# This is a basic workflow to help you get started with Actions name: AWS ECS Deploy on: workflow_dispatch: # Inputs the workflow accepts. inputs: git_tag: description: 'Git tag to deploy' required: true adracare_env: description: 'Adracare environment (dev/test/prod)' default: test required: true aws_region: description: 'AWS region' default: ca-central-1 required: true # A workflow run is made up of one or more jobs that can run sequentially or in parallel jobs: # This workflow contains a single job called "build" build: # The type of runner that the job will run on runs-on: ubuntu-latest outputs: ecr_repo: ${{ steps.vars.outputs.ecr_repo }} ecs_cluster: ${{ steps.vars.outputs.ecs_cluster }} environment: name: test url: https://dev.adracare.co/ # Steps represent a sequence of tasks that will be executed as part of the job steps: # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - uses: actions/checkout@v2 with: ref: ${{ github.event.inputs.git_tag }} - name: Configure AWS credentials uses: aws-actions/configure-aws-credentials@v1 with: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} aws-region: ca-central-1 - name: Setup vars id: vars run: | ssm_prefix="/${{ github.event.inputs.adracare_env }}/${{ github.event.inputs.aws_region }}/adracare" echo ::set-output name=ref::${GITHUB_REF#refs/*/} echo ::set-output name=ecr_repo::$(aws ssm get-parameter --name ${ssm_prefix}/repository/id | jq -cr .Parameter.Value) echo ::set-output name=ecs_cluster::$(aws ssm get-parameter --name ${ssm_prefix}/cluster/id | jq -cr .Parameter.Value) - name: Login to Amazon ECR id: login-ecr uses: aws-actions/amazon-ecr-login@v1 - name: Build, tag, and push the image to Amazon ECR id: build env: ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} ECR_REPOSITORY: ${{ steps.vars.outputs.ecr_repo }} # github-actions-test # ${ECR_REGISTRY}/adracare-ecr-test #${{ secrets.REPO_NAME }} IMAGE_TAG: ${{ github.event.inputs.git_tag }} run: | # Build a docker container and push it to ECR set -x docker pull ${ECR_REGISTRY}/${ECR_REPOSITORY}:latest || true docker tag ${ECR_REGISTRY}/${ECR_REPOSITORY}:latest ${ECR_REGISTRY}/${ECR_REPOSITORY}:${IMAGE_TAG} echo "Building image..." docker build -t ${ECR_REGISTRY}/${ECR_REPOSITORY}:${IMAGE_TAG} . # docker tag ${ECR_REGISTRY}/${ECR_REPOSITORY}:${IMAGE_TAG} ${ECR_REGISTRY}/${ECR_REPOSITORY}:latest echo "Pushing image to ECR..." docker push ${ECR_REGISTRY}/${ECR_REPOSITORY}:${IMAGE_TAG} echo ${ECR_REGISTRY}/${ECR_REPOSITORY}:${IMAGE_TAG} > docker_image.txt # Github thinks that docker_image is a secret value and do not stores to output, so lets use artficats - name: Upload artifact docker_image name uses: actions/upload-artifact@v2 with: name: docker_image path: docker_image.txt deploy: needs: build # The type of runner that the job will run on runs-on: ubuntu-latest #environment: # name: production # url: https://github.com environment: name: test url: https://dev.adracare.co/ # Steps represent a sequence of tasks that will be executed as part of the job steps: # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - uses: actions/checkout@v2 with: ref: ${{ github.event.inputs.git_tag }} - name: Configure AWS credentials uses: aws-actions/configure-aws-credentials@v1 with: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} aws-region: ${{ github.event.inputs.aws_region }} - name: Download artifacts uses: actions/download-artifact@v2 with: name: docker_image - name: Setup vars id: vars run: | echo "::set-output name=image::$(cat docker_image.txt)" echo "::set-output name=ecr_repo::$(aws ssm get-parameter --name ${ssm_prefix}/repository/id | jq -cr .Parameter.Value)" echo "::set-output name=ecs_cluster::$(aws