Update for handling secret account number

0xPolygon · Apr 26, 2024 · 86b3f6f · 86b3f6f
1 parent d95ec00
commit 86b3f6f
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 5 deletions.
diff --git a/.github/workflows/ecs_deploy_docker_taskdef.yaml b/.github/workflows/ecs_deploy_docker_taskdef.yaml
@@ -57,7 +57,7 @@ jobs:
           sparse-checkout: |
             Support/      
           
-      - name: Checkout
+      - name: Checkout Code Repository
         uses: actions/checkout@v3
         with:
           fetch-depth: 0
@@ -86,14 +86,15 @@ jobs:
           pipenv install && \
           pipenv run python ${{ env.taskdef_file_script }} \
             -pf code/${{ inputs.taskdef_file_vars }} -tt ${{ env.taskdef_file_template }} \
-            $(if [[ "${{ secrets.account_number }}" ]]; then echo "-acc ${{ secrets.account_number }}"; fi) \
+            -acc ${{ secrets.account_number }} \
             -app ${{ inputs.app_name }}
+          echo "account_number_read=$(cat $script_dir/account_number.txt)" >> $GITHUB_ENV
 
       - name: Configure AWS credentials
         uses: aws-actions/configure-aws-credentials@v1
         with:
           aws-region: ${{ inputs.aws_region }}
-          role-to-assume: arn:aws:iam::${{ secrets.account_number }}:role/${{ inputs.app_name }}-GithubActionsRole
+          role-to-assume: arn:aws:iam::${{ env.account_number_read }}:role/${{ inputs.app_name }}-GithubActionsRole
           role-session-name: GithubActionsSession
 
       - name: Login to Amazon ECR

diff --git a/Support/taskdef_template/taskdef_creator.py b/Support/taskdef_template/taskdef_creator.py
@@ -154,7 +154,6 @@ def substitute_values(self):
             "memory",
             "cpu",
         ]
-        print("userdata: ", user_data, type(user_data), "account", user_data.get("account_number"), self.args.account_number)
         if "account_number" not in user_data:
             user_data["account_number"] = self.args.account_number
 
@@ -167,10 +166,15 @@ def substitute_values(self):
         for sub in expected_sub:            
             self._subtitute_data(user_data, sub)
 
+        # Write account number to a file
+        script_dir = os.path.dirname(os.path.realpath(__file__))
+        file_path = os.path.join(script_dir, "account_number.txt")
+        with open(file_path, "w") as file_obj:
+            file_obj.write(user_data["account_number"])
         return user_data["account_number"]
 
 
 if __name__ == "__main__":
     TASKDEF_CREATOR = TaskdefCreator()
     ACCOUNT_NUMBER = TASKDEF_CREATOR.substitute_values()
-    TASKDEF_CREATOR.create_taskdef_file(ACCOUNT_NUMBER)
+    TASKDEF_CREATOR.create_taskdef_file(ACCOUNT_NUMBER)