Skip to content

feat: add task-role-arn and execution-role-arn inputs#475

Merged
s3cube merged 1 commit into
masterfrom
feat/task-execution-role-arns
Jun 3, 2026
Merged

feat: add task-role-arn and execution-role-arn inputs#475
s3cube merged 1 commit into
masterfrom
feat/task-execution-role-arns

Conversation

@s3cube

@s3cube s3cube commented Jun 2, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Summary

  • Adds task-role-arn and execution-role-arn optional inputs to dynamically set taskRoleArn and executionRoleArn on the rendered task definition
  • Includes ARN format validation (regex) supporting all AWS partitions: aws, aws-cn, aws-us-gov, aws-iso, aws-iso-b, aws-iso-e, aws-iso-f
  • Sets role ARNs at the task definition level (not container level), matching the ECS API schema

Closes #378, closes #183

Motivation

Users need to pass IAM role ARNs via GitHub Secrets rather than hardcoding them in task definition JSON files (security concern raised in #183). This also addresses the review feedback on PR #372 which requested ARN validation.

Test plan

  • Existing tests updated with new mock positions for the two additional getInput calls
  • New tests: task role ARN only, execution role ARN only, both together
  • New tests: role ARN with path prefix (/path/to/role)
  • New tests: aws-cn partition ARN
  • New tests: invalid ARN format (garbage string, wrong service, short account ID)
  • Verify npm test passes locally
  • Verify npm run package rebuilds dist/ cleanly

@mskrip @DMEvanCT
feat: add task-role-arn and execution-role-arn inputs
532ba07 
Allow users to dynamically set taskRoleArn and executionRoleArn on the
task definition via action inputs, so role ARNs don't need to be
hardcoded in the task definition JSON file.

Includes ARN format validation supporting all AWS partitions
(aws, aws-cn, aws-us-gov, aws-iso, aws-iso-b, aws-iso-e, aws-iso-f).

Closes #378, closes #183

Co-authored-by: Marián Skrip <17459600+mskrip@users.noreply.github.com>
Co-authored-by: Evan <26677092+DMEvanCT@users.noreply.github.com>
@s3cube s3cube force-pushed the feat/task-execution-role-arns branch from 56e81f0 to 532ba07 Compare June 2, 2026 01:17
@s3cube s3cube requested a review from omkhegde June 2, 2026 13:55
@s3cube s3cube merged commit 20c4259 into master Jun 3, 2026
7 checks passed
@s3cube s3cube deleted the feat/task-execution-role-arns branch June 3, 2026 14:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@amazreech amazreech amazreech approved these changes

@omkhegde omkhegde Awaiting requested review from omkhegde

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Feature request, fill field taskRoleArn, executionRoleArn add inputs executionRoleArn and taskRoleArn

2 participants

@s3cube @amazreech