|
|
|
name: AWS Deployment
|
|
|
|
|
|
|
|
on:
|
|
|
|
workflow_call:
|
|
|
|
inputs:
|
|
|
|
aws_account_id:
|
|
|
|
required: true
|
|
|
|
type: string
|
|
|
|
aws_resource_prefix:
|
|
|
|
required: true
|
|
|
|
type: string
|
|
|
|
environment:
|
|
|
|
required: true
|
|
|
|
type: string
|
|
|
|
|
|
|
|
concurrency:
|
|
|
|
group: deploy-${{ inputs.environment }}
|
|
|
|
cancel-in-progress: true
|
|
|
|
|
|
|
|
env:
|
|
|
|
app_repo_role: arn:aws:iam::815624722760:role/core-application-repo
|
|
|
|
aws_region: eu-west-2
|
|
|
|
repository: core
|
|
|
|
REPO_URL: communitiesuk/submit-social-housing-lettings-and-sales-data
|
|
|
|
|
|
|
|
jobs:
|
|
|
|
push_docker_image:
|
|
|
|
if: inputs.environment != 'production'
|
|
|
|
name: Push docker image to AWS
|
|
|
|
runs-on: ubuntu-latest
|
|
|
|
permissions:
|
|
|
|
id-token: write
|
|
|
|
|
|
|
|
steps:
|
|
|
|
- name: Checkout code
|
|
|
|
uses: actions/checkout@v3
|
|
|
|
|
|
|
|
- name: Configure AWS credentials
|
|
|
|
uses: aws-actions/configure-aws-credentials@v3
|
|
|
|
with:
|
|
|
|
aws-region: ${{ env.aws_region }}
|
|
|
|
role-to-assume: ${{ env.app_repo_role }}
|
|
|
|
|
|
|
|
- name: Login to Amazon ECR
|
|
|
|
id: ecr-login
|
|
|
|
uses: aws-actions/amazon-ecr-login@v1
|
|
|
|
with:
|
|
|
|
mask-password: 'true'
|
|
|
|
|
|
|
|
- name: Build, tag, and push docker image to ECR
|
|
|
|
id: build-image
|
|
|
|
env:
|
|
|
|
registry: ${{ steps.ecr-login.outputs.registry }}
|
|
|
|
commit_tag: ${{ github.sha }}
|
|
|
|
run: |
|
|
|
|
docker build -t $registry/$repository:$commit_tag . --target=production
|
|
|
|
docker push $registry/$repository:$commit_tag
|
|
|
|
|
|
|
|
deploy:
|
|
|
|
name: Deploy image
|
|
|
|
runs-on: ubuntu-latest
|
|
|
|
environment: ${{ inputs.environment }}
|
|
|
|
needs: push_docker_image
|
|
|
|
if: |
|
|
|
|
always() &&
|
|
|
|
(needs.push_docker_image.result == 'success' || needs.push_docker_image.result == 'skipped')
|
|
|
|
|
|
|
|
steps:
|
|
|
|
- name: Configure AWS credentials
|
|
|
|
uses: aws-actions/configure-aws-credentials@v3
|
|
|
|
with:
|
|
|
|
aws-region: ${{ env.aws_region }}
|
|
|
|
role-to-assume: ${{ env.app_repo_role }}
|
|
|
|
|
|
|
|
- name: Login to Amazon ECR
|
|
|
|
id: ecr-login
|
|
|
|
uses: aws-actions/amazon-ecr-login@v1
|
|
|
|
with:
|
|
|
|
mask-password: 'true'
|
|
|
|
|
|
|
|
- name: Get timestamp
|
|
|
|
id: timestamp
|
|
|
|
if: inputs.environment != 'production'
|
|
|
|
run: |
|
|
|
|
echo "::set-output name=timestamp::$(echo "timestamp=$(date +%Y%m%d%H%M%S)")"
|
|
|
|
|
|
|
|
- name: Get latest release with tag
|
|
|
|
id: latestrelease
|
|
|
|
if: inputs.environment == 'production'
|
|
|
|
run: |
|
|
|
|
echo "::set-output name=releasetag::$(curl -s https://api.github.com/repos/${REPO_URL}/releases/latest | jq '.tag_name' | sed 's/\"//g')"
|
|
|
|
|
|
|
|
- name: Confirm release tag
|
|
|
|
if: inputs.environment == 'production'
|
|
|
|
run: |
|
|
|
|
echo ${{ steps.latestrelease.outputs.releasetag }}
|
|
|
|
|
|
|
|
- name: Checkout tag
|
|
|
|
uses: actions/checkout@v3
|
|
|
|
if: inputs.environment == 'production'
|
|
|
|
with:
|
|
|
|
ref: ${{ steps.latestrelease.outputs.releasetag }}
|
|
|
|
|
|
|
|
- name: Construct environment-dependent tag
|
|
|
|
id: tag
|
|
|
|
run: |
|
|
|
|
echo "::set-output name=tag::$(if [[ ${{ inputs.environment == 'production' }} ]]; then echo ${{ steps.latestrelease.outputs.releasetag }}; else echo ${{ steps.timestamp.outputs.timestamp }}; fi)"
|
|
|
|
|
|
|
|
- name: Add environment tag to existing image
|
|
|
|
env:
|
|
|
|
registry: ${{ steps.ecr-login.outputs.registry }}
|
|
|
|
commit_tag: ${{ github.sha }}
|
|
|
|
readable_tag: ${{ inputs.environment }}-${{ steps.tag.outputs.tag }}
|
|
|
|
run: |
|
|
|
|
manifest=$(aws ecr batch-get-image --repository-name $repository --image-ids imageTag=$commit_tag --output text --query images[].imageManifest)
|
|
|
|
aws ecr put-image --repository-name $repository --image-tag $readable_tag --image-manifest "$manifest"
|
|
|
|
echo "image=$registry/$repository:$readable_tag" >> $GITHUB_ENV
