AWS_deploy.yml #68
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Deployment AWS | |
on: | |
push: | |
branches: | |
- deploy1 | |
env: | |
AWS_REGION: ${{ secrets.AWS_REGION }} | |
ECR_REPOSITORY: ${{ secrets.ECR_REPOSITORY }} | |
ECS_SERVICE: ${{ secrets.ECS_SERVICE }} | |
ECS_CLUSTER: ${{ secrets.ECS_CLUSTER }} | |
ECS_TASK_DEFINITION: ${{ secrets.ECS_TASK_DEFINITION }} | |
CONTAINER_NAME: ${{ secrets.CONTAINER_NAME }} | |
EDS_API_URL: ${{ secrets.EDS_API_URL }} | |
EDS_AUTH_URL: ${{ secrets.EDS_AUTH_URL }} | |
LAMBDA_FUNCTION: ${{ secrets.LAMBDA_FUNCTION }} | |
GATEWAY_STAGE: ${{ secrets.GATEWAY_STAGE }} | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
DEPLOY_LAMBDA: ${{ secrets.DEPLOY_LAMBDA }} | |
permissions: | |
id-token: write # This is required for requesting the JWT | |
contents: read | |
jobs: | |
deploy: | |
name: Deploy | |
runs-on: ubuntu-latest | |
environment: production | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Check if secret gateway stage exists and assign to variable | |
id: gateway-key | |
run: | | |
if [[ -n "${{ env.GATEWAY_STAGE }}" ]]; then | |
echo "::set-output name=key_gateway_stage::${{ env.GATEWAY_STAGE }}" | |
else | |
echo "::set-output name=key_gateway_stage::\"\"" | |
fi | |
shell: bash | |
- name: configure aws credentials | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
role-to-assume: arn:aws:iam::489065051964:role/GitHubActionProcessor-AssumeRoleWithAction #change to reflect your IAM role’s ARN | |
role-session-name: GitHub_to_AWS_via_gitaction_devOps | |
aws-region: ${{ env.AWS_REGION }} | |
- name: Login to Amazon ECR | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v2 | |
- name: Build, tag, and push image Lambda to Amazon ECR | |
id: build-image-lambda | |
if: ${{ env.DEPLOY_LAMBDA == 'true' }} | |
env: | |
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
IMAGE_TAG: ${{ github.sha }} | |
run: | | |
# Build a docker container and | |
# push it to ECR so that it can | |
# be deployed to ECS. | |
docker build \ | |
--build-arg EDS_API_URL=${{ env.EDS_API_URL }} \ | |
--build-arg EDS_AUTH_URL=${{ env.EDS_AUTH_URL }} \ | |
--build-arg AWS_ACCESS_KEY_ID=${{ env.AWS_ACCESS_KEY_ID }} \ | |
--build-arg AWS_SECRET_ACCESS_KEY=${{ env.AWS_SECRET_ACCESS_KEY }} \ | |
--build-arg INPUT_JSON_PATH="data/processor_input_example.json" \ | |
--build-arg GATEWAY_STAGE=${{ steps.gateway-key.outputs.key_gateway_stage }} \ | |
-t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG . -f Dockerfile_lambda | |
# docker tag $ECR_REPOSITORY:latest $ECR_REGISTRY/$ECR_REPOSITORY:latest | |
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG | |
echo "image=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT | |
- name: Update image to lambda funtion | |
id: lambda-function | |
if: ${{ env.DEPLOY_LAMBDA == 'true' }} | |
env: | |
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
IMAGE_TAG: ${{ github.sha }} | |
run: | | |
aws lambda update-function-code \ | |
--function-name $LAMBDA_FUNCTION \ | |
--image-uri $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG | |
# - name: Update lambda funtion configuration | |
# id: lambda-function-config | |
# if: ${{ env.DEPLOY_LAMBDA == 'true' }} | |
# run: | | |
# aws lambda update-function-configuration \ | |
# --function-name $LAMBDA_FUNCTION \ | |
# --environment "Variables={EDS_API_URL=${{ env.EDS_API_URL }},EDS_AUTH_URL=${{ env.EDS_AUTH_URL }}}" | |
- name: Build, tag, and push image Task to Amazon ECR | |
id: build-image | |
if: ${{ env.DEPLOY_LAMBDA != 'true' }} | |
env: | |
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
IMAGE_TAG: ${{ github.sha }} | |
run: | | |
# Build a docker container and | |
# push it to ECR so that it can | |
# be deployed to ECS. | |
docker build \ | |
--build-arg EDS_API_URL=${{ env.EDS_API_URL }} \ | |
--build-arg EDS_AUTH_URL=${{ env.EDS_AUTH_URL }} \ | |
--build-arg AWS_ACCESS_KEY_ID=${{ env.AWS_ACCESS_KEY_ID }} \ | |
--build-arg AWS_SECRET_ACCESS_KEY=${{ env.AWS_SECRET_ACCESS_KEY }} \ | |
--build-arg INPUT_JSON_PATH="data/processor_input_example.json" \ | |
--build-arg GATEWAY_STAGE=${{ steps.gateway-key.outputs.key_gateway_stage }} \ | |
-t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG . -f Dockerfile_ECS | |
# docker tag $ECR_REPOSITORY:latest $ECR_REGISTRY/$ECR_REPOSITORY:latest | |
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG | |
echo "image=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT | |
echo "::set-output name=IMAGE_URI::$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" | |
- name: Download task definition | |
if: ${{ env.DEPLOY_LAMBDA != 'true' }} | |
run: | | |
aws ecs describe-task-definition --task-definition ${{ env.ECS_TASK_DEFINITION }} --query taskDefinition > task-definition.json | |
echo $(cat task-definition.json | jq 'del( | |
.taskDefinitionArn, | |
.requiresAttributes, | |
.compatibilities, | |
.revision, | |
.status, | |
.registeredAt, | |
.registeredBy | |
)') > task-definition.json | |
cat task-definition.json | |
- name: Fill in the new image ID in the Amazon ECS task definition | |
id: task-def | |
if: ${{ env.DEPLOY_LAMBDA != 'true' }} | |
uses: aws-actions/amazon-ecs-render-task-definition@v1 | |
with: | |
task-definition: task-definition.json | |
container-name: ${{ env.CONTAINER_NAME }} | |
image: ${{ steps.build-image.outputs.image }} | |
- name: updating task-definition file | |
if: ${{ env.DEPLOY_LAMBDA != 'true' }} | |
run: cat ${{ steps.task-def.outputs.task-definition }} | |
- name: Deploy Amazon ECS task definition | |
if: ${{ env.DEPLOY_LAMBDA != 'true' }} | |
uses: aws-actions/amazon-ecs-deploy-task-definition@v1 | |
with: | |
task-definition: ${{ steps.task-def.outputs.task-definition }} | |
service: ${{ env.ECS_SERVICE }} | |
cluster: ${{ env.ECS_CLUSTER }} | |
wait-for-service-stability: true1 |