From b8dbe96b72210f0a7e6766fefd36541a0ea89517 Mon Sep 17 00:00:00 2001 From: Saurabh Shrihar Date: Mon, 18 Mar 2024 16:06:57 +0400 Subject: [PATCH] Update workflow for public repo build --- .../taskdef_creator.py | 4 +- .github/workflows/deployment.yml | 94 ++++++++++++++----- .github/workflows/production_deployment.yml | 34 ------- .github/Dockerfile => Dockerfile | 0 4 files changed, 73 insertions(+), 59 deletions(-) delete mode 100644 .github/workflows/production_deployment.yml rename .github/Dockerfile => Dockerfile (100%) diff --git a/.github/taskdefinition_template/taskdef_creator.py b/.github/taskdefinition_template/taskdef_creator.py index 2a17029..72b6a11 100644 --- a/.github/taskdefinition_template/taskdef_creator.py +++ b/.github/taskdefinition_template/taskdef_creator.py @@ -147,8 +147,8 @@ def substitute_values(self): "memory", "cpu", ] - self._substitute_env_vars(user_data["env_vars"]) - self._substitute_secret_vars(user_data["secret_vars"]) + self._substitute_env_vars(user_data.get("env_vars", [])) + self._substitute_secret_vars(user_data.get("secret_vars", [])) [user_data.pop(key) for key in ["env_vars", "secret_vars"] if key in user_data] for sub in expected_sub: self._subtitute_data(user_data, sub) diff --git a/.github/workflows/deployment.yml b/.github/workflows/deployment.yml index f2c75f5..852a80a 100644 --- a/.github/workflows/deployment.yml +++ b/.github/workflows/deployment.yml @@ -1,13 +1,10 @@ -name: Wallet Deployment +name: Wallet Asset Deployment on: push: branches: - dev - staging - main - paths: - - "assets/**" - - ".github/workflows/deployment.yml" workflow_dispatch: jobs: @@ -21,25 +18,76 @@ jobs: id: set-env-var run: | if [ "${{ github.ref }}" == "refs/heads/dev" ]; then - echo "::set-output name=ENVIRONMENT::dev" - echo "::set-output name=ACCOUNT_NUMBER::058264511034" + echo "ENVIRONMENT=dev" >> $GITHUB_OUTPUT + echo "ACCOUNT_NUMBER=058264511034" >> $GITHUB_OUTPUT elif [ "${{ github.ref }}" == "refs/heads/staging" ]; then - echo "::set-output name=ENVIRONMENT::staging" - echo "::set-output name=ACCOUNT_NUMBER::070528468658" - elif [ "${{ github.ref }}" == "refs/heads/main" ]; then - echo "::set-output name=ENVIRONMENT::prod" - echo "::set-output name=ACCOUNT_NUMBER::042947190491" + echo "ENVIRONMENT=staging" >> $GITHUB_OUTPUT + echo "ACCOUNT_NUMBER=070528468658" >> $GITHUB_OUTPUT + elif [ "${{ github.ref }}" == "refs/heads/master" ]; then + echo "ENVIRONMENT=prod" >> $GITHUB_OUTPUT + echo "ACCOUNT_NUMBER=042947190491" >> $GITHUB_OUTPUT fi - - deploy: - uses: 0xPolygon/pipelines/.github/workflows/ecs_deploy_docker_taskdef.yaml@main + deploy_workflow: + name: Deploy wallet-asset-${{ needs.set-env-variable.outputs.ENVIRONMENT }} needs: set-env-variable - with: - app_name: wallet-asset-${{ needs.set-env-variable.outputs.ENVIRONMENT }} - taskdef_file_vars: .github/taskdef/${{ needs.set-env-variable.outputs.ENVIRONMENT }}-taskdef.yaml - account_number: "${{ needs.set-env-variable.outputs.ACCOUNT_NUMBER }}" - aws_region: eu-west-1 - environment: ${{ needs.set-env-variable.outputs.ENVIRONMENT }} - docker_file: .github/Dockerfile - cluster_name: wallet-asset-${{ needs.set-env-variable.outputs.ENVIRONMENT }}-ecs-cluster - secrets: inherit + permissions: + id-token: write + contents: write + environment: ${{ needs.set-env-variable.outputs.ENVIRONMENT }} + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Create taskdef