https://github.com/awslabs/amazon-app-runner-deploy
Registers an AWS AppRunner Service and deploys the application using the source code of a given GitHub repository. Supports both source code and Docker image based service
Science Score: 13.0%
This score indicates how likely this project is to be science-related based on various indicators:
-
○CITATION.cff file
-
✓codemeta.json file
Found codemeta.json file -
○.zenodo.json file
-
○DOI references
-
○Academic publication links
-
○Committers with academic emails
-
○Institutional organization owner
-
○JOSS paper metadata
-
○Scientific vocabulary similarity
Low similarity (11.6%) to scientific vocabulary
Keywords
Keywords from Contributors
Repository
Registers an AWS AppRunner Service and deploys the application using the source code of a given GitHub repository. Supports both source code and Docker image based service
Basic Info
Statistics
- Stars: 54
- Watchers: 7
- Forks: 36
- Open Issues: 15
- Releases: 0
Topics
Metadata Files
README.md
Amazon "App Runner Service Deploy" action for GitHub Actions
Registers an AWS App Runner Service and deploys the application using the source code of a given GitHub repository. Supports both source code and Docker image based service.
Table of Contents
- V2 changes
- Usage
- Credentials and Region
- Permissions
- Troubleshooting
- License Summary
- Security Disclosures
V2 Changes
This action's codebase has been refactored to support future growth as well as to simplify to processes of adding new capabilities.
Refer to the Changelog for the change history.
Usage
This github action supports two types of App Runner services: source code based and docker image based.
See action.yml for the full documentation for this action's inputs and outputs.
Code based service
Source code is application code that App Runner builds and deploys for you. You point App Runner to a source code repository and choose a suitable runtime. App Runner builds an image that's based on the base image of the runtime and your application code. It then starts a service that runs a container based on this image.
Note: The list of supported runtime platforms is available here.
Here is the sample for deploying a NodeJS based service:
```yaml name: Deploy to App Runner on: push: branches: [main] # Trigger workflow on git push to main branch workflow_dispatch: # Allow manual invocation of the workflow
jobs:
deploy:
runs-on: ubuntu-latest
# These permissions are needed to interact with GitHub's OIDC Token endpoint.
permissions:
id-token: write
contents: read
steps:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1-node16
with:
# Use GitHub OIDC provider
role-to-assume: ${{ secrets.AWS_ASSUME_ROLE_ARN }}
aws-region: ${{ secrets.AWS_REGION }}
- name: Deploy to App Runner
id: deploy-apprunner
uses: awslabs/amazon-app-runner-deploy@main
env:
SERVER_PORT: 80
SECRET_ENV: secret_env
with:
service: app-runner-git-deploy-service
source-connection-arn: ${{ secrets.AWS_CONNECTION_SOURCE_ARN }}
repo: https://github.com/${{ github.repository }}
branch: ${{ github.ref }}
runtime: NODEJS_16
build-command: npm install
start-command: npm start
port: 18000
region: ${{ secrets.AWS_REGION }}
cpu : 1
memory : 2
# Deprecated: wait-for-service-stability: true
# The new way to control service stability timeout
wait-for-service-stability-seconds: 600
copy-env-vars: |
SERVER_PORT
copy-secret-env-vars: |
SECRET_ENV
instance-role-arn: ${{ secrets.INSTANCE_ROLE_ARN }}
tags: >
{ "env": "test" }
- name: App Runner URL
run: echo "App runner URL ${{ steps.deploy-apprunner.outputs.service-url }}"
```
Note:
- AWSCONNECTIONSOURCE_ARN is the ARN of the source code connector in AWS App Runner, for more details refer to this documentation
Image based service
Here, a source image (that could be a public or private container image stored in an image repository) can get used by App Runner to get the service running on a container. No build stage is necessary. Rather, you provide a ready-to-deploy image.
