-
Notifications
You must be signed in to change notification settings - Fork 10
137 lines (123 loc) · 5.96 KB
/
deploy-template.yml
File metadata and controls
137 lines (123 loc) · 5.96 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
# Based on https://docs.github.com/en/actions/deployment/deploying-to-your-cloud-provider/deploying-to-amazon-elastic-container-service
name: aws ecs deploy template
on:
workflow_call:
inputs:
service: # example: core
required: true
type: string
proper-name: # example: blake
required: true
type: string
environment: # example: staging
required: true
type: string
repo-name-override:
type: string
image-tag-override: # example: latest, 7037e37a18a379d583164441baff9e594cc479f8
type: string # use this to force a container version.
secrets:
AWS_ACCESS_KEY_ID:
required: true
AWS_SECRET_ACCESS_KEY:
required: true
workflow_dispatch:
inputs:
service: # example: core
required: true
type: string
proper-name: # example: blake
required: true
type: string
environment: # example: staging
required: true
type: string
repo-name-override:
type: string
image-tag-override: # example: latest, 7037e37a18a379d583164441baff9e594cc479f8
type: string # use this to force a container version.
env:
AWS_REGION: us-east-1
ECR_REPOSITORY_PREFIX: pubpub-v7
ECR_REPOSITORY_NAME_OVERRIDE: ${{ inputs.repo-name-override }}
ECS_SERVICE: ${{ inputs.proper-name }}-${{inputs.service}}
ECS_CLUSTER: ${{inputs.proper-name}}-ecs-cluster-${{inputs.environment}}
ECS_TASK_DEFINITION_TEMPLATE: ${{ inputs.proper-name }}-${{inputs.service}}
CONTAINER_NAME: ${{inputs.service}}
jobs:
deploy:
name: Deploy
runs-on: ubuntu-latest
environment: ${{ inputs.proper-name }}-${{ inputs.environment }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ vars.IAM_ROLE_TO_ASSUME }}
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ env.AWS_REGION }}
- name: Get image tag based on SHA
id: gettag
env:
OVERRIDE: ${{inputs.image-tag-override}}
# use shell substitution
run: echo "tag=${OVERRIDE:-$(git describe --always --abbrev=40 --dirty)}" >> $GITHUB_OUTPUT
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
- name: Retrieve Task Definition contents from template
id: get-taskdef
run: |
aws ecs describe-task-definition \
--task-definition $ECS_TASK_DEFINITION_TEMPLATE \
--query taskDefinition >> template_task_def.json
- name: Get image labels
id: label
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
IMAGE_TAG: ${{ steps.gettag.outputs.tag }}
run: |
echo "label=$ECR_REGISTRY/${ECR_REPOSITORY_NAME_OVERRIDE:-$ECR_REPOSITORY_PREFIX-${CONTAINER_NAME}}:$IMAGE_TAG" >> $GITHUB_OUTPUT
echo "base_label=$ECR_REGISTRY/$ECR_REPOSITORY_PREFIX:$IMAGE_TAG" >> $GITHUB_OUTPUT
- name: Fill in the new image ID in the Amazon ECS task definition
id: task-def-service
uses: aws-actions/amazon-ecs-render-task-definition@c804dfbdd57f713b6c079302a4c01db7017a36fc
with:
task-definition: template_task_def.json
container-name: ${{ env.CONTAINER_NAME }}
image: ${{ steps.label.outputs.label }}
# Complication when the number of containers in the task are unknown:
# we have to know where to get the inputs for each step, including the upload
# step.
- name: Fill in the new image ID in the Amazon ECS task definition for migrations
id: task-def-migration
if: inputs.service == 'core'
uses: aws-actions/amazon-ecs-render-task-definition@c804dfbdd57f713b6c079302a4c01db7017a36fc
with:
task-definition: ${{ steps.task-def-service.outputs.task-definition }}
container-name: migrations
image: ${{ steps.label.outputs.base_label }}
- name: Deploy Amazon ECS task definition
id: deploy-service-only
# This one is different. The single-image case is when not deploying core.
if: inputs.service != 'core'
uses: aws-actions/amazon-ecs-deploy-task-definition@16f052ed696e6e5bf88c208a8e5ba1af7ced3310
with:
# it is because of this line that the two steps need different if conditions
task-definition: ${{ steps.task-def-service.outputs.task-definition }}
service: ${{ env.ECS_SERVICE }}
cluster: ${{ env.ECS_CLUSTER }}
wait-for-service-stability: true
- name: Deploy Amazon ECS task definition including migrations
id: deploy-service-and-migrations
if: inputs.service == 'core'
uses: aws-actions/amazon-ecs-deploy-task-definition@16f052ed696e6e5bf88c208a8e5ba1af7ced3310
with:
# it is because of this line that the two steps need different if conditions
task-definition: ${{ steps.task-def-migration.outputs.task-definition }}
service: ${{ env.ECS_SERVICE }}
cluster: ${{ env.ECS_CLUSTER }}
wait-for-service-stability: true