sourcetoad/aws-codedeploy-action

MIssing "ListDeployments" permission not handled correctly

fleaz opened this issue · 2 comments

fleaz commented

When "ListDeployments" is missing from the IAM permissions of the assumed role, the action doesn't handle the received error and thinks a deployment is currently running and enters the "wait 15s and try again" loop.

2022-11-18T15:38:32,311213841+01:00

iBotPeaches commented

Thanks for the find.

Let me think how we can detect this easier and bail out.

Vacoris commented

@iBotPeaches the result is coming from

aws-codedeploy-action/deploy.sh

Line 121 in e524961

function getActiveDeployments() {
as it requests the list-deployments. We could wrap the command in a conditional that if an error occurs we bail out.

Something like:

if ! aws deploy list-deployments \
        --application-name "$INPUT_CODEDEPLOY_NAME" \
        --deployment-group-name "$INPUT_CODEDEPLOY_GROUP" \
        --include-only-statuses "Queued" "InProgress" |  jq -r '.deployments'; then
        exit 1;
fi