You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
215 lines
8.7 KiB
215 lines
8.7 KiB
name: AWS Deployment |
|
|
|
on: |
|
workflow_call: |
|
inputs: |
|
aws_account_id: |
|
required: true |
|
type: string |
|
aws_role_prefix: |
|
required: true |
|
type: string |
|
aws_task_prefix: |
|
required: true |
|
type: string |
|
concurrency_tag: |
|
required: false |
|
type: string |
|
default: "" |
|
environment: |
|
required: true |
|
type: string |
|
release_tag: |
|
required: false |
|
type: string |
|
|
|
concurrency: |
|
group: deploy-${{ inputs.environment }}${{ inputs.concurrency_tag }} |
|
cancel-in-progress: true |
|
|
|
env: |
|
app_repo_role: arn:aws:iam::815624722760:role/core-application-repo |
|
aws_region: eu-west-2 |
|
repository: core |
|
|
|
jobs: |
|
push_docker_image: |
|
name: Push docker image to AWS |
|
runs-on: ubuntu-latest |
|
permissions: |
|
id-token: write |
|
|
|
steps: |
|
- name: Checkout code |
|
uses: actions/checkout@v3 |
|
|
|
- name: Configure AWS credentials |
|
uses: aws-actions/configure-aws-credentials@v3 |
|
with: |
|
aws-region: ${{ env.aws_region }} |
|
role-to-assume: ${{ env.app_repo_role }} |
|
|
|
- name: Login to Amazon ECR |
|
id: ecr-login |
|
uses: aws-actions/amazon-ecr-login@v1 |
|
with: |
|
mask-password: "true" |
|
|
|
- name: Check if image with tag already exists |
|
run: | |
|
echo "image-exists=$(if aws ecr list-images --repository-name=$repository --query "imageIds[*].imageTag" | grep -q ${{ github.sha }}; then echo true; else echo false; fi)" >> $GITHUB_ENV |
|
|
|
- name: Build, tag, and push docker image to ECR if there is no image, failing for releases |
|
id: build-image |
|
if: ${{ env.image-exists == 'false' }} |
|
env: |
|
registry: ${{ steps.ecr-login.outputs.registry }} |
|
commit_tag: ${{ github.sha }} |
|
run: | |
|
if [[ ${{ inputs.environment }} == 'production' ]]; then |
|
echo "Error: Deployment to production environment is not allowed as there is no docker image (i.e. the AWS deploy on staging was unsuccessful for this commit)." |
|
exit 1 |
|
fi |
|
docker build -t $registry/$repository:$commit_tag . --target=production --build-arg CONCURRENCY_TAG=${{ inputs.concurrency_tag }} |
|
docker push $registry/$repository:$commit_tag |
|
|
|
deploy: |
|
name: Deploy image |
|
runs-on: ubuntu-latest |
|
environment: ${{ inputs.environment }} |
|
needs: push_docker_image |
|
|
|
steps: |
|
- name: Configure AWS credentials |
|
uses: aws-actions/configure-aws-credentials@v3 |
|
with: |
|
aws-region: ${{ env.aws_region }} |
|
role-to-assume: ${{ env.app_repo_role }} |
|
|
|
- name: Login to Amazon ECR |
|
id: ecr-login |
|
uses: aws-actions/amazon-ecr-login@v1 |
|
with: |
|
mask-password: "true" |
|
|
|
- name: Get timestamp |
|
id: timestamp |
|
run: echo "timestamp=$(date +%Y%m%d%H%M%S)" >> $GITHUB_ENV |
|
|
|
- name: Get additional tag |
|
run: | |
|
echo "additional-tag=$(if [[ ${{ inputs.environment }} == 'production' ]]; then echo ${{ inputs.release_tag }}-${{ env.timestamp }}; else echo ${{ env.timestamp }}; fi)" >> $GITHUB_ENV |
|
|
|
- name: Add environment tag to existing image |
|
id: update-image-tags |
|
env: |
|
registry: ${{ steps.ecr-login.outputs.registry }} |
|
commit_tag: ${{ github.sha }} |
|
readable_tag: ${{ inputs.environment }}-${{ env.additional-tag }} |
|
run: | |
|
manifest=$(aws ecr batch-get-image --repository-name $repository --image-ids imageTag=$commit_tag --output text --query images[].imageManifest) |
|
aws ecr put-image --repository-name $repository --image-tag $readable_tag --image-manifest "$manifest" |
|
echo "image=$registry/$repository:$readable_tag" >> $GITHUB_ENV |
|
|
|
- name: Configure AWS credentials for environment |
|
uses: aws-actions/configure-aws-credentials@v3 |
|
with: |
|
aws-region: ${{ env.aws_region }} |
|
role-to-assume: arn:aws:iam::${{ inputs.aws_account_id }}:role/${{ inputs.aws_role_prefix }}-deployment |
|
role-chaining: true |
|
|
|
- name: Download ad hoc task definition |
|
env: |
|
ad_hoc_task_definition: ${{ inputs.aws_task_prefix }}-ad-hoc |
|
run: | |
|
aws ecs describe-task-definition --task-definition $ad_hoc_task_definition --query taskDefinition > ad-hoc-task-definition.json |
|
|
|
