name: AWS Deployment on: workflow_call: inputs: environment: required: true type: string concurrency: group: deploy-${{ inputs.environment }} cancel-in-progress: true env: app_repo_role: arn:aws:iam::815624722760:role/core-application-repo aws_region: eu-west-2 repository: core jobs: push_docker_image: name: Push docker image to AWS runs-on: ubuntu-latest permissions: id-token: write outputs: image: ${{ steps.build-image.outputs.image }} steps: - name: Checkout code uses: actions/checkout@v3 - name: Configure AWS credentials uses: aws-actions/configure-aws-credentials@v3 with: aws-region: ${{ env.aws_region }} role-to-assume: ${{ env.app_repo_role }} - name: Login to Amazon ECR id: ecr-login uses: aws-actions/amazon-ecr-login@v1 with: mask-password: 'true' - name: Build, tag, and push docker image to ECR id: build-image env: registry: ${{ steps.ecr-login.outputs.registry }} commit_tag: ${{ github.sha }} run: | docker build -t $registry/$repository:$commit_tag . --target=production docker push $registry/$repository:$commit_tag deploy: name: Deploy image runs-on: ubuntu-latest environment: ${{ inputs.environment }} needs: push_docker_image steps: - name: Configure AWS credentials uses: aws-actions/configure-aws-credentials@v3 with: aws-region: ${{ env.aws_region }} role-to-assume: ${{ env.app_repo_role }} - name: Login to Amazon ECR id: ecr-login uses: aws-actions/amazon-ecr-login@v1 with: mask-password: 'true' - name: Get timestamp id: timestamp run: echo "timestamp=$(date +%Y%m%d%H%M%S)" >> $GITHUB_ENV - name: Add environment tag to existing image env: registry: ${{ steps.ecr-login.outputs.registry }} commit_tag: ${{ github.sha }} readable_tag: ${{ inputs.environment }}-${{ env.timestamp }} run: | manifest=$(aws ecr batch-get-image --repository-name $repository --image-ids imageTag=$commit_tag --output text --query images[].imageManifest) aws ecr put-image --repository-name $repository --image-tag $readable_tag --image-manifest "$manifest" echo "image=$registry/$repository:$readable_tag" >> $GITHUB_ENV - name: TODO run: echo $image