Require approval: never is broken

[stilren]

Hello and thanks for this action.

I am deploying a project with two stacks (probably not relevant) and I am getting the following

This deployment will make potentially sensitive changes according to your current security approval level (--require-approval broadening).
Please confirm you intend to make the following modifications:

and

 "--require-approval" is enabled and stack includes security-sensitive updates, but terminal (TTY) is not attached so we are unable to get a confirmation from the user

Here is the action:

    - name: Deploy backend
      uses: youyo/aws-cdk-github-actions@v1
      with:
        working_dir: "./backend" 
        cdk_subcommand: 'deploy'
        cdk_stack: '*'
        actions_comment: false
        args: '--require-approval never --outputs-file ../swedishclient/src/devoutputs.json'
      env:
        AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY }}
        AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET }}
        AWS_DEFAULT_REGION: 'eu-west-1'

[stilren]

I think we need to use a interactive session by passing the "-it" flag in the docker run command but I am not in a position to test this atm.

[RicoToothless]

I face the same issue, too.

[bastiankoetsier]

Same for us.

[tmaximini]

Anyone found a workaround? Like this it's not possible to deploy from GH actions...

[cmsd2]

workaround: change this:

cdk_subcommand: "deploy"
args: "--require-approval never"

to this: cdk_subcommand: "deploy --require-approval never"

this works because the subcommand parameter is not quoted in the entrypoint script so the shell will split it on spaces.

i think it indicates that the problem lies with passing in the "*" parameters to the script rather than with require-approval itself.

[g-farrow]

This can also be solved by setting the flag in your cdk.json file, for example: { "app": "python3 app.py", "requireApproval": "never", "context": {...} }

[davitcito]

workaround: change this:

cdk_subcommand: "deploy"
args: "--require-approval never"

to this: cdk_subcommand: "deploy --require-approval never"

this works because the subcommand parameter is not quoted in the entrypoint script so the shell will split it on spaces.

i think it indicates that the problem lies with passing in the "*" parameters to the script rather than with require-approval itself.

This works for me. Thanks!

[diogobaltazar]

Having the same issue with:

yes | cdk deploy
   --app "npx ts-node bin/stack.ts"
   --required-approval never
   --profile profile
   --context account=account
   --context region=region

• It doesn't help specifying the app in cdk.json (plus, I have multiple apps so they need to be specified in the cmd)
• It helps adding to cdk.json: "requireApproval": "never", but in the future I might not want this key enabled for all the apps...