Skip to content

New workflow without using private templates #79

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Feb 7, 2025
Merged

New workflow without using private templates #79

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
233 changes: 155 additions & 78 deletions .github/workflows/deploy-staging-ecs.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,20 +1,84 @@
name: Deploy-staging
name: Deploy-staging-ecs

on:
workflow_dispatch:
inputs:
custom_tag:
tags:
description: 'Set custom tag for image'
required: true
type: string
environment:
type: choice
description: 'The environment to deploy to'
options:
- staging
- production
type: string
required: true
default: 'staging'
aws_region:
description: AWS region
required: false
type: string
aws_ecr_region:
description: AWS region where ECR is set up
required: false
type: string
aws_ecr_account_id:
description: AWS ECR account id (if ECR is on a separate AWS account)
required: false
type: string
timeout_minutes:
required: false
type: number
default: 30
context:
required: false
type: string
default: "."
file:
required: false
type: string
target:
required: false
type: string
description: Target stage to build
platforms:
required: false
type: string
default: "linux/amd64"
provenance:
required: false
type: boolean
default: false
build_args:
required: false
type: string
ssm_param_store_prefix:
required: false
type: string
ssm_param_store_destination_path:
required: false
type: string
secret_files:
description: Docker build secrets
required: false
type: string
aws_role_to_assume:
description: AWS IAM role to assume
required: false
type: string
task_def_path:
required: true
type: string
default: '.aws/ecs/task-definition-app-staging.json'
container_name:
required: true
type: string
description: Name of the container in task definition
default: 'js-react-example'
ecs_service:
required: true
type: string
default: 'js-react-example'
ecs_cluster:
required: true
type: string
push:
branches:
- main
Expand All @@ -23,78 +87,91 @@ on:
- '**.md'

jobs:
context:
name: Setup context
runs-on: ubuntu-latest
environment: ${{ inputs.environment }}
outputs:
aws_region: ${{ steps.get.outputs.aws_region }}
aws_ecr_uri: ${{ steps.get.outputs.aws_ecr_uri }}
aws_ecr_region: ${{ steps.get.outputs.aws_ecr_region }}
aws_ecr_account_id: ${{ steps.get.outputs.aws_ecr_account_id }}
aws_ecs_cluster: ${{ steps.get.outputs.aws_ecs_cluster }}
steps:
- id: get
run: |
echo "aws_region=${{ vars.AWS_REGION }}" >> "$GITHUB_OUTPUT"
echo "aws_ecr_uri=${{ vars.AWS_ECR_URI }}" >> "$GITHUB_OUTPUT"
echo "aws_ecr_region=${{ vars.AWS_ECR_REGION }}" >> "$GITHUB_OUTPUT"
echo "aws_ecr_account_id=${{ vars.AWS_ECR_ACCOUNT_ID }}" >> "$GITHUB_OUTPUT"
echo "aws_ecs_cluster=${{ vars.AWS_ECS_CLUSTER }}" >> "$GITHUB_OUTPUT"

build-push-image:
if: ${{ github.event_name == 'push' }}
name: Build deploy image and push to registry
uses: infinum/devops-pipelines/.github/workflows/[email protected]
needs: context
with:
environment: ${{ inputs.environment }}
cloud: AWS
tags: ${{ needs.context.outputs.aws_ecr_uri }}:${{ github.sha }}
aws_ecr_region: ${{ needs.context.outputs.aws_ecr_region }}
aws_ecr_account_id: ${{ needs.context.outputs.aws_ecr_account_id }}
target: deploy
secrets: inherit

build-push-image-manual:
if: ${{ github.event_name == 'workflow_dispatch' }}
name: Run on workflow dispatch
uses: infinum/devops-pipelines/.github/workflows/[email protected]
needs: context
with:
environment: ${{ inputs.environment }}
cloud: AWS
tags: ${{ needs.context.outputs.aws_ecr_uri }}:${{ inputs.custom_tag }}
aws_ecr_region: ${{ needs.context.outputs.aws_ecr_region }}
aws_ecr_account_id: ${{ needs.context.outputs.aws_ecr_account_id }}
secrets: inherit
runs-on: ubuntu-latest
environment: ${{ vars.environment }}
timeout-minutes: ${{ vars.timeout_minutes }}
steps:
- name: Check out code
uses: actions/checkout@v4

