548, in run
self.add_defaults()
File "/tmp/pip-build-env-7mupscpq/overlay/lib/python3.8/site-packages/setuptools/command/egg_info.py", line 586, in add_defaults
sdist.add_defaults(self)
File "/tmp/pip-build-env-7mupscpq/overlay/lib/python3.8/site-packages/setuptools/command/sdist.py", line 113, in add_defaults
super().add_defaults()
File "/tmp/pip-build-env-7mupscpq/overlay/lib/python3.8/site-packages/setuptools/_distutils/command/sdist.py", line 251, in add_defaults
self._add_defaults_ext()
File "/tmp/pip-build-env-7mupscpq/overlay/lib/python3.8/site-packages/setuptools/_distutils/command/sdist.py", line 336, in _add_defaults_ext
self.filelist.extend(build_ext.get_source_files())
File "<string>", line 201, in get_source_files
File "/tmp/pip-build-env-7mupscpq/overlay/lib/python3.8/site-packages/setuptools/_distutils/cmd.py", line 107, in __getattr__
raise AttributeError(attr)
AttributeError: cython_sources
[end of output]
note: This error originates from a subprocess, and is likely not a problem with pip.
error: subprocess-exited-with-error
× Getting requirements to build wheel did not run successfully.
│ exit code: 1
╰─> See above for output.
note: This error originates from a subprocess, and is likely not a problem with pip.
The command '/bin/sh -c pip3 install taskcat==0.9.40' returned a non-zero code: 1
I have forked the repo and this can be fixed with the following update to the Dockerfile:
FROM python:3.8.13-alpine3.15
RUN apk add --no-cache python3-dev~3.9 gcc~10 libc-dev~0.7 nodejs~16 npm~8 && rm -rf /var/cache/apk/*
RUN pip3 install --upgrade pip && \
pip3 install "Cython<3.0" "pyyaml<6" --no-build-isolation && \
pip3 install taskcat==0.9.23 --upgrade
COPY entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh
COPY dist/index.js /dist/index.js
ENTRYPOINT ["/entrypoint.sh"]
It does look as if the latest version of taskcat will support PyYAML~=6.0
which also fixes the issue, However it hasn't been published yet.
Update the project's README file with:
See the Creating Actions page on GitHub Help for more details.
When running the action on GitHub-hosted runners, the following exceptions is thrown:
System.ArgumentException: Unexpected type 'SequenceToken' encountered while reading 'entrypoint'. The type 'StringToken' was expected.
This is because the action.yaml
file provides a sequence of commands as the entrypoint, rather than a single string.
action.yaml
fileLines 24 to 27 in e0980da
Links in the README.md
file are created using reference-style links—all links to the taskcat repository are referenced using the [taskcat]
label.
However, because the underlying URL is missing the https://
prefix, GitHub considers the link as a relative path, and points users to https://github.com/ShahradR/action-taskcat/blob/main/github.com/aws-quickstart/taskcat
, instead of https://github.com/aws-quickstart/taskcat
.
When running act
tests, we use the nektos/act-environments-ubuntu:18.04 Docker image to simulate the real GitHub runners as closely as possible. Unfortunately, when running the test as part of the Actions workflow, we are constrained by the storage space available to the runner – the Docker image is about 18 GB, but the runners only have 14 GB of storage space available. Pulling the container uses up all the free space, causing the run to fail.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.