{"id":18800827,"url":"https://github.com/bitovi/github-actions-deploy-stackstorm","last_synced_at":"2025-10-07T14:45:10.789Z","repository":{"id":65159081,"uuid":"573175015","full_name":"bitovi/github-actions-deploy-stackstorm","owner":"bitovi","description":"GitHub Action to deploy StackStorm to AWS (βeta)","archived":false,"fork":false,"pushed_at":"2025-01-28T13:39:20.000Z","size":144,"stargazers_count":9,"open_issues_count":5,"forks_count":4,"subscribers_count":11,"default_branch":"main","last_synced_at":"2025-09-19T17:10:23.014Z","etag":null,"topics":["ansible","aws","devops","gh-action","github-actions","st2","stackstorm","terraform"],"latest_commit_sha":null,"homepage":"https://github.com/marketplace/actions/deploy-single-vm-stackstorm-to-aws-ec2","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/bitovi.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2022-12-01T21:31:50.000Z","updated_at":"2025-07-10T16:28:57.000Z","dependencies_parsed_at":"2025-04-13T17:44:24.984Z","dependency_job_id":"e1f3da2c-600b-45c0-b8eb-d3ecb96d3d43","html_url":"https://github.com/bitovi/github-actions-deploy-stackstorm","commit_stats":{"total_commits":129,"total_committers":6,"mean_commits":21.5,"dds":0.5038759689922481,"last_synced_commit":"da1d6f4fb95c1f630b2f1cfbdc5e9c625198cfe8"},"previous_names":[],"tags_count":9,"template":false,"template_full_name":null,"purl":"pkg:github/bitovi/github-actions-deploy-stackstorm","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bitovi%2Fgithub-actions-deploy-stackstorm","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bitovi%2Fgithub-actions-deploy-stackstorm/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bitovi%2Fgithub-actions-deploy-stackstorm/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bitovi%2Fgithub-actions-deploy-stackstorm/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/bitovi","download_url":"https://codeload.github.com/bitovi/github-actions-deploy-stackstorm/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bitovi%2Fgithub-actions-deploy-stackstorm/sbom","scorecard":{"id":240512,"data":{"date":"2025-08-11","repo":{"name":"github.com/bitovi/github-actions-deploy-stackstorm","commit":"2afeae1d65acc53538a3c20743b62ae8160203de"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":4.2,"checks":[{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Code-Review","score":5,"reason":"Found 8/14 approved changesets -- score normalized to 5","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 25 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-17T06:37:04.038Z","repository_id":65159081,"created_at":"2025-08-17T06:37:04.038Z","updated_at":"2025-08-17T06:37:04.038Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":278794113,"owners_count":26046968,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-07T02:00:06.786Z","response_time":59,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ansible","aws","devops","gh-action","github-actions","st2","stackstorm","terraform"],"created_at":"2024-11-07T22:20:14.320Z","updated_at":"2025-10-07T14:45:10.752Z","avatar_url":"https://github.com/bitovi.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Github Action: Deploy StackStorm\n\n[![LICENSE](https://img.shields.io/badge/license-MIT-green)](LICENSE.md)\n[![Latest Release](https://img.shields.io/github/v/release/bitovi/github-actions-deploy-stackstorm)](https://github.com/bitovi/github-actions-deploy-stackstorm/releases)\n![GitHub closed issues](https://img.shields.io/github/issues-closed/bitovi/github-actions-deploy-stackstorm)\n![GitHub closed pull requests](https://img.shields.io/github/issues-pr-closed/bitovi/github-actions-deploy-stackstorm)\n[![Discrod Community](https://img.shields.io/discord/1007137664606150746?logo=discord\u0026label=Discord)](https://discord.gg/zAHn4JBVcX)\n\n![alt](https://bitovi-gha-pixel-tracker-deployment-main.bitovi-sandbox.com/pixel/fBfJvGWta6ZyohS-moZ34)\n## Action Summary\nThis action deploys a Stackstorm instance to an AWS VM (EC2) with [Terraform](operations/deployment/terraform/modules) and [Ansible](https://github.com/stackstorm/ansible-st2).  \n\nIf you would like to deploy a backend app/service, check out our other actions:\n| Action | Purpose |\n| ------ | ------- |\n| [Deploy Docker to EC2](https://github.com/marketplace/actions/deploy-docker-to-aws-ec2) | Deploys a repo with a Dockerized application to a virtual machine (EC2) on AWS |\n| [Deploy React to GitHub Pages](https://github.com/marketplace/actions/deploy-react-to-github-pages) | Builds and deploys a React application to GitHub Pages. |\n| [Deploy static site to AWS (S3/CDN/R53)](https://github.com/marketplace/actions/deploy-static-site-to-aws-s3-cdn-r53) | Hosts a static site in AWS S3 with CloudFront |\n\u003cbr/\u003e\n\n**And more!**, check our [list of actions in the GitHub marketplace](https://github.com/marketplace?category=\u0026type=actions\u0026verification=\u0026query=bitovi)\n\n# Need help or have questions?\nThis project is supported by [Bitovi, A DevOps consultancy](https://www.bitovi.com/services/devops-consulting).\n\nYou can **get help or ask questions** on our [Discord channel](https://discord.gg/zAHn4JBVcX)! Come hang out with us; We love discussing solutions!\n\nOr, you can hire us for training, consulting, or development. [Set up a free consultation](https://www.bitovi.com/services/devops-consulting).\n\n## Prerequisites\n- An [AWS account](https://aws.amazon.com/premiumsupport/knowledge-center/create-and-activate-aws-account/) and [Access Keys](https://docs.aws.amazon.com/powershell/latest/userguide/pstools-appendix-sign-up.html)\n- The following secrets should be added to your GitHub actions secrets:\n  - `AWS_ACCESS_KEY_ID`\n  - `AWS_SECRET_ACCESS_KEY`\n  - `ST2_AUTH_USERNAME`\n  - `ST2_AUTH_PASSWORD`\n\n:warning: In the latest release, some variables were replaced.  Old one will not work.\n\n| Old variable | Replaced By | \n| - | - | \n| aws_extra_tags | aws_additional_tags | \n| aws_ec2_instance_profile | aws_ec2_iam_instance_profile |\n| aws_ec2_instance_vol_size | aws_ec2_instance_root_vol_size | \n| aws_domain_name | aws_r53_domain_name | \n| aws_sub_domain_name | aws_r53_sub_domain_name | \n| aws_root_domain_deploy | aws_r53_root_domain_deploy | \n| aws_cert_arn | aws_r53_cert_arn | \n| aws_create_root_cert | aws_r53_create_root_cert | \n| aws_create_sub_cert | aws_r53_create_sub_cert | \n| aws_no_cert | aws_r53_enable_cert :warning:  |  \n\n\u003e :warning: `aws_no_cert` has the opossite value of `aws_r53_enable_cert`. Cert lookup is set to `true` by default, and won't fail if it can't find any.\n\u003cbr/\u003e\n\n## Example usage\n\nCreate a Github Action Workflow `.github/workflow/deploy-st2.yaml` with the following to build on push to the `main` branch.\n\n```yaml\n# Deploy ST2 Single VM with GHA\nname: CD\n\non:\n  push:\n    branches: [ main ]\n\njobs:\n  deploy-st2:\n    runs-on: ubuntu-latest\n    steps:\n    - id: deploy-st2\n      name: Deploy StackStorm\n      # NOTE: we recommend pinning to the latest numeric version\n      # See: https://github.com/bitovi/github-actions-deploy-stackstorm/releases\n      uses: bitovi/github-actions-deploy-stackstorm@v0.4.0\n      with:\n        aws_default_region: us-east-1\n        aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID}}\n        aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY}}\n        st2_auth_username: ${{ secrets.ST2_AUTH_USERNAME}}\n        st2_auth_password: ${{ secrets.ST2_AUTH_PASSWORD}}\n        st2_packs: \"st2,aws,github\"\n```\n\nThis will create the following resources in AWS:\n- An EC2 instance\n- Route53 records\n- A load balancer\n- Security groups (ports `80`, `443`, `22`)\n- Optionally, use an existing or define a new VPC with subnets (see `aws_create_vpc`)\n\n\u003e For more details about what is created, see [operations/deployment/terraform/modules](operations/deployment/terraform/modules/)\n\n## Customizing\n\n### Inputs\n1. [Action