Jenkins shell build step environment variable task substitution for ECS, for use with Promptworks aws-secrets

readme.md

Really only valid if you're using https://github.com/promptworks/aws-secrets and Jenkins

For this to work, your task definition should have environment blocks like this:

"environment": "!!!ENV!!!"

handle_env.py

import sys, json
from subprocess import check_output

try:
    environment = sys.argv[1]
except:
    exit("Missing environment")

try:
    filename = sys.argv[2]
except:
    exit("Missing filename")

command = "aws-secrets-get {}".format(environment)
result = check_output(command, shell=True)
values = []
for r in result.decode('utf-8').split():
    tokens = r.split("=")
    temp = {"name": tokens[0], "value": tokens[1]}
    values.append(temp)

parsed_env = json.dumps(values)

in_memory_file = ""
with open(filename) as file:
    for line in file:
        in_memory_file += line.replace('"!!!ENV!!!"', parsed_env)

print(in_memory_file)

jenkins_build.sh

#!/usr/bin/env bash

SERVICE_NAME="YOURSERVICENAME"
TASK_FAMILY="dev"
CLUSTER="YOURCLUSTERARNHERE"

# Create a new task definition for this build
aws ecs register-task-definition --family ${TASK_FAMILY} --cli-input-json "$(python handle_env.py yourawssecretsname path/to/task/definition.json)"

# Update the service with the new task definition and desired count
TASK_REVISION=`aws ecs describe-task-definition --task-definition dev | egrep "revision" | tr "/" " " | awk '{print $2}' | sed 's/"$//'`

#we should have only one task
RUNNING_TASK_ARN=`aws ecs list-tasks --cluster ${CLUSTER} | egrep "^.*arn.*" | tr -d '"'`

aws ecs stop-task --cluster ${CLUSTER} --task ${RUNNING_TASK_ARN}

aws ecs update-service --cluster ${CLUSTER} --service ${SERVICE_NAME} --task-definition ${TASK_FAMILY}:${TASK_REVISION}