Support for CodeDeploy deployments

Author: clareliguori

README.md

@@ -63,7 +63,7 @@ This action requires the following minimum set of permissions:
             "ecs:DescribeServices"
          ],
          "Resource":[
-            "arn:aws:ecs:region:<aws_account_id>:service/<cluster_name>/<service_name>"
+            "arn:aws:ecs:<region>:<aws_account_id>:service/<cluster_name>/<service_name>"
          ]
       }
    ]
@@ -72,6 +72,70 @@ This action requires the following minimum set of permissions:
 
 Note: the policy above assumes the account has opted in to the ECS long ARN format.
 
+## CodeDeploy Support
+
+For ECS services that uses the `CODE_DEPLOY` deployment controller, additional configuration is needed for this action:
+
+```yaml
+    - name: Deploy to Amazon ECS
+      uses: aws-actions/amazon-ecs-deploy-task-definition@v1
+      with:
+        task-definition: task-definition.json
+        service: my-service
+        cluster: my-cluster
+        wait-for-service-stability: true
+        codedeploy-appspec: appspec.json
+        codedeploy-application: my-codedeploy-application
+        codedeploy-deployment-group: my-codedeploy-deployment-group
+```
+
+The minimal permissions require access to CodeDeploy:
+
+```
+{
+   "Version":"2012-10-17",
+   "Statement":[
+      {
+         "Sid":"RegisterTaskDefinition",
+         "Effect":"Allow",
+         "Action":[
+            "ecs:RegisterTaskDefinition"
+         ],
+         "Resource":"*"
+      },
+      {
+         "Sid":"PassRolesInTaskDefinition",
+         "Effect":"Allow",
+         "Action":[
+            "iam:PassRole"
+         ],
+         "Resource":[
+            "arn:aws:iam::<aws_account_id>:role/<task_definition_task_role_name>",
+            "arn:aws:iam::<aws_account_id>:role/<task_definition_task_execution_role_name>"
+         ]
+      },
+      {
+         "Sid":"DeployService",
+         "Effect":"Allow",
+         "Action":[
+            "ecs:DescribeServices",
+            "codedeploy:GetDeploymentGroup",
+            "codedeploy:CreateDeployment",
+            "codedeploy:GetDeployment",
+            "codedeploy:GetDeploymentConfig",
+            "codedeploy:RegisterApplicationRevision"
+         ],
+         "Resource":[
+            "arn:aws:ecs:<region>:<aws_account_id>:service/<cluster_name>/<service_name>",
+            "arn:aws:codedeploy:<region>:<aws_account_id>:deploymentgroup:<application_name>/<deployment_group_name>",
+            "arn:aws:codedeploy:<region>:<aws_account_id>:deploymentconfig:*",
+            "arn:aws:codedeploy:<region>:<aws_account_id>:application:<application_name>"
+         ]
+      }
+   ]
+}
+```
+
 ## License Summary
 
 This code is made available under the MIT license.

action.yml

@@ -16,9 +16,20 @@ inputs:
   wait-for-service-stability:
     description: 'Whether to wait for the ECS service to reach stable state after deploying the new task definition. Valid value is "true". Will default to not waiting.'
     required: false
+  codedeploy-appspec:
+    description: "The path to the CodeDeploy AppSpec file, if the ECS service uses the CODE_DEPLOY deployment controller. Will default to 'appspec.yaml'."
+    required: false
+  codedeploy-application:
+    description: "The name of the CodeDeploy application, if the ECS service uses the CODE_DEPLOY deployment controller. Will default to 'AppECS-{cluster}-{service}'."
+    required: false
+  codedeploy-deployment-group:
+    description: "The name of the CodeDeploy deployment group, if the ECS service uses the CODE_DEPLOY deployment controller. Will default to 'DgpECS-{cluster}-{service}'."
+    required: false
 outputs:
   task-definition-arn:
     description: 'The ARN of the registered ECS task definition'
+  codedeploy-deployment-id:
+    description: 'The deployment ID of the CodeDeploy deployment (if the ECS service uses the CODE_DEPLOY deployment controller'
 runs:
   using: 'node12'
   main: 'dist/index.js'