shahradr / action-taskcat Goto Github PK
View Code? Open in Web Editor NEWGitHub Action to run taskcat against CloudFormation templates
License: MIT License
action-taskcat's People
Contributors
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot]")
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "github-actions[bot]")
Stargazers
Watchers
action-taskcat's Issues
tasckat action always exits with error code 0
As part of #5, taskcat output was piped to cat to disable reprint's multi-line output functionality, by tricking it into believing that it wasn't printing to a terminal. The resulting command is:
taskcat test run | cat
However, because cat is the last command in the pipeline, it always exits with return code 0, and taskcat failures are masked.
Update the taskcat version to 0.9.23 from current 0.9.19
Hello @ShahradR,
Hope you're doing well! I've been trying to set this up, taskcat action with one of my CF repositories. And, thank you for the easy setup. However, there's a potential cfn-lint issue that I'm currently facing with the existing taskcat version this repo deploys. i.e. 0.9.19
There's a CFN resource in my template:
NodeGroup: Type: AWS::EKS::Nodegroup Properties: AmiType: AL2_x86_64 CapacityType: !Ref NodeInstanceCapacity ClusterName: !Sub ${EKSControlPlane}
Where version 0.9.19 fails 'CapacityType: !Ref NodeInstanceCapacity' as a Resource Not Found.
`version 0.9.19
[WARN ] : A newer version of taskcat is available (0.9.23)
[INFO ] : To upgrade pip version [ pip install --upgrade taskcat]
[INFO ] : To upgrade docker version [ docker pull taskcat/taskcat ]`
[ERROR ] : line 200 [3002] [Resource properties are valid] Invalid Property Resources/NodeGroup/Properties/CapacityType
Perhaps relates to aws/aws-cdk#12154
And, I initially set up the taskcat workflow on local as well as on CodePipeline using 0.9.23 and my taskcat test do pass and deploy.
Based on this:
https://github.com/aws-quickstart/quickstart-taskcat-ci
Is there a way we could update the taskcat version. Although the Dockerfile has the latest pull, not sure if it's updated though.
Any assistance is much appreciated
Thanks,
Arnab
Cannot find the dist/index.js file when the action is invoked from another repository
When the action-taskcat GitHub Action is invoked from another repository in release v1.1.1, the following error message is returned to the user:
docker: Error response from daemon: OCI runtime create failed: container_linux.go:370: starting container process caused: exec: "dist/index.js": stat dist/index.js: no such file or directory: unknown.
time="2020-12-05T19:05:01Z" level=error msg="error waiting for container: context canceled"
Get the action ready to be published to the GitHub Marketplace
When validating the GitHub Action to see if it's ready to be published to the Marketplace, several checks have failed.
Specifically,
- The name
taskcatis already used by an organization (https://github.com/taskcat) - The description cannot exceed 125 characters
- The
action.yamlfile doesn't specify branding
act does not render reprint terminal output
Cannot create new AWS accounts using Landing Zone
Using an AWS Contol Tower-managed Landing Zone solution, we are not able to create new accounts using the quick account provisioning wizard.
Specifically, when the page is loaded, we are immediately returned with the following error.
If we try completing the form and creating the account anyway, an additional error message is returned.
Cannot add problem matchers when running workflows using act
When running Jest tests using nektos/act, the setup-python action fails while configuring problem matchers.
This issue does not occur when running the action using GitHub-hosted runners—looking at the integration tests, the setup-python script completes successfully.
Option to disable lint check or Skip certain rules during lint check
We are using this private resource to create and manage EKS controlplane.
Now while running our github actions it is getting failed at lint check step due to this. I have attached screenshot for your reference.
Can we have a option to either disable lint check or just skip certain rules during linting, like we have in other linting tools where we can add rules to skip in configuration file or directly in templates as comments
Thanks
ERROR: unsatisfiable constraints error thrown when building the Docker container
When executing the GitHub Action, the container build process fails with ERROR: unsatisfiable constraints, as shown in the screenshot below:
Action should fail when no parameters are passed
When the commands parameter is omitted, taskcat shows the command-line help, but returns with exit code 0. The workflow, believing that all tests have passed, starts the release pipeline.
