Stacktape

Sign up for freeSign up



Scripts

Introduction

  • Scripts are used to execute your custom scripts - either shell commands or scripts written in Javascript, Typescript or Python.
  • Scripts are executed either by script:run command or inside a hook.
  • Benefits of running scripts using Stacktape instead of directly:
    • Scripts can be reused by all your team members.
    • You can inject the result of a directive to the script's environment variable.
  • Scripts are executed on the same host from which the stacktape command was executed. If you want to execute a script remotely as a part of the stack operation, use a stack-script.

Defining script action

The script must define either executeCommand or executeScript property.

executeCommand

  • Executes the specified command in a separate shell process. Uses /bin/bash on UNIX systems and default shell(usually cmd.exe) on Windows systems.
  • The command will be executed on the machine running the Stacktape command. If the command works on your machine, it doesn't mean it works for people or machines with different OSes or shells.
  • Only one of executeScript, executeScripts, executeCommand or executeCommands can be configured.

Copy

scripts:
buildWeb:
executeCommand: npx gatsby build

executeScript

  • The script can be written in Javascript, Typescript or Python.
  • The script is executed in a separate process.
  • The script is executed using an executable configured using defaults:configure command or a default executable on your machine:
    • node for Javascript and Typescript
    • python for Python
  • Only one of executeScript, executeScripts, executeCommand or executeCommands can be configured.

Copy

scripts:
sendSlackNotification:
executeScript: scripts/send-slack-notification.ts

Copy

import { WebClient } from "@slack/web-api";
// An access token (from your Slack app or custom integration - xoxp, xoxb)
const token = "my-access-token";
// This argument can be a channel ID, a DM ID, a MPDM ID, or a group ID
const conversationId = "my-conversation-id";
const slackClient = new WebClient(token);
const errorData = JSON.parse(process.env.STP_ERROR);
(async () => {
await slackClient.chat.postMessage({
channel: conversationId,
text: errorData.message
});
})();

Executing script

The script can be executed in 2 ways:

  • using script:run command

    Copy

    stacktape script:run --scriptName <<scriptName>>
  • inside a hook

Environment

Most commonly used types of environment variables:

Copy

scripts:
migrateDb:
executeScript: scripts/migrate-db.ts
environment:
- name: DB_CONNECTION_STRING
value: $ResourceParam('mainDatabase', 'connectionString')
resources:
mainDatabase:
type: relational-database
properties:
credentials:
masterUserName: admin_user
masterUserPassword: my_secret_password
engine:
type: mysql
properties:
primaryInstance:
instanceSize: db.t2.micro

Accessing private resources in VPC

Some resources, such as relational databases, redis clusters, might not have public endpoint, but you still need to access them from your scripts or to perform management tasks.


For these cases, you can use bastion resource together with bastion tunnel.


You can use bastion tunnels to give your script/command access to resources, which are only accessible from within the VPC (private network of your stack).

  • When using bastion tunnel, Stacktape sets up port-forwarding tunnel through the specified bastion host.
  • To use bastion tunnels, your stack must contain bastion resource.
  • Tunneling is performed using secure SSM session.
  • Environment variables passed to the script are automatically adjusted to use the tunneled endpoints.

Copy

scripts:
migrateDb:
executeCommands:
- python manage.py makemigrations
- python manage.py migrate
bastionTunnels:
- bastion: myBastion
target: mainDatabase
# injected environment variables are automatically adjusted during the script/command execution to use the tunneled endpoint
environment:
- name: STP_MAIN_DATABASE_CONNECTION_STRING
value: $ResourceParam('mainDatabase', 'connectionString')
hooks:
afterDeploy:
- executeNamedScript: migrateDb
resources:
myBastion:
type: bastion
mainDatabase:
type: relational-database
properties:
accessibility:
accessibilityMode: vpc
credentials:
masterUserName: admin_user
masterUserPassword: my_secret_password
engine:
type: aurora-postgresql-serverless

Using bastion tunnel to perform migration on VPC protected database

API reference

Script  API reference
executeScript
executeCommand
executeScripts
executeCommands
environment
bastionTunnels
cwd
pipeStdio
Default: true
name
Required
value
Required

Need help? Ask a question on SlackDiscord or info@stacktape.com.