iBotPeaches
commented
1 year ago Thanks for the find.
Let me think how we can detect this easier and bail out.
Closed fleaz closed 1 year ago
iBotPeaches
commented
1 year ago Thanks for the find.
Let me think how we can detect this easier and bail out.
Vacoris
commented
1 year ago @iBotPeaches the result is coming from https://github.com/sourcetoad/aws-codedeploy-action/blob/e5249612679ffe2b8e0e6b4c078a43e27e671fd9/deploy.sh#L121 as it requests the list-deployments. We could wrap the command in a conditional that if an error occurs we bail out.
Something like:
if ! aws deploy list-deployments \
--application-name "$INPUT_CODEDEPLOY_NAME" \
--deployment-group-name "$INPUT_CODEDEPLOY_GROUP" \
--include-only-statuses "Queued" "InProgress" | jq -r '.deployments'; then
exit 1;
fi
When "ListDeployments" is missing from the IAM permissions of the assumed role, the action doesn't handle the received error and thinks a deployment is currently running and enters the "wait 15s and try again" loop.