Here is the sample for deploying a App Runner service based on docker image:
```yaml name: Deploy to App Runner on: push: branches: [main] # Trigger workflow on git push to main branch workflow_dispatch: # Allow manual invocation of the workflow
jobs:
deploy:
runs-on: ubuntu-latest
# These permissions are needed to interact with GitHub's OIDC Token endpoint.
permissions:
id-token: write
contents: read
steps:
- name: Checkout
uses: actions/checkout@v2
with:
persist-credentials: false
- name: Configure AWS credentials
id: aws-credentials
uses: aws-actions/configure-aws-credentials@v1-node16
with:
# Use GitHub OIDC provider
role-to-assume: ${{ secrets.AWS_ASSUME_ROLE_ARN }}
aws-region: ${{ secrets.AWS_REGION }}
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1
- name: Build, tag, and push image to Amazon ECR
id: build-image
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
ECR_REPOSITORY: nodejs
IMAGE_TAG: ${{ github.sha }}
run: |
docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
echo "::set-output name=image::$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG"
- name: Deploy to App Runner Image
id: deploy-apprunner
uses: awslabs/amazon-app-runner-deploy@main
with:
service: app-runner-git-deploy-service
image: ${{ steps.build-image.outputs.image }}
access-role-arn: ${{ secrets.ROLE_ARN }}
region: ${{ secrets.AWS_REGION }}
cpu : 1
memory : 2
# Deprecated: wait-for-service-stability: true
# The new way to control service stability timeout
wait-for-service-stability-seconds: 1200
- name: App Runner URL
run: echo "App runner URL ${{ steps.deploy-apprunner.outputs.service-url }}"
```
Note:
- The above example uses github action, to build the docker image, push it to AWS ECR and use the same for App Runner deployment
- ROLE_ARN is the Amazon Resource Name (ARN) of the IAM role that grants the App Runner service access to a source repository. It's required for ECR image repositories (but not for ECR Public repositories)
Credentials and Region
This action relies on the default behavior of the AWS SDK for Javascript to determine AWS credentials and region.
Use the aws-actions/configure-aws-credentials action to configure the GitHub Actions environment with environment variables containing AWS credentials and your desired region.
We recommend using GitHub's OIDC provider to get short-lived credentials needed for your actions.
It is recommended to follow Amazon IAM best practices for the AWS credentials used in GitHub Actions workflows, including:
- Do not store credentials in your repository's code. You may use GitHub Actions secrets to store credentials and redact credentials from GitHub Actions workflow logs.
- Create an individual IAM user with an access key for use in GitHub Actions workflows, preferably one per repository. Do not use the AWS account root user access key.
- Grant least privilege to the credentials used in GitHub Actions workflows. Grant only the permissions required to perform the actions in your GitHub Actions workflows. See the Permissions section below for the permissions required by this action.
- Rotate the credentials used in GitHub Actions workflows regularly.
- Monitor the activity of the credentials used in GitHub Actions workflows.
Permissions
Generally this action requires the following minimum set of permissions:
json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"apprunner:ListServices",
"apprunner:CreateService",
"apprunner:UpdateService",
"apprunner:DescribeService",
"apprunner:TagResource",
"iam:PassRole"
],
"Resource": "*"
}
]
}
For Image based service this action requires additionally the following minimum set of permissions:
json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ecr:GetDownloadUrlForLayer",
"ecr:BatchGetImage",
"ecr:DescribeImages",
"ecr:GetAuthorizationToken",
"ecr:BatchCheckLayerAvailability"
],
"Resource": "*"
}
]
}
Troubleshooting
This action emits debug logs to help troubleshoot deployment failures. To see the debug logs, create a secret named ACTIONS_STEP_DEBUG with value true in your repository.
License Summary
This code is made available under the MIT-0 license, for details refer to LICENSE file.
Security Disclosures
If you would like to report a potential security issue in this project, please do not create a GitHub issue. Instead, please follow the instructions here or email AWS security directly.