ssm get-parameter --name ${ssm_prefix}/cluster/id | jq -cr .Parameter.Value)" - name: Get Web task definition id: get-web-task-def run: | aws ecs describe-task-definition --task-definition Web --query taskDefinition | jq 'del(.compatibilities, .taskDefinitionArn, .requiresAttributes, .revision, .status, .registeredAt, .registeredBy)' > web-task-definition.json aws ecs describe-services --cluster ${{ needs.build.outputs.ecs_cluster }} --service Web > web-service.json vpc_subnets=$(cat web-service.json | jq -cr .services[0].deployments[0].networkConfiguration.awsvpcConfiguration.subnets) vpc_sgs=$(cat web-service.json | jq -cr .services[0].deployments[0].networkConfiguration.awsvpcConfiguration.securityGroups) echo "::set-output name=vpc_subnets::${vpc_subnets}" echo "::set-output name=vpc_sgs::${vpc_sgs}" - name: Get Sidekiq task definition id: get-sidekiq-task-def run: | aws ecs describe-task-definition --task-definition Sidekiq --query taskDefinition | jq 'del(.compatibilities, .taskDefinitionArn, .requiresAttributes, .revision, .status, .registeredAt, .registeredBy)' > sidekiq-task-definition.json - name: Get db-migrate task definition run: | # set -x aws ecs describe-task-definition --task-definition DBMigrate --query taskDefinition | jq 'del(.compatibilities, .taskDefinitionArn, .requiresAttributes, .revision, .status, .registeredAt, .registeredBy)' > db-migrate-task-definition.json - name: Fill in the new image ID in the Amazon ECS task definition for db-migrate id: db-migrate-task-def uses: aws-actions/amazon-ecs-render-task-definition@v1 with: task-definition: db-migrate-task-definition.json container-name: db-migrate image: ${{ steps.vars.outputs.image }} - name: Setup db-migrate task definition uses: aws-actions/amazon-ecs-deploy-task-definition@v1 with: task-definition: ${{ steps.db-migrate-task-def.outputs.task-definition }} - name: Run db-migrate run: | # set -x aws ecs run-task --launch-type FARGATE --cluster ${{ needs.build.outputs.ecs_cluster }} \ --task-definition DBMigrate --network-configuration "awsvpcConfiguration={subnets=${{steps.get-web-task-def.outputs.vpc_subnets}},securityGroups=${{steps.get-web-task-def.outputs.vpc_sgs}}}" > /tmp/task.json taskArn=$(cat /tmp/task.json | jq -r .tasks[0].taskArn ) aws ecs wait tasks-stopped --cluster ${{ needs.build.outputs.ecs_cluster }} --tasks ${taskArn} aws ecs describe-tasks --cluster ${{ needs.build.outputs.ecs_cluster }} --tasks ${taskArn} >/tmp/task.json # cat /tmp/task.json exitCode=$(cat /tmp/task.json | jq -r .tasks[0].containers[0].exitCode) if [ "$exitCode" != 0 ]; then echo "DB Migration fails, check logs"; exit 1; fi - name: Fill in the new image ID in the Amazon ECS task definition for Web id: web-task-def uses: aws-actions/amazon-ecs-render-task-definition@v1 with: task-definition: web-task-definition.json container-name: web image: ${{ steps.vars.outputs.image }} - name: Fill in the new image ID in the Amazon ECS task definition for Sidekiq id: sidekiq-task-def uses: aws-actions/amazon-ecs-render-task-definition@v1 with: task-definition: sidekiq-task-definition.json container-name: sidekiq image: ${{ steps.vars.outputs.image }} - name: Setup Web task definition uses: aws-actions/amazon-ecs-deploy-task-definition@v1 with: task-definition: ${{ steps.web-task-def.outputs.task-definition }} service: Web cluster: ${{ needs.build.outputs.ecs_cluster }} wait-for-service-stability: true - name: Setup Sidekiq task definition uses: aws-actions/amazon-ecs-deploy-task-definition@v1 with: task-definition: ${{ steps.sidekiq-task-def.outputs.task-definition }} service: Sidekiq cluster: ${{ needs.build.outputs.ecs_cluster }} wait-for-service-stability: true