- name: Update image ID |
|
id: ad-hoc-task-def |
|
uses: aws-actions/amazon-ecs-render-task-definition@v1 |
|
with: |
|
task-definition: ad-hoc-task-definition.json |
|
container-name: app |
|
image: ${{ env.image }} |
|
|
|
- name: Update ad hoc task definition |
|
uses: aws-actions/amazon-ecs-deploy-task-definition@v1 |
|
with: |
|
task-definition: ${{ steps.ad-hoc-task-def.outputs.task-definition }} |
|
|
|
- name: Setup Database |
|
if: ${{ inputs.environment == 'review' }} |
|
env: |
|
ad_hoc_task_definition: ${{ inputs.aws_task_prefix }}-ad-hoc |
|
cluster: ${{ inputs.aws_task_prefix }}-app |
|
service: ${{ inputs.aws_task_prefix }}-app |
|
run: | |
|
network=$(aws ecs describe-services --cluster $cluster --services $service --query services[0].networkConfiguration) |
|
overrides='{ "containerOverrides" : [{ "name" : "app", "command" : ["bundle", "exec", "rake", "db:prepare"]}]}' |
|
arn=$(aws ecs run-task --cluster $cluster --task-definition $ad_hoc_task_definition --network-configuration "$network" --overrides "$overrides" --group migrations --launch-type FARGATE --query tasks[0].taskArn) |
|
echo "Waiting for db prepare task to complete" |
|
temp=${arn##*/} |
|
id=${temp%*\"} |
|
aws ecs wait tasks-stopped --cluster $cluster --tasks $id |
|
succeeded=$(aws ecs describe-tasks --cluster $cluster --tasks $id --query "tasks[0].stopCode == 'EssentialContainerExited' && to_string(tasks[0].containers[0].exitCode) == '0'") |
|
if [ $succeeded == true ]; then exit 0; else exit 1; fi |
|
|
|
- name: Run migrations task |
|
env: |
|
ad_hoc_task_definition: ${{ inputs.aws_task_prefix }}-ad-hoc |
|
cluster: ${{ inputs.aws_task_prefix }}-app |
|
service: ${{ inputs.aws_task_prefix }}-app |
|
run: | |
|
network=$(aws ecs describe-services --cluster $cluster --services $service --query services[0].networkConfiguration) |
|
overrides='{ "containerOverrides" : [{ "name" : "app", "command" : ["bundle", "exec", "rake", "db:migrate"]}]}' |
|
arn=$(aws ecs run-task --cluster $cluster --task-definition $ad_hoc_task_definition --network-configuration "$network" --overrides "$overrides" --group migrations --launch-type FARGATE --query tasks[0].taskArn) |
|
echo "Waiting for migration task to complete" |
|
temp=${arn##*/} |
|
id=${temp%*\"} |
|
aws ecs wait tasks-stopped --cluster $cluster --tasks $id |
|
succeeded=$(aws ecs describe-tasks --cluster $cluster --tasks $id --query "tasks[0].stopCode == 'EssentialContainerExited' && to_string(tasks[0].containers[0].exitCode) == '0'") |
|
if [ $succeeded == true ]; then exit 0; else exit 1; fi |
|
|
|
- name: Download app service task definition |
|
env: |
|
app_task_definition: ${{ inputs.aws_task_prefix }}-app |
|
run: | |
|
aws ecs describe-task-definition --task-definition $app_task_definition --query taskDefinition > app-task-definition.json |
|
|
|
- name: Update app image ID |
|
id: app-task-def |
|
uses: aws-actions/amazon-ecs-render-task-definition@v1 |
|
with: |
|
task-definition: app-task-definition.json |
|
container-name: app |
|
image: ${{ env.image }} |
|
|
|
- name: Deploy updated application |
|
uses: aws-actions/amazon-ecs-deploy-task-definition@v1 |
|
with: |
|
cluster: ${{ inputs.aws_task_prefix }}-app |
|
service: ${{ inputs.aws_task_prefix }}-app |
|
task-definition: ${{ steps.app-task-def.outputs.task-definition }} |
|
wait-for-service-stability: true |
|
|
|
- name: Download sidekiq service task definition |
|
env: |
|
sidekiq_task_definition: ${{ inputs.aws_task_prefix }}-sidekiq |
|
run: | |
|
aws ecs describe-task-definition --task-definition $sidekiq_task_definition --query taskDefinition > sidekiq-task-definition.json |
|
|
|
- name: Update sidekiq image ID |
|
id: sidekiq-task-def |
|
uses: aws-actions/amazon-ecs-render-task-definition@v1 |
|
with: |
|
task-definition: sidekiq-task-definition.json |
|
container-name: sidekiq |
|
image: ${{ env.image }} |
|
|
|
- name: Deploy updated sidekiq |
|
uses: aws-actions/amazon-ecs-deploy-task-definition@v1 |
|
with: |
|
cluster: ${{ inputs.aws_task_prefix }}-app |
|
service: ${{ inputs.aws_task_prefix }}-sidekiq |
|
task-definition: ${{ steps.sidekiq-task-def.outputs.task-definition }} |
|
wait-for-service-stability: true
|
|
|