Defaults](#action-defaults-inputs)\n2. [AWS Configuration](#aws-configuration-inputs)\n4. [EC2](#ec2-instance-config)\n5. [Stackstorm inputs](#stackstorm-inputs)\n6. [Stack Management](#stack-management)\n7. [Domains and certificates](#domains-and-certificates)\n8. [VPC](#vpc-configuration)\n9. [Advanced Options](#advanced-options)\n\n### Outputs\n1. [Action Outpus](#action-outputs)\n\n\nThe following inputs can be used as `steps.with` keys:\n\u003cbr/\u003e\n\u003cbr/\u003e\n\n#### **Action defaults Inputs**\n| Name             | Type    | Description                        | \n|------------------|---------|------------------------------------|\n| `checkout` | Boolean | Set to `false` if the code is already checked out. (Default is `true`). |\n\u003chr/\u003e\n\u003cbr/\u003e\n\n#### **AWS Configuration Inputs**\n| Name             | Type    | Description                        |\n|------------------|---------|------------------------------------|\n| `aws_access_key_id` | String | AWS access key ID |\n| `aws_secret_access_key` | String | AWS secret access key |\n| `aws_session_token` | String | AWS session token |\n| `aws_default_region` | String | AWS default region. Defaults to `us-east-1` |\n| `aws_resource_identifier` | String | Set to override the AWS resource identifier for the deployment. Defaults to `${GITHUB_ORG_NAME}-${GITHUB_REPO_NAME}-${GITHUB_BRANCH_NAME}`. |\n| `aws_additional_tags` | JSON | Add additional tags to the terraform [default tags](https://www.hashicorp.com/blog/default-tags-in-the-terraform-aws-provider), any tags put here will be added to all provisioned resources. |\n\u003chr/\u003e\n\u003cbr/\u003e\n\n #### **EC2 Instance config** \n| Name             | Type    | Description                        |\n|------------------|---------|------------------------------------|\n| `aws_ec2_instance_type` | String | The AWS IAM instance type to use. Default is `t3.medium`. See [this list](https://aws.amazon.com/ec2/instance-types/) for reference. |\n| `aws_ec2_instance_root_vol_size` | Integer | Define the volume size (in GiB) for the root volume on the AWS Instance. Defaults to `8`. | \n| `aws_ec2_instance_root_vol_preserve` | Boolean | Set this to true to avoid deletion of root volume on termination. Defaults to `false`. | \n| `aws_ec2_security_group_name` | String | The name of the EC2 security group. Defaults to `SG for ${aws_resource_identifier} - EC2`. |\n| `aws_ec2_iam_instance_profile` | String | The AWS IAM instance profile to use for the EC2 instance. Will create one if none provided with the name `aws_resource_identifier`. |\n| `aws_ec2_create_keypair_sm` | Boolean | Generates and manages a secret manager entry that contains the public and private keys created for the ec2 instance. Defaults to `false`. |\n| `aws_ec2_instance_public_ip` | Boolean | Add a public IP to the instance or not. Defaults to `true`. |\n| `aws_ec2_additional_tags` | JSON | Add additional tags to the terraform [default tags](https://www.hashicorp.com/blog/default-tags-in-the-terraform-aws-provider), any tags put here will be added to ec2 provisioned resources.|\n\u003chr/\u003e\n\u003cbr/\u003e\n\n #### **Stackstorm inputs** \n| Name             | Type    | Description                        |\n|------------------|---------|------------------------------------|\n| `st2_auth_username` | String | Username used by StackStorm standalone authentication. Set as a secret in GH Actions. |\n| `st2_auth_password` | String | Password used by StackStorm standalone authentication. Set as a secret in GH Actions. |\n| `st2_packs` | String | Comma separated list of packs to install. If you modify this option, be sure to also include `st2` in the list. Defaults to `\"st2\"` |\n| `st2_ansible_extra_vars_file` | String | Relative path from project root to Ansible vars file. If you'd like to adjust more advanced configuration; st2 