CLDC-2563: Update prod deployment pipeline (#1960)

* CLDC-2563: Update prod deployment pipeline * CLDC-2563: remove redundant REPO_URL assignment * CLDC-2563: use GITHUB_OUTPUT only where necessary * CLDC-2563: don't push image if tag already exists * CLDC-2563: actually use github.sha for production as well * CLDC-2563: remove obsolete env check in push docker image job * CLDC-2563: remove redundant main branch check
1 year ago · 8adc8ed848
2 changed files with 29 additions and 2 deletions
--- a/.github/workflows/aws_deploy.yml
+++ b/.github/workflows/aws_deploy.yml
@ -12,6 +12,9 @@ on:
      environment:
        required: true
        type: string
      release_tag:
        required: false
        type: string
 concurrency:
  group: deploy-${{ inputs.environment }}
@ -45,8 +48,13 @@ jobs:
        with:
          mask-password: 'true'
      - name: Check if image with tag already exists
        run: |
          echo "image-exists=$(if aws ecr list-images --repository-name=$repository --query "imageIds[*].imageTag" | grep -q ${{ github.sha }}; then echo true; else echo false; fi)" >> $GITHUB_ENV
      - name: Build, tag, and push docker image to ECR
        id: build-image
        if: ${{ env.image-exists == 'false' }}
        env:
          registry: ${{ steps.ecr-login.outputs.registry }}
          commit_tag: ${{ github.sha }}
@ -77,11 +85,16 @@ jobs:
        id: timestamp
        run: echo "timestamp=$(date +%Y%m%d%H%M%S)" >> $GITHUB_ENV
      - name: Get additional tag
        run: |
          echo "additional-tag=$(if [[ ${{ inputs.environment }} == 'production' ]]; then echo ${{ inputs.release_tag }}-${{ env.timestamp }}; else echo ${{ env.timestamp }}; fi)" >> $GITHUB_ENV
      - name: Add environment tag to existing image
        id: update-image-tags
        env:
          registry: ${{ steps.ecr-login.outputs.registry }}
          commit_tag: ${{ github.sha }}
-          readable_tag: ${{ inputs.environment }}-${{ env.timestamp }}
+          readable_tag: ${{ inputs.environment }}-${{ env.additional-tag }}
        run: |
          manifest=$(aws ecr batch-get-image --repository-name $repository --image-ids imageTag=$commit_tag --output text --query images[].imageManifest)
          aws ecr put-image --repository-name $repository --image-tag $readable_tag --image-manifest "$manifest"
--- a/.github/workflows/production_pipeline.yml
+++ b/.github/workflows/production_pipeline.yml
@ -16,6 +16,8 @@ jobs:
  test:
    name: Test
    runs-on: ubuntu-latest
    outputs:
      releasetag: ${{ steps.latestrelease.outputs.releasetag }}
    services:
      postgres:
@ -48,7 +50,7 @@ jobs:
      - name: Get latest release with tag
        id: latestrelease
        run: |
-          echo "::set-output name=releasetag::$(curl -s https://api.github.com/repos/${REPO_URL}/releases/latest | jq '.tag_name' | sed 's/\"//g')"
+          echo "releasetag=$(curl -s https://api.github.com/repos/${REPO_URL}/releases/latest | jq '.tag_name' | sed 's/\"//g')" >> $GITHUB_OUTPUT
      - name: Confirm release tag
        run: |
@ -257,3 +259,15 @@ jobs:
          cf set-env $APP_NAME CSV_DOWNLOAD_PAAS_INSTANCE $CSV_DOWNLOAD_PAAS_INSTANCE
          cf set-env $APP_NAME SENTRY_DSN $SENTRY_DSN
          cf push $APP_NAME --strategy rolling
  aws_deploy:
    name: AWS Deploy
    needs: [lint, test, feature_test, audit]
    uses: ./.github/workflows/aws_deploy.yml
    with:
      aws_account_id: 977287343304
      aws_resource_prefix: core-prod
      environment: production
      release_tag: ${{ needs.test.outputs.releasetag }}
    permissions:
      id-token: write