-
-
Notifications
You must be signed in to change notification settings - Fork 8
/
cd.yml
121 lines (106 loc) · 4.27 KB
/
cd.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
name: CD
on:
push:
branches:
- main
# This is necessary for Github Actions OIDC
permissions:
id-token: write
contents: read
jobs:
build:
runs-on: ubuntu-latest
outputs:
aws_region: ${{ vars.AWS_REGION }}
docker_image: ${{ steps.ecr-login.outputs.registry }}/${{ vars.AWS_ECR_REPO }}@${{ steps.docker-build.outputs.digest }}
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Setup AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
role-to-assume: ${{ vars.AWS_BUILD_ROLE }}
aws-region: ${{ vars.AWS_REGION }}
mask-aws-account-id: 'no'
- name: Login to AWS repository
id: ecr-login
uses: aws-actions/amazon-ecr-login@v1
# The following prepends the .release/entrypoint.sh shell script with RELEASE_NODE env var.
# Change the path if the entrypoint shell script is located in a different place.
#
# Please make sure that `curl` and `jq` is being installed in the release image.
- name: Add RELEASE_NODE variable in entrypoint.sh
run: |
mv .release/entrypoint.sh /tmp/entrypoint.sh
cat - /tmp/entrypoint.sh <<'SH' > .release/entrypoint.sh
export RELEASE_DISTRIBUTION=name
export RELEASE_NODE=node-${{ github.sha }}@`curl -s $ECS_CONTAINER_METADATA_URI_V4 | jq -r ".Networks[0].IPv4Addresses[0]"`
SH
- name: Build image metadata
id: meta
uses: docker/metadata-action@v4
with:
images: ${{ steps.ecr-login.outputs.registry }}/${{ vars.AWS_ECR_REPO }}
# The release will be tagged with the branch and the short git sha (and latest if on main)
tags: |
type=sha,prefix={{branch}}-
type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'main') }}
- name: Build, tag, and push to ECR
id: docker-build
uses: docker/build-push-action@v3
with:
context: .
# Replace this if the dockerfile is at a different path
file: .release/Dockerfile
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
deploy:
runs-on: ubuntu-latest
concurrency: deployment
env:
DOCKER_IMAGE: ${{ needs.build.outputs.docker_image }}
needs:
- build
steps:
- name: Setup AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
role-to-assume: ${{ vars.AWS_DEPLOY_ROLE }}
aws-region: ${{ vars.AWS_REGION }}
# This will download the task definition template managed by Terraform
# and modify the family and image attributes.
- name: Build ECS task definition
run: |
aws ecs describe-task-definition --task-definition ${{ vars.AWS_SERVICE_NAME }}-template --query taskDefinition > task-definition.json
echo "`jq '.family="${{ vars.AWS_SERVICE_NAME }}" | .containerDefinitions[0].image="${{ env.DOCKER_IMAGE }}"' task-definition.json`" > task-definition.json
- name: Build CodeDeploy app spec
run: |
cat <<SPEC >> apps-spec.yaml
version: 1
Resources:
- TargetService:
Type: AWS::ECS::Service
Properties:
TaskDefinition: "Placeholder: GitHub Actions will fill this in"
LoadBalancerInfo:
ContainerName: "${{ vars.AWS_SERVICE_NAME }}"
ContainerPort: 4000
SPEC
- name: Deploy app1
uses: aws-actions/amazon-ecs-deploy-task-definition@v1
with:
task-definition: task-definition.json
cluster: ${{ vars.AWS_SERVICE_NAME }}
service: ${{ vars.AWS_SERVICE_NAME }}-app1
codedeploy-appspec: apps-spec.yaml
codedeploy-application: ${{ vars.AWS_SERVICE_NAME }}
codedeploy-deployment-group: ${{ vars.AWS_SERVICE_NAME }}
wait-for-service-stability: true
- name: Deploy app2
uses: aws-actions/amazon-ecs-deploy-task-definition@v1
with:
task-definition: task-definition.json
cluster: ${{ vars.AWS_SERVICE_NAME }}
service: ${{ vars.AWS_SERVICE_NAME }}-app2
wait-for-service-stability: true