version, st2.conf, RBAC, chatops, auth, etc. See https://github.com/stackStorm/ansible-st2#variables for the full list of settings. The Ansible vars will take higher precedence over the GHA inputs. |\n| `st2_version_tag` | String | Stackstorm Ansible release tag to use. See https://github.com/StackStorm/ansible-st2/releases |\n\u003chr/\u003e\n\u003cbr/\u003e\n\n#### **Stack Management** \n| Name             | Type    | Description                        |\n|------------------|---------|------------------------------------|\n| `tf_stack_destroy` | Boolean  | Set to `true` to destroy the stack - Will delete the `elb logs bucket` after the destroy action runs. |\n| `tf_state_file_name` | String | Change this to be anything you want to. Carefull to be consistent here. A missing file could trigger recreation, or stepping over destruction of non-defined objects. Defaults to `tf-state-aws`. |\n| `tf_state_file_name_append` | String | Appends a string to the tf-state-file. Setting this to `unique` will generate `tf-state-aws-unique`. (Can co-exist with `tf_state_file_name`) |\n| `tf_state_bucket` | String | AWS S3 bucket name to use for Terraform state. See [note](#s3-buckets-naming) | \n| `tf_state_bucket_destroy` | Boolean | Force purge and deletion of S3 bucket defined. Any file contained there will be destroyed. `tf_stack_destroy` must also be `true`. Default is `false`. |\n\u003chr/\u003e\n\u003cbr/\u003e\n\n#### **Domains and certificates** \n| Name             | Type    | Description                        |\n|------------------|---------|------------------------------------|\n| `aws_r53_domain_name` | String | Define the root domain name for the application. e.g. bitovi.com'. |\n| `aws_r53_sub_domain_name` | String | Define the sub-domain part of the URL. Defaults to `aws_resource_identifier`. |\n| `aws_r53_root_domain_deploy` | Boolean | Deploy application to root domain. Will create root and www records. Default is `false`. |\n| `aws_r53_enable_cert` | Boolean | Set this to true if you wish to manage certificates through AWS Certificate Manager with Terraform. **See note**. Default is `false`. | \n| `aws_r53_cert_arn` | String | Define the certificate ARN to use for the application. **See note**. |\n| `aws_r53_create_root_cert` | Boolean | Generates and manage the root cert for the application. **See note**. Default is `false`. |\n| `aws_r53_create_sub_cert` | Boolean | Generates and manage the sub-domain certificate for the application. **See note**. Default is `false`. |\n| `aws_r53_additional_tags` | JSON | Add additional tags to the terraform [default tags](https://www.hashicorp.com/blog/default-tags-in-the-terraform-aws-provider), any tags put here will be added to R53 provisioned resources.|\n\u003chr/\u003e\n\u003cbr/\u003e\n\n#### **VPC configuration**\n| Name             | Type    | Description                        |\n|------------------|---------|------------------------------------|\n| `aws_vpc_create` | Boolean | Define if a VPC should be created. Defaults to `false`. |\n| `aws_vpc_name` | String | Define a name for the VPC. Defaults to `VPC for ${aws_resource_identifier}`. |\n| `aws_vpc_cidr_block` | String | Define Base CIDR block which is divided into subnet CIDR blocks. Defaults to `10.0.0.0/16`. |\n| `aws_vpc_public_subnets` | String | Comma separated list of public subnets. Defaults to `10.10.110.0/24`|\n| `aws_vpc_private_subnets` | String | Comma separated list of private subnets. If no input, no private subnet will be created. Defaults to `\u003cnone\u003e`. |\n| `aws_vpc_availability_zones` | String | Comma separated list of availability zones. Defaults to `aws_default_region+\u003crandom\u003e` value. If a list is defined, the first zone will be the one used for the EC2 instance. |\n| `aws_vpc_id` | String | **Existing** AWS VPC ID to use. Accepts `vpc-###` values. |\n| `aws_vpc_subnet_id` | String | **Existing** AWS VPC Subnet ID. If none provided, will pick one. (Ideal