The GitHub Action should catch scenarios where taskcat's help is outputted, and return a non-zero exit code.
Configure Dependabot to prefix GitHub Action update pull requests with "ci"
Because this project is configured to use semantic versioning, pull requests opened by Dependabot to update the version for GitHub Actions used in the CI workflow create new releases when merged, since they start with "fix".
Dependabot should be configured to open Action-related pull requests using the "ci" prefix instead, preventing new releases from being created when no new functionality is added to the application, while using a more appropriate scope.
Protect AWS account IDs exposed by taskcat logs
taskcat includes the account ID in its output and logs. While the account ID is not as sensitive as a password or an access key, and is even shared when configuring cross-account access, an attacker can use that information to identify and exploit vulnerable IAM resources, as outlined in this Rhino Security Labs blog post.
Exposing an account ID could make it unsuitable for use in open-source projects, where the pipeline's output, including the would be made available to anyone on the internet.
This issue is to determine a methodology for creating AWS accounts for taskcat's end-to-end tests, whereas the build pipeline would run using GitHub Actions, but while limiting the attack surface.
Initial taskcat GitHub Action MVP
Implement a minimum viable product, where the GitHub Action can run taskcat and deploy an AWS CloudFormation template to AWS.
Specifically, the features required in the MVP would be:
- Get the taskcat prompt when running the GitHub action
- Read the
.taskcat.ymlfile, located at the root of the repository - Allow access to the
AWS_ACCESS_KEY_IDandAWS_SECRET_ACCESS_KEY - Deploy a CloudFormation template to AWS
Directly use the taskcat/taskcat Docker container
Eliminate the need for a local Dockerfile—we can directly use the taskcat/taskcat:latest container image on Docker Hub. Custom scripts can be executed without the need to define a Dockerfile by using the pre-entrypoint and post-entrypoint.
Mock AWS endpoints to simulate taskcat outputs without an AWS account
To test the GitHub Action, we need to ensure that the action properly responds to taskcat's different outputs.
Because taskcat is a black box, we need to modify its dependencies and force it down different paths, and produce the outputs we need to test. AWS itself is its main dependency, and largely controls taskcat's behaviors and outputs.
This issue is to investigate a method of mocking those calls, and controlling taskcat's output without using an actual AWS account.
--minimal-output for non test run
If I'm trying to use taskcat for anything other than "test run", it will fail because the --minimal-output is not recognized. For example, I'm currently using the "lint" command and I get:
Installing collected packages: cfn-lint
Attempting uninstall: cfn-lint
Found existing installation: cfn-lint 0.35.0
Uninstalling cfn-lint-0.35.0:
Successfully uninstalled cfn-lint-0.35.0
Successfully installed cfn-lint-0.45.0
WARNING: You are using pip version 20.2.2; however, version 21.0.1 is available.
You should consider upgrading via the '/usr/local/bin/python -m pip install --upgrade pip' command.
_ _ _
| |_ __ _ ___| | _____ __ _| |_
| __/ _` / __| |/ / __/ _` | __|
| || (_| \__ \ < (_| (_| | |_
\__\__,_|___/_|\_\___\__,_|\__|
version 0.9.23
usage: taskcat [args] <command> [args] [subcommand] [args]
taskcat: error: unrecognized arguments: --minimal-output
https://github.com/ShahradR/action-taskcat/blob/main/entrypoint.sh#L11
Publish and maintain major version references (v1, v2, etc.) for this action
To help keep consumers up-to-date with this action without constant workflow updates, GitHub recommends publishing a reference to the major version, and keeping it up-to-date with minor updates and patches. For example, if version v1.2.3 is published, workflows referencing the action using @v1 should automatically run against that latest release.
See "Using release management for actions" on GitHub Docs for more details.
Github Taskcat action is failing with nodejs dependency issue.
