.github/workflows/AWS_deploy.yml

name: Deployment AWS

on:
  push:
    branches:
      - deploy1

env:
  AWS_REGION: ${{ secrets.AWS_REGION }}
  ECR_REPOSITORY: ${{ secrets.ECR_REPOSITORY }}
  ECS_SERVICE: ${{ secrets.ECS_SERVICE }}
  ECS_CLUSTER: ${{ secrets.ECS_CLUSTER }}
  CONTAINER_NAME: ${{ secrets.CONTAINER_NAME }}
  EDS_API_URL: ${{ secrets.EDS_API_URL }}
  EDS_AUTH_URL: ${{ secrets.EDS_AUTH_URL }}
  LAMBDA_FUNCTION: ${{ secrets.LAMBDA_FUNCTION }}
  GATEWAY_STAGE: ${{ secrets.GATEWAY_STAGE }}
  AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
  AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
  DEPLOY_LAMBDA: ${{ secrets.DEPLOY_LAMBDA }}

permissions:
  id-token: write # This is required for requesting the JWT
  contents: read

jobs:
  deploy:
    name: Deploy
    runs-on: ubuntu-latest
    environment: production

    steps:
      - name: Checkout
        uses: actions/checkout@v3

      - name: Check if secret gateway stage exists and assign to variable
        id: gateway-key
        run: |
          if [[ -n "${{ env.GATEWAY_STAGE }}" ]]; then
            echo "::set-output name=key_gateway_stage::${{ env.GATEWAY_STAGE }}"
          else
            echo "::set-output name=key_gateway_stage::\"\""
          fi
        shell: bash

      - name: configure aws credentials
        uses: aws-actions/configure-aws-credentials@v4
        with:
          role-to-assume: arn:aws:iam::489065051964:role/GitHubActionProcessor-AssumeRoleWithAction #change to reflect your IAM role’s ARN
          role-session-name: GitHub_to_AWS_via_gitaction_devOps
          aws-region: ${{ env.AWS_REGION }}

      - name: Login to Amazon ECR
        id: login-ecr
        uses: aws-actions/amazon-ecr-login@v2

      - name: Build, tag, and push image Lambda to Amazon ECR
        id: build-image-lambda
        if: ${{ env.DEPLOY_LAMBDA == 'true' }}
        env:
          ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
          IMAGE_TAG: ${{ github.sha }}
        run: |
          # Build a docker container and
          # push it to ECR so that it can
          # be deployed to ECS.      
          docker build \
            --build-arg EDS_API_URL=${{ env.EDS_API_URL }} \
            --build-arg EDS_AUTH_URL=${{ env.EDS_AUTH_URL }} \
            --build-arg AWS_ACCESS_KEY_ID=${{ env.AWS_ACCESS_KEY_ID }} \
            --build-arg AWS_SECRET_ACCESS_KEY=${{ env.AWS_SECRET_ACCESS_KEY }} \
            --build-arg INPUT_JSON_PATH="data/processor_input_example.json" \
            --build-arg GATEWAY_STAGE=${{ steps.gateway-key.outputs.key_gateway_stage }} \
            -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG . -f Dockerfile_lambda
          # docker tag $ECR_REPOSITORY:latest $ECR_REGISTRY/$ECR_REPOSITORY:latest
          docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
          echo "image=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT

      - name: Update image to lambda funtion
        id: lambda-function
        if: ${{ env.DEPLOY_LAMBDA == 'true' }}
        env:
          ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
          IMAGE_TAG: ${{ github.sha }}
        run: |
          echo "function=$LAMBDA_FUNCTION" >> $GITHUB_OUTPUT
          aws lambda update-function-code \
          --function-name $LAMBDA_FUNCTION \
          --image-uri $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG

      - name: Build, tag, and push image Task to Amazon ECR
        id: build-image
        if: ${{ env.DEPLOY_LAMBDA != 'true' }}
        env:
          ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
          IMAGE_TAG: ${{ github.sha }}
        run: |
          # Build a docker container and
          # push it to ECR so that it can
          # be deployed to ECS.      
          docker build \
            --build-arg EDS_API_URL=${{ env.EDS_API_URL }} \
            --build-arg EDS_AUTH_URL=${{ env.EDS_AUTH_URL }} \
            --build-arg AWS_ACCESS_KEY_ID=${{ env.AWS_ACCESS_KEY_ID }} \
            --build-arg AWS_SECRET_ACCESS_KEY=${{ env.AWS_SECRET_ACCESS_KEY }} \
            --build-arg INPUT_JSON_PATH="data/processor_input_example.json" \
            --build-arg GATEWAY_STAGE=${{ steps.gateway-key.outputs.key_gateway_stage }} \
            -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
          # docker tag $ECR_REPOSITORY:latest $ECR_REGISTRY/$ECR_REPOSITORY:latest
          docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
          echo "image=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT
          echo "::set-output name=IMAGE_URI::$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG"

      - name: Download task definition
        if: ${{ env.DEPLOY_LAMBDA != 'true' }}
        run: |
          aws ecs describe-task-definition --task-definition fastapiprocessor --query taskDefinition > task-definition.json
          echo $(cat task-definition.json | jq 'del(
                    .taskDefinitionArn,
                    .requiresAttributes,
                    .compatibilities,
                    .revision,
                    .status,
                    .registeredAt,
                    .registeredBy
                )') > task-definition.json
          cat task-definition.json

      - name: Fill in the new image ID in the Amazon ECS task definition
        id: task-def
        if: ${{ env.DEPLOY_LAMBDA != 'true' }}
        uses: aws-actions/amazon-ecs-render-task-definition@v1
        with:
          task-definition: task-definition.json
          container-name: ${{ env.CONTAINER_NAME }}
          image: ${{ steps.build-image.outputs.image }}

      - name: updating task-definition file
        if: ${{ env.DEPLOY_LAMBDA != 'true' }}
        run: cat ${{ steps.task-def.outputs.task-definition }}

      - name: Deploy Amazon ECS task definition
        if: ${{ env.DEPLOY_LAMBDA != 'true' }}
        uses: aws-actions/amazon-ecs-deploy-task-definition@v1
        with:
          task-definition: ${{ steps.task-def.outputs.task-definition }}
          service: ${{ env.ECS_SERVICE }}
          cluster: ${{ env.ECS_CLUSTER }}
          wait-for-service-stability: true1