file dynamically using parameters passed + run: | + ls -lrt + export PIPENV_PIPFILE=.github/taskdefinition_template/Pipfile + python -m pip install --upgrade pip && \ + pip install pipenv && \ + pipenv install && \ + pipenv run python ".github/taskdefinition_template/taskdef_creator.py" \ + .github/taskdef/${{ needs.set-env-variable.outputs.ENVIRONMENT }}-taskdef.yaml \ + ".github/taskdefinition_template/taskdef_template.json" + + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v3 + with: + aws-region: eu-west-1 + role-to-assume: arn:aws:iam::${{ needs.set-env-variable.outputs.ACCOUNT_NUMBER }}:role/wallet-asset-${{ needs.set-env-variable.outputs.ENVIRONMENT }}-GithubActionsRole + role-session-name: GithubActionsSession + + - name: Login to Amazon ECR + id: login-ecr + uses: aws-actions/amazon-ecr-login@v2 + + - name: Build, tag, and push image to Amazon ECR + id: build-image + env: + ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} + IMAGE_TAG: ${{ github.sha }} + ECR_REPOSITORY: "wallet-asset-${{ needs.set-env-variable.outputs.ENVIRONMENT }}-ecr" + run: | + docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG . + docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG + echo "image=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT + + - name: Extract directory path + run: | + echo "TASKDEF_FILE=.github/taskdefinition_template/wallet-asset-${{ needs.set-env-variable.outputs.ENVIRONMENT }}.json" >> $GITHUB_ENV + + - name: Fill in the new image ID in the Amazon ECS task definition + id: task-def + uses: aws-actions/amazon-ecs-render-task-definition@v1 + with: + task-definition: "${{ env.TASKDEF_FILE }}" + container-name: "wallet-asset-${{ needs.set-env-variable.outputs.ENVIRONMENT }}" + image: ${{ steps.build-image.outputs.image }} + + - name: Deploy Amazon ECS task definition + uses: aws-actions/amazon-ecs-deploy-task-definition@v1 + with: + task-definition: ${{ steps.task-def.outputs.task-definition }} + service: "wallet-asset-${{ needs.set-env-variable.outputs.ENVIRONMENT }}-ecs-service" + cluster: "frontend-${{ needs.set-env-variable.outputs.ENVIRONMENT }}-ecs-cluster" + wait-for-service-stability: true diff --git a/.github/workflows/production_deployment.yml b/.github/workflows/production_deployment.yml deleted file mode 100644 index 5e9661e..0000000 --- a/.github/workflows/production_deployment.yml +++ /dev/null @@ -1,34 +0,0 @@ -name: Wallet Asset Production Deployment -on: - push: - branches: - - main - workflow_dispatch: - -jobs: - build: - name: Wallet Asset Production - permissions: - id-token: write - contents: write - environment: production - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v3 - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v1-node16 - with: - aws-region: eu-west-1 - role-to-assume: arn:aws:iam::042947190491:role/wallet-asset-GithubActionsRole - role-session-name: GitHubActionsSession - - - name: Deploy to S3 bucket - run: aws s3 sync ./assets/ s3://${{ secrets.PROD_AWS_S3_BUCKET }} --acl public-read --delete - - - name: invalidate cloudfront distribution and wait for completion - uses: muratiger/invalidate-cloudfront-and-wait-for-completion-action@master - env: - DISTRIBUTION_ID: ${{ secrets.PROD_CLOUDFRONT_DISTRIBUTION_ID }} - PATHS: "/*" - AWS_REGION: "eu-west-1" diff --git a/.github/Dockerfile b/Dockerfile similarity index 100% rename from .github/Dockerfile rename to Dockerfile