Hi @ShahradR , github taskcat action ShahradR/action-taskcat is failing with nodejs dependency error. This was working fine untill lastweek and started throwing issues from today. Please find the below failure logs.
Step 2/6 : RUN apk add --no-cache nodejs~=12 npm~=12 && rm -rf /var/cache/apk/*
---> Running in 806e412203fa
fetch https://dl-cdn.alpinelinux.org/alpine/v3.15/main/x86_64/APKINDEX.tar.gz
fetch https://dl-cdn.alpinelinux.org/alpine/v3.15/community/x86_64/APKINDEX.tar.gz
ERROR: unable to select packages:
nodejs-current-17.9.0-r0:
breaks: world[nodejs12]12]
satisfies: npm-8.1.3-r0[cmd:node]
npm-8.1.3-r0:
breaks: world[npm
The command '/bin/sh -c apk add --no-cache nodejs~=12 npm~=12 && rm -rf /var/cache/apk/*' returned a non-zero code: 2
Warning: Docker build failed with exit code 2, back off 8.801 seconds before retry.
/usr/bin/docker build -t 2bcf09:4a4711ea98244f109ccac686acafef2b -f "/home/runner/work/_actions/ShahradR/action-taskcat/v2.0.0/Dockerfile" "/home/runner/work/_actions/ShahradR/action-taskcat/v2.0.0"
Sending build context to Docker daemon 1.107MB
Step 1/6 : FROM taskcat/taskcat:latest
---> e8b42812b7ca
Step 2/6 : RUN apk add --no-cache nodejs~=12 npm~=12 && rm -rf /var/cache/apk/*
---> Running in d5b3db10547c
fetch https://dl-cdn.alpinelinux.org/alpine/v3.15/main/x86_64/APKINDEX.tar.gz
fetch https://dl-cdn.alpinelinux.org/alpine/v3.15/community/x86_64/APKINDEX.tar.gz
ERROR: unable to select packages:
nodejs-current-17.9.0-r0:
breaks: world[nodejs12]12]
satisfies: npm-8.1.3-r0[cmd:node]
npm-8.1.3-r0:
breaks: world[npm
The command '/bin/sh -c apk add --no-cache nodejs~=12 npm~=12 && rm -rf /var/cache/apk/*' returned a non-zero code: 2
Warning: Docker build failed with exit code 2, back off 2.588 seconds before retry.
/usr/bin/docker build -t 2bcf09:4a4711ea98244f109ccac686acafef2b -f "/home/runner/work/_actions/ShahradR/action-taskcat/v2.0.0/Dockerfile" "/home/runner/work/_actions/ShahradR/action-taskcat/v2.0.0"
Sending build context to Docker daemon 1.107MB
Step 1/6 : FROM taskcat/taskcat:latest
---> e8b42812b7ca
Step 2/6 : RUN apk add --no-cache nodejs~=12 npm~=12 && rm -rf /var/cache/apk/*
---> Running in 4169df0786f6
fetch https://dl-cdn.alpinelinux.org/alpine/v3.15/main/x86_64/APKINDEX.tar.gz
fetch https://dl-cdn.alpinelinux.org/alpine/v3.15/community/x86_64/APKINDEX.tar.gz
ERROR: unable to select packages:
nodejs-current-17.9.0-r0:
breaks: world[nodejs12]12]
satisfies: npm-8.1.3-r0[cmd:node]
npm-8.1.3-r0:
breaks: world[npm
The command '/bin/sh -c apk add --no-cache nodejs~=12 npm~=12 && rm -rf /var/cache/apk/*' returned a non-zero code: 2
Error: Docker build failed with exit code 2
README file lists action input as `command` instead of `commands`
The README file lists the GitHub Action input as command instead of commands (plural). People who would reference the documentation to build their GitHub workflows would run into issues.
Line 49 in e0980da
Add code scanning support to the project
Add code scanning support to the project to help identify security vulnerabilities and errors in the project's code. This is done by setting up a new workflow that runs CodeQL against source code in the repository.
