-
Notifications
You must be signed in to change notification settings - Fork 3
157 lines (141 loc) · 6.33 KB
/
AWS_deploy.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
name: Deployment AWS
on:
push:
branches:
- deploy1
env:
AWS_REGION: ${{ secrets.AWS_REGION }}
ECR_REPOSITORY: ${{ secrets.ECR_REPOSITORY }}
ECS_SERVICE: ${{ secrets.ECS_SERVICE }}
ECS_CLUSTER: ${{ secrets.ECS_CLUSTER }}
ECS_TASK_DEFINITION: ${{ secrets.ECS_TASK_DEFINITION }}
CONTAINER_NAME: ${{ secrets.CONTAINER_NAME }}
EDS_API_URL: ${{ secrets.EDS_API_URL }}
EDS_AUTH_URL: ${{ secrets.EDS_AUTH_URL }}
LAMBDA_FUNCTION: ${{ secrets.LAMBDA_FUNCTION }}
GATEWAY_STAGE: ${{ secrets.GATEWAY_STAGE }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
DEPLOY_LAMBDA: ${{ secrets.DEPLOY_LAMBDA }}
permissions:
id-token: write # This is required for requesting the JWT
contents: read
jobs:
deploy:
name: Deploy
runs-on: ubuntu-latest
environment: production
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Check if secret gateway stage exists and assign to variable
id: gateway-key
run: |
if [[ -n "${{ env.GATEWAY_STAGE }}" ]]; then
echo "::set-output name=key_gateway_stage::${{ env.GATEWAY_STAGE }}"
else
echo "::set-output name=key_gateway_stage::\"\""
fi
shell: bash
- name: configure aws credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws:iam::489065051964:role/GitHubActionProcessor-AssumeRoleWithAction #change to reflect your IAM role’s ARN
role-session-name: GitHub_to_AWS_via_gitaction_devOps
aws-region: ${{ env.AWS_REGION }}
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
- name: Build, tag, and push image Lambda to Amazon ECR
id: build-image-lambda
if: ${{ env.DEPLOY_LAMBDA == 'true' }}
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
IMAGE_TAG: ${{ github.sha }}
run: |
# Build a docker container and
# push it to ECR so that it can
# be deployed to ECS.
docker build \
--build-arg EDS_API_URL=${{ env.EDS_API_URL }} \
--build-arg EDS_AUTH_URL=${{ env.EDS_AUTH_URL }} \
--build-arg AWS_ACCESS_KEY_ID=${{ env.AWS_ACCESS_KEY_ID }} \
--build-arg AWS_SECRET_ACCESS_KEY=${{ env.AWS_SECRET_ACCESS_KEY }} \
--build-arg INPUT_JSON_PATH="data/processor_input_example.json" \
--build-arg GATEWAY_STAGE=${{ steps.gateway-key.outputs.key_gateway_stage }} \
-t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG . -f Dockerfile_lambda
# docker tag $ECR_REPOSITORY:latest $ECR_REGISTRY/$ECR_REPOSITORY:latest
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
echo "image=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT
- name: Update image to lambda funtion
id: lambda-function
if: ${{ env.DEPLOY_LAMBDA == 'true' }}
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
IMAGE_TAG: ${{ github.sha }}
run: |
aws lambda update-function-code \
--function-name $LAMBDA_FUNCTION \
--image-uri $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
# - name: Update lambda funtion configuration
# id: lambda-function-config
# if: ${{ env.DEPLOY_LAMBDA == 'true' }}
# run: |
# aws lambda update-function-configuration \
# --function-name $LAMBDA_FUNCTION \
# --environment "Variables={EDS_API_URL=${{ env.EDS_API_URL }},EDS_AUTH_URL=${{ env.EDS_AUTH_URL }}}"
- name: Build, tag, and push image Task to Amazon ECR
id: build-image
if: ${{ env.DEPLOY_LAMBDA != 'true' }}
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
IMAGE_TAG: ${{ github.sha }}
run: |
# Build a docker container and
# push it to ECR so that it can
# be deployed to ECS.
docker build \
--build-arg EDS_API_URL=${{ env.EDS_API_URL }} \
--build-arg EDS_AUTH_URL=${{ env.EDS_AUTH_URL }} \
--build-arg AWS_ACCESS_KEY_ID=${{ env.AWS_ACCESS_KEY_ID }} \
--build-arg AWS_SECRET_ACCESS_KEY=${{ env.AWS_SECRET_ACCESS_KEY }} \
--build-arg INPUT_JSON_PATH="data/processor_input_example.json" \
--build-arg GATEWAY_STAGE=${{ steps.gateway-key.outputs.key_gateway_stage }} \
-t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG . -f Dockerfile_ECS
# docker tag $ECR_REPOSITORY:latest $ECR_REGISTRY/$ECR_REPOSITORY:latest
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
echo "image=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT
echo "::set-output name=IMAGE_URI::$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG"
- name: Download task definition
if: ${{ env.DEPLOY_LAMBDA != 'true' }}
run: |
aws ecs describe-task-definition --task-definition ${{ env.ECS_TASK_DEFINITION }} --query taskDefinition > task-definition.json
echo $(cat task-definition.json | jq 'del(
.taskDefinitionArn,
.requiresAttributes,
.compatibilities,
.revision,
.status,
.registeredAt,
.registeredBy
)') > task-definition.json
cat task-definition.json
- name: Fill in the new image ID in the Amazon ECS task definition
id: task-def
if: ${{ env.DEPLOY_LAMBDA != 'true' }}
uses: aws-actions/amazon-ecs-render-task-definition@v1
with:
task-definition: task-definition.json
container-name: ${{ env.CONTAINER_NAME }}
image: ${{ steps.build-image.outputs.image }}
- name: updating task-definition file
if: ${{ env.DEPLOY_LAMBDA != 'true' }}
run: cat ${{ steps.task-def.outputs.task-definition }}
- name: Deploy Amazon ECS task definition
if: ${{ env.DEPLOY_LAMBDA != 'true' }}
uses: aws-actions/amazon-ecs-deploy-task-definition@v1
with:
task-definition: ${{ steps.task-def.outputs.task-definition }}
service: ${{ env.ECS_SERVICE }}
cluster: ${{ env.ECS_CLUSTER }}
wait-for-service-stability: true1