|
|
|
|
|
|
|
|
- name: Configure AWS credentials for environment
|
|
|
|
uses: aws-actions/configure-aws-credentials@v3
|
|
|
|
with:
|
|
|
|
aws-region: ${{ env.aws_region }}
|
|
|
|
role-to-assume: arn:aws:iam::${{ inputs.aws_account_id }}:role/${{ inputs.aws_resource_prefix }}-deployment
|
|
|
|
role-chaining: true
|
|
|
|
|
|
|
|
- name: Download ad hoc task definition
|
|
|
|
env:
|
|
|
|
ad_hoc_task_definition: ${{ inputs.aws_resource_prefix }}-ad-hoc
|
|
|
|
run: |
|
|
|
|
aws ecs describe-task-definition --task-definition $ad_hoc_task_definition --query taskDefinition > ad-hoc-task-definition.json
|
|
|
|
|
|
|
|
- name: Update image ID
|
|
|
|
id: ad-hoc-task-def
|
|
|
|
uses: aws-actions/amazon-ecs-render-task-definition@v1
|
|
|
|
with:
|
|
|
|
task-definition: ad-hoc-task-definition.json
|
|
|
|
container-name: app
|
|
|
|
image: ${{ env.image }}
|
|
|
|
|
|
|
|
- name: Update ad hoc task definition
|
|
|
|
uses: aws-actions/amazon-ecs-deploy-task-definition@v1
|
|
|
|
with:
|
|
|
|
task-definition: ${{ steps.ad-hoc-task-def.outputs.task-definition }}
|
|
|
|
|
|
|
|
- name: Run migrations task
|
|
|
|
env:
|
|
|
|
ad_hoc_task_definition: ${{ inputs.aws_resource_prefix }}-ad-hoc
|
|
|
|
cluster: ${{ inputs.aws_resource_prefix }}-app
|
|
|
|
service: ${{ inputs.aws_resource_prefix }}-app
|
|
|
|
run: |
|
|
|
|
network=$(aws ecs describe-services --cluster $cluster --services $service --query services[0].networkConfiguration)
|
|
|
|
overrides='{ "containerOverrides" : [{ "name" : "app", "command" : ["bundle", "exec", "rake", "db:migrate"]}]}'
|
|
|
|
arn=$(aws ecs run-task --cluster $cluster --task-definition $ad_hoc_task_definition --network-configuration "$network" --overrides "$overrides" --group migrations --launch-type FARGATE --query tasks[0].taskArn)
|
|
|
|
echo "Waiting for migration task to complete"
|
|
|
|
temp=${arn##*/}
|
|
|
|
id=${temp%*\"}
|
|
|
|
aws ecs wait tasks-stopped --cluster $cluster --tasks $id
|
|
|
|
succeeded=$(aws ecs describe-tasks --cluster $cluster --tasks $id --query "tasks[0].stopCode == 'EssentialContainerExited' && to_string(tasks[0].containers[0].exitCode) == '0'")
|
|
|
|
if [ $succeeded == true ]; then exit 0; else exit 1; fi
|
|
|
|
|
|
|
|
- name: Download app service task definition
|
|
|
|
env:
|
|
|
|
app_task_definition: ${{ inputs.aws_resource_prefix }}-app
|
|
|
|
run: |
|
|
|
|
aws ecs describe-task-definition --task-definition $app_task_definition --query taskDefinition > app-task-definition.json
|
|
|
|
|
|
|
|
- name: Update app image ID
|
|
|
|
id: app-task-def
|
|
|
|
uses: aws-actions/amazon-ecs-render-task-definition@v1
|
|
|
|
with:
|
|
|
|
task-definition: app-task-definition.json
|
|
|
|
container-name: app
|
|
|
|
image: ${{ env.image }}
|
|
|
|
|
|
|
|
- name: Deploy updated application
|
|
|
|
uses: aws-actions/amazon-ecs-deploy-task-definition@v1
|
|
|
|
with:
|
|
|
|
cluster: ${{ inputs.aws_resource_prefix }}-app
|
|
|
|
service: ${{ inputs.aws_resource_prefix }}-app
|
|
|
|
task-definition: ${{ steps.app-task-def.outputs.task-definition }}
|
|
|
|
wait-for-service-stability: true
|
|
|
|
|
|
|
|
- name: Download sidekiq service task definition
|
|
|
|
env:
|
|
|
|
sidekiq_task_definition: ${{ inputs.aws_resource_prefix }}-sidekiq
|
|
|
|
run: |
|
|
|
|
aws ecs describe-task-definition --task-definition $sidekiq_task_definition --query taskDefinition > sidekiq-task-definition.json
|
|
|
|
|
|
|
|
- name: Update sidekiq image ID
|
|
|
|
id: sidekiq-task-def
|
|
|
|
uses: aws-actions/amazon-ecs-render-task-definition@v1
|
|
|
|
with:
|
|
|
|
task-definition: sidekiq-task-definition.json
|
|
|
|
container-name: sidekiq
|
|
|
|
image: ${{ env.image }}
|
|
|
|
|
|
|
|
- name: Deploy updated sidekiq
|
|
|
|
uses: aws-actions/amazon-ecs-deploy-task-definition@v1
|
|
|
|
with:
|
|
|
|
cluster: ${{ inputs.aws_resource_prefix }}-app
|
|
|
|
service: ${{ inputs.aws_resource_prefix }}-sidekiq
|
|
|
|
task-definition: ${{ steps.sidekiq-task-def.outputs.task-definition }}
|
|
|
|
wait-for-service-stability: true
|