Browse Source

Deploy to aws in staging pipeline (#1882)

* CLDC-2565: Push docker images to AWS in staging pipeline

* CLDC-2711: Update based on changed resource names

* CLDC-2730: Update aws_deploy pipeline to run database migrations

* CLDC-2730: Temporarily run aws_deploy on push to this branch

* CLDC-2730: Update parameterisation

* CLDC-2730: Remove logging used for debugging

* CLDC-2731: Deploy application to aws

* CLDC-2731: Wait for service stability on deploy

* Revert "CLDC-2730: Temporarily run aws_deploy on push to this branch"

This reverts commit 8b4904dc7d.

* CLDC-2768: Sidekiq (AWS) (#1899)

* feat: update pipeline to deploy sidekiq to aws

* feat: update cron schedule to every 5mins temporarily

* feat: temporarily run aws_deploy on push to this branch

* feat: update aws ecs service name in pipeline

* Revert "feat: update cron schedule to every 5mins temporarily"

This reverts commit 80d0ab8383fa18e2bacd9ca0fa1a1d4048ef4f10.

* Revert "feat: temporarily run aws_deploy on push to this branch"

This reverts commit 48651712e6.

* style: remove unrequired empty line

* feat: reorder pipeline and update sidekiq task definition variable

---------

Co-authored-by: Chirag-Bhatti <109098469+Chirag-Bhatti@users.noreply.github.com>
pull/1932/head
Rachael Booth 1 year ago committed by GitHub
parent
commit
75ec0b65d2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
  1. 174
      .github/workflows/aws_deploy.yml
  2. 12
      .github/workflows/staging_pipeline.yml