when there's only one). |\n| `aws_vpc_enable_nat_gateway` | Boolean | Adds a NAT gateway for each public subnet. Defaults to `false`. |\n| `aws_vpc_single_nat_gateway` | Boolean | Toggles only one NAT gateway for all of the public subnets. Defaults to `false`. |\n| `aws_vpc_external_nat_ip_ids` | String | **Existing** comma separated list of IP IDs if reusing. (ElasticIPs). |\n| `aws_vpc_additional_tags` | JSON | Add additional tags to the terraform [default tags](https://www.hashicorp.com/blog/default-tags-in-the-terraform-aws-provider), any tags put here will be added to vpc provisioned resources.|\n\u003chr/\u003e\n\u003cbr/\u003e\n\n#### **Action Outputs**\n| Name             | Description                        |\n|------------------|------------------------------------|\n| `aws_vpc_id` | The selected VPC ID used. |\n| `vm_url` | The URL of the generated app. |\n| `instance_endpoint` | The URL of the generated ec2 instance. |\n| `ec2_sg_id` | SG ID for the EC2 instance. |\n\n### Note about AWS resource identifiers\nMost resources will contain the tag `GITHUB_ORG-GITHUB_REPO-GITHUB_BRANCH` to make them unique. Because some AWS resources have a length limit, we shorten identifiers to a `60` characters max string.\n\nWe use the Kubernetes style for this. For example, `Kubernetes` -\u003e `k(# of characters)s` -\u003e `k8s`. And so you might see how compressions are made.\n\nFor some specific resources, we have a `32` characters limit. If the identifier length exceeds this number after compression, we remove the middle part and replace it with a hash made up of the string itself.\n\n### S3 buckets naming\nBucket names can be made of up to 63 characters. If the length allows us to add `-tf-state`, we will do so. If not, a simple `-tf` will be added.\n\n## Domain and Certificates - Only for AWS Managed domains with Route53\n\nAs a default, the application will be deployed and the ELB public URL will be displayed.\n\nIf `aws_domain_name` is defined, we will look up for a certificate with the name of that domain (eg. `example.com`). We expect that certificate to contain both `example.com` and `*.example.com`. Resulting URL will be `aws_sub_domain.aws_domain_name`\n\nIf no certificate is available for `aws_domain_name`, then set up `no_cert` to true. \n\nIf you want to use an already created certificate, or prefer to manage it manually, you can set up `aws_cert_arn`. \nCheck the [AWS notes](https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-list.html) for how to find the certificate ARN in AWS.\n\nSetting `aws_create_root_cert` to `true` will create this certificate with both `example.com` and `*.example.com` for you, and validate them. (DNS validation).\n\nSetting `aws_create_sub_cert` to `true` will create a certificate **just for the subdomain**, and validate it.\n\n\u003e :warning: Be very careful here! **Created certificates are fully managed by Terraform**. Therefore **they will be destroyed upon stack destruction**.\n\nTo change a certificate (root_cert, sub_cert, ARN or pre-existing root cert), you must first set the `no_cert` flag to true, run the action, then set the `no_cert` flag to false, add the desired settings and excecute the action again. (**This will destroy the first certificate.**)\n\nThis is necessary due to a limitation that prevents certificates from being changed while in use by certain resources.\n\n### Advanced StackStorm configuration with Ansible vars\nThis action runs [`ansible-st2`](https://github.com/stackStorm/ansible-st2) roles under the hood. You can customize the Ansible configuration by creating a yaml file in your repo. This file will be passed to the Ansible playbook as extra vars. See the [Ansible-st2](https://github.com/stackStorm/ansible-st2#variables) documentation for a full list of available options.