Switch to TypeScript/JavaScript to better integrate with GitHub APIs
To better interface with the GitHub libraries, we can switch to JavaScript/TypeScript and leverage @actions/core, @actions/github, and other libraries in the GitHub Actions Toolkit.
This would mean re-writing the shell scripts used as the entrypoint to the taskcat Docker container, and migrate the Java integration tests to TypeScript, using the new language as a basis for all future development.
GitHub Actions run fails with `'taskcat/taskcat:latest' should be either '[path]/Dockerfile' or 'docker://image[:tag]'`
When running the taskcat GitHub Action, the workflow returns the following error.
Current runner version: '2.165.2'
Prepare workflow directory
Prepare all required actions
Download action repository 'ShahradR/action-taskcat@27f8287c36fcdfc8e98920c2f1fcb1de3c6a3f8e'
##[error]'taskcat/taskcat:latest' should be either '[path]/Dockerfile' or 'docker://image[:tag]'.
Full logs can be found here.
Update the README to point contributors to the aws-quickstart/taskcat repo for non-Action related issues
Following the advice posted in aws-ia/taskcat#586, the README file should be updated to direct users reporting issues specific to taskcat (as opposed to the GitHub Action hosted in this repo) to the aws-quickstart/taskcat repository.
Cannot build docker image because of a PyYAML issue.
Looks like the docker build is broken because of a PyYAML issue.
I have cloned the project and when i run docker build . I get the following.
➜ docker build .
Sending build context to Docker daemon 3.072kB
Step 1/5 : FROM python:3.8.13-alpine3.15
---> 4f8aa9cb1a05
Step 2/5 : RUN apk add --no-cache python3-dev~3.9 gcc~10 libc-dev~0.7 nodejs~16 npm~8 && rm -rf /var/cache/apk/*
---> Using cache
---> ee3a1e3e1455
Step 3/5 : RUN pip3 install --upgrade pip
---> Using cache
---> b53ed27bdc04
Step 4/5 : RUN pip3 install taskcat==0.9.40
---> Running in 7a1e8ce3586f
Collecting taskcat==0.9.40
Downloading taskcat-0.9.40.tar.gz (124 kB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 124.8/124.8 kB 1.7 MB/s eta 0:00:00
Installing build dependencies: started
Installing build dependencies: finished with status 'done'
Getting requirements to build wheel: started
Getting requirements to build wheel: finished with status 'done'
Preparing metadata (pyproject.toml): started
Preparing metadata (pyproject.toml): finished with status 'done'
Collecting pathspec==0.10.3 (from taskcat==0.9.40)
Downloading pathspec-0.10.3-py3-none-any.whl (29 kB)
Collecting reprint (from taskcat==0.9.40)
Downloading reprint-0.6.0-py2.py3-none-any.whl (6.0 kB)
Collecting tabulate<1.0,>=0.8.2 (from taskcat==0.9.40)
Downloading tabulate-0.9.0-py3-none-any.whl (35 kB)
Collecting cfn-lint<1.0,>=0.72.0 (from taskcat==0.9.40)
Downloading cfn_lint-0.83.0-py3-none-any.whl.metadata (16 kB)
Requirement already satisfied: setuptools>=40.4.3 in /usr/local/lib/python3.8/site-packages (from taskcat==0.9.40) (57.5.0)
Collecting boto3<2.0,>=1.9.21 (from taskcat==0.9.40)
Downloading boto3-1.28.68-py3-none-any.whl.metadata (6.7 kB)
Collecting botocore<2.0,>=1.12.21 (from taskcat==0.9.40)
Downloading botocore-1.31.68-py3-none-any.whl.metadata (6.1 kB)
Collecting yattag<2.0,>=1.10.0 (from taskcat==0.9.40)
Downloading yattag-1.15.1.tar.gz (28 kB)
Preparing metadata (setup.py): started
Preparing metadata (setup.py): finished with status 'done'
Collecting PyYAML~=5.1 (from taskcat==0.9.40)
Downloading PyYAML-5.4.1.tar.gz (175 kB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 175.1/175.1 kB 2.1 MB/s eta 0:00:00
Installing build dependencies: started
Installing build dependencies: finished with status 'done'
Getting requirements to build wheel: started
Getting requirements to build wheel: finished with status 'error'
error: subprocess-exited-with-error
× Getting requirements to build wheel did not run successfully.
