name: AWS Deployment
on:
workflow_call:
inputs:
aws_account_id:
required: true
type: string
aws_resource_prefix:
required: true
type: string
environment:
required: true
type: string
release_tag:
required: false
type: string
concurrency:
group: deploy-${{ inputs.environment }}
cancel-in-progress: true
env:
app_repo_role: arn:aws:iam::815624722760:role/core-application-repo
aws_region: eu-west-2
repository: core
jobs:
push_docker_image:
if: inputs.environment != 'production'
name: Push docker image to AWS
runs-on: ubuntu-latest
permissions:
id-token: write
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v3
with:
aws-region: ${{ env.aws_region }}
role-to-assume: ${{ env.app_repo_role }}
- name: Login to Amazon ECR
id: ecr-login
uses: aws-actions/amazon-ecr-login@v1
with:
mask-password: 'true'
- name: Check if image with tag already exists (hide errors?)
run: |
aws ecr describe-images --repository-name=$repository --image-ids=imageTag=${{ github.sha }} 2> /dev/null
- name: Check if image with tag already exists
run: |
aws ecr describe-images --repository-name=$repository --image-ids=imageTag=${{ github.sha }}
- name: Build, tag, and push docker image to ECR
id: build-image
env:
registry: ${{ steps.ecr-login.outputs.registry }}
commit_tag: ${{ github.sha }}
run: |
docker build -t $registry/$repository:$commit_tag . --target=production
docker push $registry/$repository:$commit_tag
deploy:
name: Deploy image
runs-on: ubuntu-latest
environment: ${{ inputs.environment }}
needs: push_docker_image
if: |
always() &&
(needs.push_docker_image.result == 'success' || needs.push_docker_image.result == 'skipped')
steps:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v3
with:
aws-region: ${{ env.aws_region }}
role-to-assume: ${{ env.app_repo_role }}
- name: Login to Amazon ECR
id: ecr-login
uses: aws-actions/amazon-ecr-login@v1
with:
mask-password: 'true'
- name: Get timestamp
id: timestamp
run: echo "timestamp=$(date +%Y%m%d%H%M%S)" >> $GITHUB_ENV
- name: Checkout at release tag
uses: actions/checkout@v3
if: inputs.environment == 'production'
with:
ref: ${{ inputs.release_tag }}
- name: Get tags
id: tags
run: |
echo "commit-tag=$(if [[ ${{ inputs.environment }} == 'production' ]]; then echo $(git log -1 '--format=format:%H'); else echo ${{ github.sha }}; fi)" >> $GITHUB_ENV
echo "additional-tag=$(if [[ ${{ inputs.environment }} == 'production' ]]; then echo ${{ inputs.release_tag }}-${{ env.timestamp }}; else echo ${{ env.timestamp }}; fi)" >> $GITHUB_ENV
- name: Add environment tag to existing image
id: update-image-tags
env:
registry: ${{ steps.ecr-login.outputs.registry }}
commit_tag: ${{ env.commit-tag }}
readable_tag: ${{ inputs.environment }}-${{ env.additional-tag }}
run: |
manifest=$(aws ecr batch-get-image --repository-name $repository --image-ids imageTag=$commit_tag --output text --query images[].imageManifest)
aws ecr put-image --repository-name $repository --image-tag $readable_tag --image-manifest "$manifest"
echo "image=$registry/$repository:$readable_tag" >> $GITHUB_ENV
- name: Configure AWS credentials for environment
uses: aws-actions/configure-aws-credentials@v3
with:
aws-region: ${{ env.aws_region }}
role-to-assume: arn:aws:iam::${{ inputs.aws_account_id }}:role/${{ inputs.aws_resource_prefix }}-deployment
role-chaining: true
- name: Download ad hoc task definition
env:
ad_hoc_task_definition: ${{ inputs.aws_resource_prefix }}-ad-hoc
run: |
aws ecs describe-task-definition --task-definition $ad_hoc_task_definition --query taskDefinition > ad-hoc-task-definition.json
- name: Update image ID
id: ad-hoc-task-def
uses: aws-actions/amazon-ecs-render-task-definition@v1
with:
task-definition: ad-hoc-task-definition.json
container-name: app
image: ${{ env.image }}
- name: Update ad hoc task definition
uses: aws-actions/amazon-ecs-deploy-task-definition@v1
with:
task-definition: ${{ steps.ad-hoc-task-def.outputs.task-definition }}
- name: Run migrations task
env:
ad_hoc_task_definition: ${{ inputs.aws_resource_prefix }}-ad-hoc
cluster: ${{ inputs.aws_resource_prefix }}-app
service: ${{ inputs.aws_resource_prefix }}-app
run: |
network=$(aws ecs describe-services --cluster $cluster --services $service --query services[0].networkConfiguration)
overrides='{ "containerOverrides" : [{ "name" : "app", "command" : ["bundle", "exec", "rake", "db:migrate"]}]}'
arn=$(aws ecs run-task --cluster $cluster --task-definition $ad_hoc_task_definition --network-configuration "$network" --overrides "$overrides" --group migrations --launch-type FARGATE --query tasks[0].taskArn)
echo "Waiting for migration task to complete"
temp=${arn##*/}
id=${temp%*\"}
aws ecs wait tasks-stopped --cluster $cluster --tasks $id
succeeded=$(aws ecs describe-tasks --cluster $cluster --tasks $id --query "tasks[0].stopCode == 'EssentialContainerExited' && to_string(tasks[0].containers[0].exitCode) == '0'")
if [ $succeeded == true ]; then exit 0; else exit 1; fi
- name: Download app service task definition
env:
app_task_definition: ${{ inputs.aws_resource_prefix }}-app
run: |
aws ecs describe-task-definition --task-definition $app_task_definition --query taskDefinition > app-task-definition.json
- name: Update app image ID
id: app-task-def
uses: aws-actions/amazon-ecs-render-task-definition@v1
with:
task-definition: app-task-definition.json
container-name: app
image: ${{ env.image }}
- name: Deploy updated application
uses: aws-actions/amazon-ecs-deploy-task-definition@v1
with:
cluster: ${{ inputs.aws_resource_prefix }}-app
service: ${{ inputs.aws_resource_prefix }}-app
task-definition: ${{ steps.app-task-def.outputs.task-definition }}
wait-for-service-stability: true
- name: Download sidekiq service task definition
env:
sidekiq_task_definition: ${{ inputs.aws_resource_prefix }}-sidekiq
run: |
aws ecs describe-task-definition --task-definition $sidekiq_task_definition --query taskDefinition > sidekiq-task-definition.json
- name: Update sidekiq image ID
id: sidekiq-task-def
uses: aws-actions/amazon-ecs-render-task-definition@v1
with:
task-definition: sidekiq-task-definition.json
container-name: sidekiq
image: ${{ env.image }}
- name: Deploy updated sidekiq
uses: aws-actions/amazon-ecs-deploy-task-definition@v1
with:
cluster: ${{ inputs.aws_resource_prefix }}-app
service: ${{ inputs.aws_resource_prefix }}-sidekiq
task-definition: ${{ steps.sidekiq-task-def.outputs.task-definition }}
wait-for-service-stability: true