baarkerlounger
/
submit-social-housing-lettings-and-sales-data
mirror of https://github.com/communitiesuk/submit-social-housing-lettings-and-sales-data.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Submit social housing lettings and sales data (CORE)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3264 Commits
237 Branches
292 Tags
81 MiB
 
 
 
 
Tree: ca29451ea2
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'ca29451ea2'
${ noResults }
submit-social-housing-letti.../.github/workflows/aws_deploy.yml

211 lines
8.6 KiB
Raw Blame History

name: AWS Deployment
on:
workflow_call:
inputs:
aws_account_id:
required: true
type: string
aws_role_prefix:
required: true
type: string
aws_task_prefix:
required: true
type: string
concurrency_tag:
required: false
type: string
default: ""
environment:
required: true
type: string
release_tag:
required: false
type: string
concurrency:
group: deploy-${{ inputs.environment }}${{ inputs.concurrency_tag }}
cancel-in-progress: true
env:
app_repo_role: arn:aws:iam::815624722760:role/core-application-repo
aws_region: eu-west-2
repository: core
jobs:
push_docker_image:
name: Push docker image to AWS
runs-on: ubuntu-latest
permissions:
id-token: write
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{ env.aws_region }}
role-to-assume: ${{ env.app_repo_role }}
- name: Login to Amazon ECR
id: ecr-login
uses: aws-actions/amazon-ecr-login@v2
- name: Check if image with tag already exists
run: |
echo "image-exists=$(if aws ecr list-images --repository-name=$repository --query "imageIds[*].imageTag" | grep -q ${{ github.sha }}; then echo true; else echo false; fi)" >> $GITHUB_ENV
- name: Build, tag, and push docker image to ECR if there is no image, failing for releases
id: build-image
if: ${{ env.image-exists == 'false' }}
env:
registry: ${{ steps.ecr-login.outputs.registry }}
commit_tag: ${{ github.sha }}
run: |
if [[ ${{ inputs.environment }} == 'production' ]]; then
echo "Error: Deployment to production environment is not allowed as there is no docker image (i.e. the AWS deploy on staging was unsuccessful for this commit)."
exit 1
fi
docker build -t $registry/$repository:$commit_tag . --target=production
docker push $registry/$repository:$commit_tag
deploy:
name: Deploy image
runs-on: ubuntu-latest
environment: ${{ inputs.environment }}
needs: push_docker_image
steps:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{ env.aws_region }}
role-to-assume: ${{ env.app_repo_role }}
- name: Login to Amazon ECR
id: ecr-login
uses: aws-actions/amazon-ecr-login@v2
- name: Get timestamp
id: timestamp
run: echo "timestamp=$(date +%Y%m%d%H%M%S)" >> $GITHUB_ENV
- name: Get additional tag
run: |
echo "additional-tag=$(if [[ ${{ inputs.environment }} == 'production' ]]; then echo ${{ inputs.release_tag }}-${{ env.timestamp }}; else echo ${{ env.timestamp }}; fi)" >> $GITHUB_ENV
- name: Add environment tag to existing image
id: update-image-tags
env:
registry: ${{ steps.ecr-login.outputs.registry }}
commit_tag: ${{ github.sha }}
readable_tag: ${{ inputs.environment }}-${{ env.additional-tag }}
run: |
manifest=$(aws ecr batch-get-image --repository-name $repository --image-ids imageTag=$commit_tag --output text --query images[].imageManifest)
aws ecr put-image --repository-name $repository --image-tag $readable_tag --image-manifest "$manifest"
echo "image=$registry/$repository:$readable_tag" >> $GITHUB_ENV
- name: Configure AWS credentials for environment
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{ env.aws_region }}
role-to-assume: arn:aws:iam::${{ inputs.aws_account_id }}:role/${{ inputs.aws_role_prefix }}-deployment
role-chaining: true
- name: Download ad hoc task definition
env:
ad_hoc_task_definition: ${{ inputs.aws_task_prefix }}-ad-hoc
run: |
aws ecs describe-task-definition --task-definition $ad_hoc_task_definition --query taskDefinition > ad-hoc-task-definition.json