Owner
- Name: Amazon Web Services - Labs
- Login: awslabs
- Kind: organization
- Location: Seattle, WA
- Website: http://amazon.com/aws/
- Repositories: 914
- Profile: https://github.com/awslabs
AWS Labs
GitHub Events
Total
- Issues event: 2
- Watch event: 4
- Issue comment event: 5
- Pull request review event: 3
- Pull request event: 3
- Fork event: 4
Last Year
- Issues event: 2
- Watch event: 4
- Issue comment event: 5
- Pull request review event: 3
- Pull request event: 3
- Fork event: 4
Committers
Last synced: almost 3 years ago
All Time
- Total Commits: 46
- Total Committers: 10
- Avg Commits per committer: 4.6
- Development Distribution Score (DDS): 0.543
Top Committers
| Name | Commits | |
|---|---|---|
| Dmitry Gulin | g****d@a****m | 21 |
| Hari Ohm Prasath | h****h@g****m | 9 |
| Dennis Kieselhorst | m****l@d****e | 5 |
| dependabot[bot] | 4****]@u****m | 3 |
| Mor Paz | 1****r@g****m | 2 |
| yu-yamanoi | 1****2@u****m | 2 |
| Amazon GitHub Automation | 5****o@u****m | 1 |
| Joey Hage | j****0@g****m | 1 |
| John Ritsema | j****a@y****m | 1 |
| Joey Hage | j****e@o****m | 1 |
Committer Domains (Top 20 + Academic)
Issues and Pull Requests
Last synced: 6 months ago
All Time
- Total issues: 25
- Total pull requests: 30
- Average time to close issues: 5 months
- Average time to close pull requests: 21 days
- Total issue authors: 20
- Total pull request authors: 13
- Average comments per issue: 1.4
- Average comments per pull request: 0.8
- Merged pull requests: 21
- Bot issues: 0
- Bot pull requests: 4
Past Year
- Issues: 2
- Pull requests: 2
- Average time to close issues: N/A
- Average time to close pull requests: N/A
- Issue authors: 2
- Pull request authors: 2
- Average comments per issue: 0.0
- Average comments per pull request: 0.0
- Merged pull requests: 0
- Bot issues: 0
- Bot pull requests: 1
Top Authors
Issue Authors
- yyamanoi1222 (3)
- pihish (2)
- PatrickGotthard (2)
- asimkt (1)
- erwinv (1)
- pjoshi-cs (1)
- ajay-bhargava (1)
- acomito (1)
- xenia-kra (1)
- kafji (1)
- kristoffertorstad (1)
- melanahammel (1)
- hossameldeen (1)
- luisgj (1)
- daniel-fulgido (1)
Pull Request Authors
- yyamanoi1222 (8)
- DmitryGulin (6)
- dependabot[bot] (4)
- odlp (2)
- PatrickGotthard (2)
- Suyama-Daichi (1)
- Haagy (1)
- jritsema (1)
- deki (1)
- valcarcexyz (1)
- kristoffertorstad (1)
- joeyhage (1)
- MPTG94 (1)
- alu (1)
Top Labels
Issue Labels
Pull Request Labels
Packages
- Total packages: 1
- Total downloads: unknown
- Total dependent packages: 0
- Total dependent repositories: 9
- Total versions: 7
github actions: awslabs/amazon-app-runner-deploy
Registers and deploys the application as App Runner service
- License: mit-0
-
Latest release: v2.5.2
published over 2 years ago
Rankings
Dependencies
- 501 dependencies
- @tsconfig/node12 ^1.0.9 development
- @types/jest ^27.0.2 development
- @typescript-eslint/eslint-plugin ^5.2.0 development
- @typescript-eslint/parser ^5.2.0 development
- esbuild ^0.13.9 development
- eslint ^8.1.0 development
- jest ^27.3.1 development
- ts-jest ^27.0.7 development
- ts-node ^10.4.0 development
- type-fest ^2.5.1 development
- typescript ^4.4.4 development
- @actions/core ^1.6.0
- @aws-sdk/client-apprunner ^3.39.0
- @aws-sdk/node-http-handler ^3.38.0
- yaml ^1.10.2
- dist/index.js node16 javascript