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
driver: docker-container

- name: Configure AWS credentials (with OIDC or access keys)
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ vars.aws_role_to_assume || '' }}
aws-region: ${{ vars.aws_region }}
role-session-name: "github-actions-session"
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID || '' }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY || '' }}

- name: Pull secrets from AWS SSM parameter store
if: ${{ vars.ssm_param_store_prefix }}
uses: infinum/[email protected]
with:
prefix: ${{ vars.ssm_param_store_prefix }}
destination_path: ${{ vars.ssm_param_store_destination_path }}

- name: Configure custom region for AWS ECR
if: ${{ vars.aws_ecr_region != vars.aws_region }}
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{ vars.aws_ecr_region }}

- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
with:
registries: ${{ vars.aws_ecr_account_id }}

- name: Build and push
uses: docker/build-push-action@v6
with:
context: ${{ vars.context }}
platforms: ${{ vars.platforms }}
provenance: ${{ vars.provenance }}
file: ${{ vars.file }}
target: ${{ vars.target }}
push: true
build-args: ${{ vars.build_args }}
tags: ${{ vars.aws_ecr_uri }}:${{ vars.tags }}
cache-from: type=gha
cache-to: type=gha,mode=max
secret-files: ${{ vars.secret_files }}

deploy-to-ecs:
name: 'Deploy to ECS'
runs-on: ubuntu-latest
environment: ${{ vars.environment }}
timeout-minutes: ${{ vars.timeout_minutes }}
steps:
- name: Check out code
uses: actions/checkout@v4

deploy-image:
if: ${{ github.event_name == 'push' }}
name: Deploy backend
uses: infinum/devops-pipelines/.github/workflows/[email protected]
needs: [context, build-push-image]
with:
image_uri: ${{ needs.context.outputs.aws_ecr_uri }}:${{ github.sha }}
environment: ${{ inputs.environment }}
aws_region: ${{ needs.context.outputs.aws_region }}
ecs_cluster: ${{ needs.context.outputs.aws_ecs_cluster }}
ecs_service: js-react-example
task_def_path: .aws/ecs/task-definition-app-staging.json
container_name: js-react-example
secrets: inherit
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ vars.aws_region }}

deploy-image-manual:
if: ${{ github.event_name == 'workflow_dispatch' }}
name: Deploy backend
uses: infinum/devops-pipelines/.github/workflows/[email protected]
needs: [context, build-push-image-manual]
with:
image_uri: ${{ needs.context.outputs.aws_ecr_uri }}:${{ inputs.custom_tag }}
environment: ${{ inputs.environment }}
aws_region: ${{ needs.context.outputs.aws_region }}
ecs_cluster: ${{ needs.context.outputs.aws_ecs_cluster }}
ecs_service: js-react-example
task_def_path: .aws/ecs/task-definition-app-staging.json
container_name: js-react-example
secrets: inherit
- name: Fill in the new image ID in the Amazon ECS task definition
id: gen-task-def
uses: aws-actions/[email protected]
with:
task-definition: ${{ vars.task_def_path }}
container-name: ${{ vars.container_name }}
image: ${{ vars.aws_ecr_uri }}:${{ vars.tags }}

- name: Deploy Amazon ECS task definition
uses: aws-actions/amazon-ecs-deploy-task-definition@v2
with:
task-definition: ${{ steps.gen-task-def.outputs.task-definition }}
service: ${{ vars.ecs_service }}
cluster: ${{ vars.ecs_cluster }}
wait-for-service-stability: true
Loading