Secrets Not Set Unless 'environment-variables' Are Specified

[ironexdev]

Description:

I'm experiencing an issue with the aws-actions/[email protected] GitHub Action where secrets are not being set in the rendered ECS task definition unless I also specify environment-variables, even if it's just a placeholder.

Problem:

When I specify secrets without any environment-variables, the secrets do not appear in the rendered task definition. Here's the configuration that fails to set the secrets:

(ubuntu-latest)

- name: Render Amazon ECS task definition
  id: render-frontend-container
  uses: aws-actions/[email protected]
  with:
    task-definition: rendered-task-def.json
    container-name: frontend
    image: "${{ steps.ecr-login.outputs.registry }}/${{ env.IMAGE_REPOSITORY }}:${{ inputs.IMAGE_VERSION }}"
    secrets: |
      JWT_SECRET=${{ needs.setup.outputs.SSM_PREFIX }}/JWT_SECRET
      SENTRY_AUTH_TOKEN=${{ needs.setup.outputs.SSM_PREFIX }}/SENTRY_AUTH_TOKEN

Workaround:

If I add an environment-variables section - even with just a dummy variable - the secrets are correctly set:

(ubuntu-latest)

- name: Render Amazon ECS task definition
  id: render-frontend-container
  uses: aws-actions/[email protected]
  with:
    task-definition: rendered-task-def.json
    container-name: frontend
    image: "${{ steps.ecr-login.outputs.registry }}/${{ env.IMAGE_REPOSITORY }}:${{ inputs.IMAGE_VERSION }}"
    environment-variables: |
      DUMMY_VAR=placeholder
    secrets: |
      JWT_SECRET=${{ needs.setup.outputs.SSM_PREFIX }}/JWT_SECRET
      SENTRY_AUTH_TOKEN=${{ needs.setup.outputs.SSM_PREFIX }}/SENTRY_AUTH_TOKEN

[Kamilu-Nurudeen]

I am experiencing the same issue here.