│ exit code: 1
╰─> [62 lines of output]
running egg_info
writing lib3/PyYAML.egg-info/PKG-INFO
writing dependency_links to lib3/PyYAML.egg-info/dependency_links.txt
writing top-level names to lib3/PyYAML.egg-info/top_level.txt
/tmp/pip-build-env-7mupscpq/overlay/lib/python3.8/site-packages/setuptools/config/setupcfg.py:293: _DeprecatedConfig: Deprecated config in `setup.cfg`
!!
********************************************************************************
The license_file parameter is deprecated, use license_files instead.
By 2023-Oct-30, you need to update your project and remove deprecated calls
or your builds will no longer be supported.
See https://setuptools.pypa.io/en/latest/userguide/declarative_config.html for details.
********************************************************************************
!!
parsed = self.parsers.get(option_name, lambda x: x)(value)
Traceback (most recent call last):
File "/usr/local/lib/python3.8/site-packages/pip/_vendor/pyproject_hooks/_in_process/_in_process.py", line 353, in <module>
main()
File "/usr/local/lib/python3.8/site-packages/pip/_vendor/pyproject_hooks/_in_process/_in_process.py", line 335, in main
json_out['return_val'] = hook(**hook_input['kwargs'])
File "/usr/local/lib/python3.8/site-packages/pip/_vendor/pyproject_hooks/_in_process/_in_process.py", line 118, in get_requires_for_build_wheel
return hook(config_settings)
File "/tmp/pip-build-env-7mupscpq/overlay/lib/python3.8/site-packages/setuptools/build_meta.py", line 355, in get_requires_for_build_wheel
return self._get_build_requires(config_settings, requirements=['wheel'])
File "/tmp/pip-build-env-7mupscpq/overlay/lib/python3.8/site-packages/setuptools/build_meta.py", line 325, in _get_build_requires
self.run_setup()
File "/tmp/pip-build-env-7mupscpq/overlay/lib/python3.8/site-packages/setuptools/build_meta.py", line 341, in run_setup
exec(code, locals())
File "<string>", line 271, in <module>
File "/tmp/pip-build-env-7mupscpq/overlay/lib/python3.8/site-packages/setuptools/__init__.py", line 103, in setup
return distutils.core.setup(**attrs)
File "/tmp/pip-build-env-7mupscpq/overlay/lib/python3.8/site-packages/setuptools/_distutils/core.py", line 185, in setup
return run_commands(dist)
File "/tmp/pip-build-env-7mupscpq/overlay/lib/python3.8/site-packages/setuptools/_distutils/core.py", line 201, in run_commands
dist.run_commands()
File "/tmp/pip-build-env-7mupscpq/overlay/lib/python3.8/site-packages/setuptools/_distutils/dist.py", line 969, in run_commands
self.run_command(cmd)
File "/tmp/pip-build-env-7mupscpq/overlay/lib/python3.8/site-packages/setuptools/dist.py", line 989, in run_command
super().run_command(command)
File "/tmp/pip-build-env-7mupscpq/overlay/lib/python3.8/site-packages/setuptools/_distutils/dist.py", line 988, in run_command
cmd_obj.run()
File "/tmp/pip-build-env-7mupscpq/overlay/lib/python3.8/site-packages/setuptools/command/egg_info.py", line 318, in run
self.find_sources()
File "/tmp/pip-build-env-7mupscpq/overlay/lib/python3.8/site-packages/setuptools/command/egg_info.py", line 326, in find_sources
mm.run()
File "/tmp/pip-build-env-7mupscpq/overlay/lib/python3.8/site-packages/setuptools/command/egg_info.py", line 548, in run
self.add_defaults()
File "/tmp/pip-build-env-7mupscpq/overlay/lib/python3.8/site-packages/setuptools/command/egg_info.py", line 586, in add_defaults
sdist.add_defaults(self)
File "/tmp/pip-build-env-7mupscpq/overlay/lib/python3.8/site-packages/setuptools/command/sdist.py", line 113, in add_defaults
super().add_defaults()
File "/tmp/pip-build-env-7mupscpq/overlay/lib/python3.8/site-packages/setuptools/_distutils/command/sdist.py", line 251, in add_defaults