174
.github/workflows/aws_deploy.yml

@ -0,0 +1,174 @@
name: AWS Deployment
on:
workflow_call:
inputs:
aws_account_id:
required: true
type: string
aws_resource_prefix:
required: true
type: string
environment:
required: true
type: string
concurrency:
group: deploy-${{ inputs.environment }}
cancel-in-progress: true
env:
app_repo_role: arn:aws:iam::815624722760:role/core-application-repo
aws_region: eu-west-2
repository: core
jobs:
push_docker_image:
name: Push docker image to AWS
runs-on: ubuntu-latest
permissions:
id-token: write
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v3
with:
aws-region: ${{ env.aws_region }}
role-to-assume: ${{ env.app_repo_role }}
- name: Login to Amazon ECR
id: ecr-login
uses: aws-actions/amazon-ecr-login@v1
with:
mask-password: 'true'
- name: Build, tag, and push docker image to ECR
id: build-image
env:
registry: ${{ steps.ecr-login.outputs.registry }}
commit_tag: ${{ github.sha }}
run: |
docker build -t $registry/$repository:$commit_tag . --target=production
docker push $registry/$repository:$commit_tag
deploy:
name: Deploy image
runs-on: ubuntu-latest
environment: ${{ inputs.environment }}
needs: push_docker_image
steps:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v3
with:
aws-region: ${{ env.aws_region }}
role-to-assume: ${{ env.app_repo_role }}
- name: Login to Amazon ECR
id: ecr-login
uses: aws-actions/amazon-ecr-login@v1
with:
mask-password: 'true'
- name: Get timestamp
id: timestamp
run: echo "timestamp=$(date +%Y%m%d%H%M%S)" >> $GITHUB_ENV
- name: Add environment tag to existing image
env:
registry: ${{ steps.ecr-login.outputs.registry }}
commit_tag: ${{ github.sha }}
readable_tag: ${{ inputs.environment }}-${{ env.timestamp }}
run: |
manifest=$(aws ecr batch-get-image --repository-name $repository --image-ids imageTag=$commit_tag --output text --query images[].imageManifest)
aws ecr put-image --repository-name $repository --image-tag $readable_tag --image-manifest "$manifest"
echo "image=$registry/$repository:$readable_tag" >> $GITHUB_ENV
- name: Configure AWS credentials for environment
uses: aws-actions/configure-aws-credentials@v3
with:
aws-region: ${{ env.aws_region }}
role-to-assume: arn:aws:iam::${{ inputs.aws_account_id }}:role/${{ inputs.aws_resource_prefix }}-deployment
role-chaining: true
- name: Download ad hoc task definition
env:
ad_hoc_task_definition: ${{ inputs.aws_resource_prefix }}-ad-hoc
run: |
aws ecs describe-task-definition --task-definition $ad_hoc_task_definition --query taskDefinition > ad-hoc-task-definition.json
- name: Update image ID
id: ad-hoc-task-def
uses: aws-actions/amazon-ecs-render-task-definition@v1
with:
task-definition: ad-hoc-task-definition.json
container-name: app
image: ${{ env.image }}
- name: Update ad hoc task definition
uses: aws-actions/amazon-ecs-deploy-task-definition@v1
with:
task-definition: ${{ steps.ad-hoc-task-def.outputs.task-definition }}
- name: Run migrations task
env:
ad_hoc_task_definition: ${{ inputs.aws_resource_prefix }}-ad-hoc
cluster: ${{ inputs.aws_resource_prefix }}
service: ${{ inputs.aws_resource_prefix }}-app
run: |
network=$(aws ecs describe-services --cluster $cluster --services $service --query services[0].networkConfiguration)
overrides='{ "containerOverrides" : [{ "name" : "app", "command" : ["bundle", "exec", "rake", "db:migrate"]}]}'
arn=$(aws ecs run-task --cluster $cluster --task-definition $ad_hoc_task_definition --network-configuration "$network" --overrides "$overrides" --group migrations --launch-type FARGATE --query tasks[0].taskArn)
echo "Waiting for migration task to complete"
temp=${arn##*/}
id=${temp%*\"}
aws ecs wait tasks-stopped --cluster $cluster --tasks $id
succeeded=$(aws ecs describe-tasks --cluster $cluster --tasks $id --query "tasks[0].stopCode == 'EssentialContainerExited' && to_string(tasks[0].containers[0].exitCode) == '0'")
if [ $succeeded == true ]; then exit 0; else exit 1; fi
- name: Download app service task definition
env:
app_task_definition: ${{ inputs.aws_resource_prefix }}-app
run: |
aws ecs describe-task-definition --task-definition $app_task_definition --query taskDefinition > app-task-definition.json
- name: Update app image ID
id: app-task-def
uses: aws-actions/amazon-ecs-render-task-definition@v1
with:
task-definition: app-task-definition.json
container-name: app
image: ${{ env.image }}
- name: Deploy updated application
uses: aws-actions/amazon-ecs-deploy-task-definition@v1
with:
cluster: ${{ inputs.aws_resource_prefix }}
service: ${{ inputs.aws_resource_prefix }}-app
task-definition: ${{ steps.app-task-def.outputs.task-definition }}
wait-for-service-stability: true
- name: Download sidekiq service task definition
env:
sidekiq_task_definition: ${{ inputs.aws_resource_prefix }}-sidekiq
run: |
aws ecs describe-task-definition --task-definition $sidekiq_task_definition --query taskDefinition > sidekiq-task-definition.json
- name: Update sidekiq image ID
id: sidekiq-task-def
uses: aws-actions/amazon-ecs-render-task-definition@v1
with:
task-definition: sidekiq-task-definition.json
container-name: sidekiq
image: ${{ env.image }}
- name: Deploy updated sidekiq
uses: aws-actions/amazon-ecs-deploy-task-definition@v1
with:
cluster: ${{ inputs.aws_resource_prefix }}
service: ${{ inputs.aws_resource_prefix }}-sidekiq
task-definition: ${{ steps.sidekiq-task-def.outputs.task-definition }}
wait-for-service-stability: true

12
.github/workflows/staging_pipeline.yml

@ -230,3 +230,15 @@ jobs:
cf set-env $APP_NAME CSV_DOWNLOAD_PAAS_INSTANCE $CSV_DOWNLOAD_PAAS_INSTANCE
cf set-env $APP_NAME SENTRY_DSN $SENTRY_DSN
cf push $APP_NAME --strategy rolling -t 180
aws_deploy:
name: AWS Deploy
if: github.ref == 'refs/heads/main'
needs: [lint, test, feature_test, audit]
uses: ./.github/workflows/aws_deploy.yml
with:
aws_account_id: 107155005276
aws_resource_prefix: core-staging
environment: staging
permissions:
id-token: write

Loading…
Cancel
Save