\n\nHere is an example `st2_vars.yaml` pinning the stackstorm to `v3.8.0`, installing several packs from [StackStorm Exchange](https://exchange.stackstorm.org) and configuring `st2.conf` with extra settings for `garbagecollector`:\n\n```yaml\nst2_version: \"3.8.0\"\n\n# Install specific pack versions from StackStorm Exchange\nst2_packs:\n  - st2\n  - aws=1.2.0\n  - github=2.1.3\n\n# https://github.com/StackStorm/st2/blob/master/conf/st2.conf.sample\nst2_config:\n  garbagecollector:\n    # Action executions and related objects (live actions, action output objects) older than this value (days) will be automatically deleted. Defaults to None (disabled).\n    action_executions_ttl = 90\n```\n\nExample GHA deployment job referencing the Ansible `st2_vars.yaml` file:\n```yaml\njobs:\n  deploy-st2:\n    runs-on: ubuntu-latest\n    steps:\n    - id: deploy-st2-advanced\n      name: Deploy StackStorm with extra Ansible vars\n      uses: bitovi/github-actions-deploy-stackstorm@v0.4.2\n      with:\n        aws_default_region: us-east-1\n        aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID}}\n        aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY}}\n        st2_auth_username: ${{ secrets.ST2_AUTH_USERNAME}}\n        st2_auth_password: ${{ secrets.ST2_AUTH_PASSWORD}}\n        # Pass the Ansible vars file\n        st2_ansible_extra_vars_file: \"st2_vars.yaml\"\n```\n\nWe encourage to keep your infrastructure codified!\n\n## Made with BitOps\n[BitOps](https://bitops.sh/) allows you to define Infrastructure-as-Code for multiple tools in a central place. This action uses BitOps Docker container with prebuilt deployment tools and [Operations Repository Structure](https://bitops.sh/operations-repo-structure/) to organize the necessary Terraform and Ansible steps, create infrastructure and deploy to it.\n\n### Extra BitOps Configuration\nYou can pass additional `BITOPS_` ENV variables to adjust the deployment behavior.\n```yaml\n- name: Deploy StackStorm to AWS (dry-run)\n  uses: bitovi/github-actions-deploy-stackstorm@v0.4.2\n  env:\n    # Extra BitOps configuration:\n    BITOPS_LOGGING_LEVEL: INFO\n    # Extra Terraform configuration:\n    # https://bitops.sh/tool-configuration/configuration-terraform/#terraform-bitops-schema\n    BITOPS_TERRAFORM_SKIP_DEPLOY: true\n    # Extra Ansible configuration:\n    # https://bitops.sh/tool-configuration/configuration-ansible/#cli-configuration\n    BITOPS_ANSIBLE_DRYRUN: true\n  with:\n    aws_default_region: us-east-1\n    aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }}\n    aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}\n    st2_auth_username: ${{ secrets.ST2_AUTH_USERNAME }}\n    st2_auth_password: ${{ secrets.ST2_AUTH_PASSWORD}}\n```\nIn this example, we instruct BitOps to run a `terraform plan` instead of `terraform apply` and to run Ansible in `--check` mode, additionally, we set the BitOps container logging level to `DEBUG`.\n\n## Future\nIn the future, this action may support multiple deployment types such as:\n- [Kubernetes](https://github.com/StackStorm/stackstorm-k8s)\n- Multi-VM\n\nThis action is still in its early stages, so we welcome your feedback! [Open an issue](issues/) if you have a feature request.\n\n## Contributing\nWe would love for you to contribute to [bitovi/github-actions-deploy-stackstorm](/).   [Issues](issues/) and [Pull Requests](pulls/) are welcome!\n\n## Provided by Bitovi\n[Bitovi](https://www.bitovi.com/) is a proud supporter of Open Source software.\n\n## Need help or have questions?\nYou can **get help or ask questions** on [Discord channel](https://discord.gg/zAHn4JBVcX)! Come hangout with us!\n\nOr, you can hire us for training, consulting, or development. [Set up a free consultation](https://www.bitovi.com/devops-consulting).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbitovi%2Fgithub-actions-deploy-stackstorm","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbitovi%2Fgithub-actions-deploy-stackstorm","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbitovi%2Fgithub-actions-deploy-stackstorm/lists"}