|
|
|
name: AWS Deployment
|
|
|
|
|
|
|
|
on:
|
|
|
|
workflow_call:
|
|
|
|
inputs:
|
|
|
|
aws_account_id:
|
|
|
|
required: true
|
|
|
|
type: string
|
|
|
|
aws_resource_prefix:
|
|
|
|
required: true
|
|
|
|
type: string
|
|
|
|
environment:
|
|
|
|
required: true
|
|
|
|
type: string
|
|
|
|
release_tag:
|
|
|
|
required: false
|
|
|
|
type: string
|
|
|
|
|
|
|
|
concurrency:
|
|
|
|
group: deploy-${{ inputs.environment }}
|
|
|
|
cancel-in-progress: true
|
|
|
|
|
|
|
|
env:
|
|
|
|
app_repo_role: arn:aws:iam::815624722760:role/core-application-repo
|
|
|
|
aws_region: eu-west-2
|
|
|
|
repository: core
|
|
|
|
|
|
|
|
jobs:
|
|
|
|
push_docker_image:
|
|
|
|
if: inputs.environment != 'production'
|
|
|
|
name: Push docker image to AWS
|
|
|
|
runs-on: ubuntu-latest
|
|
|
|
permissions:
|
|
|
|
id-token: write
|
|
|
|
|
|
|
|
steps:
|
|
|
|
- name: Checkout code
|
|
|
|
uses: actions/checkout@v3
|
|
|
|
|
|
|
|
- name: Configure AWS credentials
|
|
|
|
uses: aws-actions/configure-aws-credentials@v3
|
|
|
|
with:
|
|
|
|
aws-region: ${{ env.aws_region }}
|
|
|
|
role-to-assume: ${{ env.app_repo_role }}
|
|
|
|
|
|
|
|
- name: Login to Amazon ECR
|
|
|
|
id: ecr-login
|
|
|
|
uses: aws-actions/amazon-ecr-login@v1
|
|
|
|
with:
|
|
|
|
mask-password: 'true'
|
|
|
|
|
|
|
|
- name: Check if image with tag already exists
|
|
|
|
run: |
|
|
|
|
echo "image-exists=$(if aws ecr list-images --repository-name=$repository --query "imageIds[*].imageTag" | grep -q ${{ github.sha }}; then echo true; else echo false; fi)" >> $GITHUB_ENV
|
|
|
|
|
|
|
|
- name: Build, tag, and push docker image to ECR
|
|
|
|
id: build-image
|
|
|
|
if: ${{ env.image-exists == 'false' }}
|
|
|
|
env:
|
|
|
|
registry: ${{ steps.ecr-login.outputs.registry }}
|
|
|
|
commit_tag: ${{ github.sha }}
|
|
|
|
run: |
|
|
|
|
docker build -t $registry/$repository:$commit_tag . --target=production
|
|
|
|
docker push $registry/$repository:$commit_tag
|
|
|
|
|
|
|
|
deploy:
|
|
|
|
name: Deploy image
|
|
|
|
runs-on: ubuntu-latest
|
|
|
|
environment: ${{ inputs.environment }}
|
|
|
|
needs: push_docker_image
|
|
|
|
|
|
|
|
steps:
|
|
|
|
- name: Configure AWS credentials
|
|
|
|
uses: aws-actions/configure-aws-credentials@v3
|
|
|
|
with:
|
|
|
|
aws-region: ${{ env.aws_region }}
|
|
|
|
role-to-assume: ${{ env.app_repo_role }}
|
|
|
|
|
|
|
|
- name: Login to Amazon ECR
|
|
|
|
id: ecr-login
|
|
|
|
uses: aws-actions/amazon-ecr-login@v1
|
|
|
|
with:
|
|
|
|
mask-password: 'true'
|
|
|
|
|
|
|
|
- name: Get timestamp
|
|
|
|
id: timestamp
|
|
|
|
run: echo "timestamp=$(date +%Y%m%d%H%M%S)" >> $GITHUB_ENV
|
|
|
|
|
|
|
|
- name: Get additional tag
|
|
|
|
run: |
|
|
|
|
echo "additional-tag=$(if [[ ${{ inputs.environment }} == 'production' ]]; then echo ${{ inputs.release_tag }}-${{ env.timestamp }}; else echo ${{ env.timestamp }}; fi)" >> $GITHUB_ENV
|
|
|
|
|
|
|
|
- name: Add environment tag to existing image
|
|
|
|
id: update-image-tags
|
|
|
|
env:
|
|
|
|
registry: ${{ steps.ecr-login.outputs.registry }}
|
|
|
|
commit_tag: ${{ github.sha }}
|
|
|
|
readable_tag: ${{ inputs.environment }}-${{ env.additional-tag }}
|
|
|
|
run: |
|
|
|
|
manifest=$(aws ecr batch-get-image --repository-name $repository --image-ids imageTag=$commit_tag --output text --query images[].imageManifest)
|
|
|
|
aws ecr put-image --repository-name $repository --image-tag $readable_tag --image-manifest "$manifest"
|
|
|
|
echo "image=$registry/$repository:$readable_tag" >> $GITHUB_ENV
|