self._add_defaults_ext()
File "/tmp/pip-build-env-7mupscpq/overlay/lib/python3.8/site-packages/setuptools/_distutils/command/sdist.py", line 336, in _add_defaults_ext
self.filelist.extend(build_ext.get_source_files())
File "<string>", line 201, in get_source_files
File "/tmp/pip-build-env-7mupscpq/overlay/lib/python3.8/site-packages/setuptools/_distutils/cmd.py", line 107, in __getattr__
raise AttributeError(attr)
AttributeError: cython_sources
[end of output]
note: This error originates from a subprocess, and is likely not a problem with pip.
error: subprocess-exited-with-error
× Getting requirements to build wheel did not run successfully.
│ exit code: 1
╰─> See above for output.
note: This error originates from a subprocess, and is likely not a problem with pip.
The command '/bin/sh -c pip3 install taskcat==0.9.40' returned a non-zero code: 1
I have forked the repo and this can be fixed with the following update to the Dockerfile:
FROM python:3.8.13-alpine3.15
RUN apk add --no-cache python3-dev~3.9 gcc~10 libc-dev~0.7 nodejs~16 npm~8 && rm -rf /var/cache/apk/*
RUN pip3 install --upgrade pip && \
pip3 install "Cython<3.0" "pyyaml<6" --no-build-isolation && \
pip3 install taskcat==0.9.23 --upgrade
COPY entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh
COPY dist/index.js /dist/index.js
ENTRYPOINT ["/entrypoint.sh"]
It does look as if the latest version of taskcat will support PyYAML~=6.0 which also fixes the issue, However it hasn't been published yet.
Create README.md for project
Update the project's README file with:
- A detailed description of what the action does
- Required input and output arguments
- Optional input and output arguments
- Secrets the action uses
- Environment variables the action uses
- An example of how to use your action in a workflow
See the Creating Actions page on GitHub Help for more details.
"ValueError cannot find suitable AWS partition" returned when running taskcat from Docker
When running taskcat from within a Docker container, the following error message is returned:
System.ArgumentException is thrown when running the action on GitHub hosted runners
When running the action on GitHub-hosted runners, the following exceptions is thrown:
System.ArgumentException: Unexpected type 'SequenceToken' encountered while reading 'entrypoint'. The type 'StringToken' was expected.
This is because the action.yaml file provides a sequence of commands as the entrypoint, rather than a single string.
action.yaml file
Lines 24 to 27 in e0980da
Exception thrown by GitHub hosted runner
README file contains broken links to the taskcat repository
Links in the README.md file are created using reference-style links—all links to the taskcat repository are referenced using the [taskcat] label.
However, because the underlying URL is missing the https:// prefix, GitHub considers the link as a relative path, and points users to https://github.com/ShahradR/action-taskcat/blob/main/github.com/aws-quickstart/taskcat, instead of https://github.com/aws-quickstart/taskcat.
Docker image used by act is too large for GitHub Action runners
When running act tests, we use the nektos/act-environments-ubuntu:18.04 Docker image to simulate the real GitHub runners as closely as possible. Unfortunately, when running the test as part of the Actions workflow, we are constrained by the storage space available to the runner – the Docker image is about 18 GB, but the runners only have 14 GB of storage space available. Pulling the container uses up all the free space, causing the run to fail.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.