Skip to content
/ action-taskcat Public
forked from ShahradR/action-taskcat

GitHub Action to run taskcat against CloudFormation templates

License

MIT license
0 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

cormac-yobota/action-taskcat

Use this GitHub action with your project
Add this Action to an existing workflow or create a new one
View on Marketplace
BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

446 Commits
.github
.github
 
 
__tests__
__tests__
 
 
dist
dist
 
 
docs
docs
 
 
e2e/resources
e2e/resources
 
 
src
src
 
 
vale
vale
 
 
.actrc
.actrc
 
 
.babelrc
.babelrc
 
 
.eslintrc.yaml
.eslintrc.yaml
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
.pre-commit-config.yaml
.pre-commit-config.yaml
 
 
.prettierignore
.prettierignore
 
 
.prettierrc.yaml
.prettierrc.yaml
 
 
.releaserc.yaml
.releaserc.yaml
 
 
.vale.ini
.vale.ini
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
action.yaml
action.yaml
 
 
commitlint.config.js
commitlint.config.js
 
 
entrypoint.sh
entrypoint.sh
 
 
gilt.yml
gilt.yml
 
 
jest.config.js
jest.config.js
 
 
lgtm.yml
lgtm.yml
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 
sonar-project.properties
sonar-project.properties
 
 
tsconfig.json
tsconfig.json
 
 

Repository files navigation

NOTE: This is a fork of ShahradR/action-taskcat as there's an issue with the docker build.

action-taskcat

Tests pre-commit semantic-release Quality Gate Status

The unofficial GitHub Action to run taskcat tests and validate your AWS CloudFormation templates by deploying them in different AWS regions and availability zones!

Looking for the official taskcat project? Check out the aws-quickstart/taskcat repository! This repository covers issues and work relating specifically to the GitHub Action running taskcat.

Usage

To use this action, configure your workflow and repository to ensure that:

  1. A .taskcat.yml file is present in the project's root directory
  2. The aws-actions/configure-aws-credentials action is used to configure the environment variables
    • This official AWS action configures your credentials and makes them available to subsequent tasks
    • This action also masks the AWS account ID in the job output, which can help mitigate certain security issues (see Managing credentials below)
  3. The ShahradR/action-taskcat action is called to run taskcat
    • The command input includes the taskcat command to run, including a call to the application itself. To see a full list of commands made available by taskcat, run taskcat --help
    • (Optional) The update_taskcat and update_cfn_lint input parameters can be optionally defined. If they're set to true, the action will update taskcat and cfn-lint before running your tests, respectively. Otherwise, the versions made available in the taskcat/taskcat:latest Docker container will be used instead
  4. (Optional) The actions/upload-artifact action is used to output the taskcat_outputs files as artifacts
    • The account ID mask doesn't apply to the taskcat_outputs logs—there is a potential risk of exposing the AWS account IDs if they're used by (see Managing credentials below).

Example: Running taskcat test run

In this scenario, is ran taskcat test run against the CloudFormation templates. The YAML file below should be saved in the .github/workflow/ directory in (the YAML file itself can be given any name).

The update_taskcat and update_cfn_lint input parameters are also defined, making sure that the action uses the latest releases for the two utilities before running the tests.

The repository is also configured with two secrets—the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY are used by the aws-actions/configure-aws-credentials action to authenticate against AWS, and make that information available to this action.

See ShahradR/s3-logging for an example of how this action can be used to test the deployment of a CloudFormation template that creates an S3 bucket.

name: Integration tests

on: [push, pull_request]

jobs:
  taskcat:
    name: Run taskcat tests
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - uses: actions/setup-python@v2
      - name: Configure AWS Credentials
        uses: aws-actions/configure-aws-credentials@v1
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          aws-region: ca-central-1
      - name: Run taskcat test run
        uses: ShahradR/action-taskcat@v1
        with:
          commands: test run
          update_taskcat: true
          update_cfn_lint: true

Managing credentials

The configure-aws-credentials action is used to manage AWS credentials—this official action from Amazon allows for many different ways to configure and manage AWS authentication. The action also masks the account ID from the GitHub action outputs, preventing security issues like the potential for IAM account enumeration, as outlined by this Rhino Security Labs blog post.

The mask is applied to all subsequent actions, eliminating the need for this action to apply logic to obfuscate the account ID in the logs.

That being said, the mask isn't applied to the taskcat_outputs logs. While taskcat doesn't write the account ID into the logs, if a CloudFormation resource references the account ID and that information is outputed during a stack event, the account ID will be printed in clear-text. This will be managed in a future release of this action, but if you expect to run CloudFormation templates which may result in the AWS account ID being printed in the taskcat_outputs logs, consider not using the create-artifact action, or calling a task which will find and replace the account ID.

If you believe your outputs are safe to publish, you can store the taskcat_outputs directory as an artifact using the following task:

- uses: actions/upload-artifact@v2
  if: ${{ always() }}
  with:
    name: taskcat_outputs
    path: ${{ github.workspace }}/taskcat_outputs/

About

GitHub Action to run taskcat against CloudFormation templates

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 1

v0.1.0 Latest
Oct 23, 2023

Packages

No packages published

Languages

  • TypeScript 93.7%
  • JavaScript 5.7%
  • Other 0.6%