- name: Update image ID
id: ad-hoc-task-def
uses: aws-actions/amazon-ecs-render-task-definition@v1
with:
task-definition: ad-hoc-task-definition.json
container-name: app
image: ${{ env.image }}
- name: Update ad hoc task definition
uses: aws-actions/amazon-ecs-deploy-task-definition@v2
with:
task-definition: ${{ steps.ad-hoc-task-def.outputs.task-definition }}
- name: Setup Database
if: ${{ inputs.environment == 'review' }}
env:
ad_hoc_task_definition: ${{ inputs.aws_task_prefix }}-ad-hoc
cluster: ${{ inputs.aws_task_prefix }}-app
service: ${{ inputs.aws_task_prefix }}-app
run: |
network=$(aws ecs describe-services --cluster $cluster --services $service --query services[0].networkConfiguration)
overrides='{ "containerOverrides" : [{ "name" : "app", "command" : ["bundle", "exec", "rake", "db:prepare"]}]}'
arn=$(aws ecs run-task --cluster $cluster --task-definition $ad_hoc_task_definition --network-configuration "$network" --overrides "$overrides" --group migrations --launch-type FARGATE --query tasks[0].taskArn)
echo "Waiting for db prepare task to complete"
temp=${arn##*/}
id=${temp%*\"}
aws ecs wait tasks-stopped --cluster $cluster --tasks $id
succeeded=$(aws ecs describe-tasks --cluster $cluster --tasks $id --query "tasks[0].stopCode == 'EssentialContainerExited' && to_string(tasks[0].containers[0].exitCode) == '0'")
if [ $succeeded == true ]; then exit 0; else exit 1; fi
- name: Run migrations task
env:
ad_hoc_task_definition: ${{ inputs.aws_task_prefix }}-ad-hoc
cluster: ${{ inputs.aws_task_prefix }}-app
service: ${{ inputs.aws_task_prefix }}-app
run: |
network=$(aws ecs describe-services --cluster $cluster --services $service --query services[0].networkConfiguration)
overrides='{ "containerOverrides" : [{ "name" : "app", "command" : ["bundle", "exec", "rake", "db:migrate"]}]}'
arn=$(aws ecs run-task --cluster $cluster --task-definition $ad_hoc_task_definition --network-configuration "$network" --overrides "$overrides" --group migrations --launch-type FARGATE --query tasks[0].taskArn)
echo "Waiting for migration task to complete"
temp=${arn##*/}
id=${temp%*\"}
aws ecs wait tasks-stopped --cluster $cluster --tasks $id
succeeded=$(aws ecs describe-tasks --cluster $cluster --tasks $id --query "tasks[0].stopCode == 'EssentialContainerExited' && to_string(tasks[0].containers[0].exitCode) == '0'")
if [ $succeeded == true ]; then exit 0; else exit 1; fi
- name: Download app service task definition
env:
app_task_definition: ${{ inputs.aws_task_prefix }}-app
run: |
aws ecs describe-task-definition --task-definition $app_task_definition --query taskDefinition > app-task-definition.json
- name: Update app image ID
id: app-task-def
uses: aws-actions/amazon-ecs-render-task-definition@v1
with:
task-definition: app-task-definition.json
container-name: app
image: ${{ env.image }}
- name: Deploy updated application
uses: aws-actions/amazon-ecs-deploy-task-definition@v2
with:
cluster: ${{ inputs.aws_task_prefix }}-app
service: ${{ inputs.aws_task_prefix }}-app
task-definition: ${{ steps.app-task-def.outputs.task-definition }}
wait-for-service-stability: true
- name: Download sidekiq service task definition
env:
sidekiq_task_definition: ${{ inputs.aws_task_prefix }}-sidekiq
run: |
aws ecs describe-task-definition --task-definition $sidekiq_task_definition --query taskDefinition > sidekiq-task-definition.json
- name: Update sidekiq image ID
id: sidekiq-task-def
uses: aws-actions/amazon-ecs-render-task-definition@v1
with:
task-definition: sidekiq-task-definition.json
container-name: sidekiq
image: ${{ env.image }}
- name: Deploy updated sidekiq
uses: aws-actions/amazon-ecs-deploy-task-definition@v2
with:
cluster: ${{ inputs.aws_task_prefix }}-app
service: ${{ inputs.aws_task_prefix }}-sidekiq
task-definition: ${{ steps.sidekiq-task-def.outputs.task-definition }}
wait-for-service-stability: true