From a245677d7db44dfa40479e8aec0d0a42b56716e9 Mon Sep 17 00:00:00 2001 From: Rachael Booth Date: Thu, 31 Aug 2023 17:34:14 +0100 Subject: [PATCH] CLDC-2565: Push docker images to AWS in staging pipeline --- .github/workflows/aws_deploy.yml | 87 ++++++++++++++++++++++++++ .github/workflows/staging_pipeline.yml | 10 +++ 2 files changed, 97 insertions(+) create mode 100644 .github/workflows/aws_deploy.yml diff --git a/.github/workflows/aws_deploy.yml b/.github/workflows/aws_deploy.yml new file mode 100644 index 000000000..1049f31bf --- /dev/null +++ b/.github/workflows/aws_deploy.yml @@ -0,0 +1,87 @@ +name: AWS Deployment + +on: + workflow_call: + inputs: + environment: + required: true + type: string + +concurrency: + group: deploy-${{ inputs.environment }} + cancel-in-progress: true + +env: + app_repo_role: arn:aws:iam::815624722760:role/core-application-repo + aws_region: eu-west-2 + repository: core-ecr + +jobs: + push_docker_image: + name: Push docker image to AWS + runs-on: ubuntu-latest + permissions: + id-token: write + outputs: + image: ${{ steps.build-image.outputs.image }} + + steps: + - name: Checkout code + uses: actions/checkout@v3 + + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v3 + with: + aws-region: ${{ env.aws_region }} + role-to-assume: ${{ env.app_repo_role }} + + - name: Login to Amazon ECR + id: ecr-login + uses: aws-actions/amazon-ecr-login@v1 + with: + mask-password: 'true' + + - name: Build, tag, and push docker image to ECR + id: build-image + env: + registry: ${{ steps.ecr-login.outputs.registry }} + commit_tag: ${{ github.sha }} + run: | + docker build -t $registry/$repository:$commit_tag . --target=production + docker push $registry/$repository:$commit_tag + + deploy: + name: Deploy image + runs-on: ubuntu-latest + environment: ${{ inputs.environment }} + needs: push_docker_image + + steps: + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v3 + with: + aws-region: ${{ env.aws_region }} + role-to-assume: ${{ env.app_repo_role }} + + - name: Login to Amazon ECR + id: ecr-login + uses: aws-actions/amazon-ecr-login@v1 + with: + mask-password: 'true' + + - name: Get timestamp + id: timestamp + run: echo "timestamp=$(date +%Y%m%d%H%M%S)" >> $GITHUB_ENV + + - name: Add environment tag to existing image + env: + registry: ${{ steps.ecr-login.outputs.registry }} + commit_tag: ${{ github.sha }} + readable_tag: ${{ inputs.environment }}-${{ env.timestamp }} + run: | + manifest=$(aws ecr batch-get-image --repository-name $repository --image-ids imageTag=$commit_tag --output text --query images[].imageManifest) + aws ecr put-image --repository-name $repository --image-tag $readable_tag --image-manifest "$manifest" + echo "image=$registry/$repository:$readable_tag" >> $GITHUB_ENV + + - name: TODO + run: echo $image diff --git a/.github/workflows/staging_pipeline.yml b/.github/workflows/staging_pipeline.yml index 06f22632b..eae871b31 100644 --- a/.github/workflows/staging_pipeline.yml +++ b/.github/workflows/staging_pipeline.yml @@ -230,3 +230,13 @@ jobs: cf set-env $APP_NAME CSV_DOWNLOAD_PAAS_INSTANCE $CSV_DOWNLOAD_PAAS_INSTANCE cf set-env $APP_NAME SENTRY_DSN $SENTRY_DSN cf push $APP_NAME --strategy rolling + + aws_deploy: + name: AWS Deploy + if: github.ref == 'refs/heads/main' + needs: [lint, test, feature_test, audit] + uses: ./.github/workflows/aws_deploy.yml + with: + environment: staging + permissions: + id-token: write