Migrate integration omnibus

Author: skmcgrail

.github/actions/codebuild-docker-run/action.yml

@@ -1,5 +1,8 @@
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0 OR ISC
+
 name: 'codebuild-docker-run'
-description: 'Run one or more commands inside a docker container'
+description: 'Run one or more commands inside a docker container within a CodeBuild environment'
 inputs:
   image:
     description: 'Docker image to pull'
@@ -18,6 +21,18 @@ inputs:
     description: 'Environment variables to set or pass to the container'
     required: false
     default: ''
+  ipv6:
+    description: 'Enables IPv6 networking in the container. Implies --privileged'
+    required: false
+    default: false
+  withCredentials:
+    description: 'Whether to passthru the CodeBuild credentials'
+    required: false
+    default: false
+  user:
+    description: 'Run the docker container as a non-root user'
+    required: false
+    default: ''
 runs:
   using: 'composite'
   steps:
@@ -29,4 +44,7 @@ runs:
         INPUT_RUN: ${{ inputs.run }}
         INPUT_SHELL: ${{ inputs.shell }}
         INPUT_ENV: ${{ inputs.env }}
+        INPUT_IPV6: ${{ inputs.ipv6 }}
+        INPUT_WITH_CREDENTIALS: ${{ inputs.withCredentials }}
+        INPUT_USER: ${{ inputs.user }}
       run: ${{ github.action_path }}/codebuild-docker-run.sh

.github/actions/codebuild-docker-run/codebuild-docker-run.sh

@@ -1,4 +1,6 @@
 #!/usr/bin/env bash
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0 OR ISC
 
 set -ex
 
@@ -47,11 +49,38 @@ parse_env_vars() {
 # Parse environment variables from INPUT_ENV
 ENV_FLAGS=$(parse_env_vars "$INPUT_ENV")
 
+DOCKER_OPTIONS="${INPUT_OPTIONS:-}"
+if [[ "${INPUT_IPV6}" == "true" && ! "${DOCKER_OPTIONS}" =~ --privileged ]]; then
+    DOCKER_OPTIONS="$DOCKER_OPTIONS --privileged"
+fi
+
+if [[ "${INPUT_USER}z" != "z" && ! "${DOCKER_OPTIONS}" =~ --user ]]; then
+    DOCKER_OPTIONS="$DOCKER_OPTIONS --user ${INPUT_USER}"
+fi
+
+if [[ "${INPUT_WITH_CREDENTIALS}" == true && 
+    ! "${ENV_FLAGS}" =~ ECS_CONTAINER_METADATA_URI_V4 && 
+    ! "${ENV_FLAGS}" =~ AWS_CONTAINER_CREDENTIALS_RELATIVE_URI ]]; then
+    ENV_FLAGS="${ENV_FLAGS} -e ECS_CONTAINER_METADATA_URI_V4 -e AWS_CONTAINER_CREDENTIALS_RELATIVE_URI"
+fi
+
 exec docker run -v /var/run/docker.sock:/var/run/docker.sock \
     -v ${GITHUB_WORKSPACE}:${GITHUB_WORKSPACE} \
     -w ${GITHUB_WORKSPACE} \
-    ${INPUT_OPTIONS:-} \
+    ${DOCKER_OPTIONS} \
     -e GOPROXY \
+    -e AWS_DEFAULT_REGION \
+    -e AWS_REGION \
     ${ENV_FLAGS} \
     --entrypoint=${INPUT_SHELL} ${INPUT_IMAGE} \
-    -c "${INPUT_RUN//$'\n'/;}"
+    -c "cat > /tmp/actions-run.sh << 'EOF' && chmod +x /tmp/actions-run.sh && /tmp/actions-run.sh
+set -ex
+if [[ \"${INPUT_USER}z\" != \"z\" ]]; then
+   chown -R ${INPUT_USER}:${INPUT_USER} ${GITHUB_WORKSPACE}
+fi
+if [[ \"${INPUT_IPV6}\" == \"true\" ]]; then
+sysctl -w net.ipv6.conf.all.disable_ipv6=0
+fi
+${INPUT_RUN}
+EOF
+"