-
Notifications
You must be signed in to change notification settings - Fork 0
110 lines (103 loc) · 4.77 KB
/
cd.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
# Continuous Delivery Workflow
#
# This should happen whenever we push a new tag, and we tag an existing
# commit after we know it's good (e.g., has been tested).
#
# To create a new tag, we also need to update the package.json version:
#
# $ npm version 0.5.0
#
# This will update `version` in package.json to `0.5.0` and create a new
# tag, `v0.5.0` in git. We'll then use this tag (i.e., `v0.5.0`) to tag
# our docker image before we push to AWS.
name: cd
on:
push:
# Whenever a new tag is pushed
tags:
# Any tag starting with v... should trigger this workflow.
- 'v**'
jobs:
# NOTE: this assumes our CI jobs have already passed previously
# (i.e., that we don't tag a commit manually until we know a build is working)
aws:
name: AWS
runs-on: ubuntu-latest
steps:
- name: Check out code
uses: actions/checkout@v3
# Use buildx, which is faster and can optimize the build steps
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
# Login with Docker client with Amazon Elastic Container Registry
# NOTE: ending and restarting the Learner Lab will void these secrets,
# update them if you are doing this during a new session:
# `Error: The security token included in the request is expired`
- name: Configure AWS Credentials using Secrets
uses: aws-actions/configure-aws-credentials@v1
with:
# Use our GitHub Encrypted Secrets via secrets.*
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-session-token: ${{ secrets.AWS_SESSION_TOKEN }}
# Hard-code our region, which isn't a secret, and won't change
aws-region: us-east-1
# Login to our ECR repository using the configured credentials
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1
# Build and Push an Image to Amazon ECR
- name: Build and push to Amazon ECR
env:
# Define an Environment Variable with our ECR Registry, getting
# the value from the previous step's outputs
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
# Define an Environment Variable with our ECR Repository Name
ECR_REPO: fragments
# We'll give this image two different tags. First, we'll use the git tag (vX.Y.Z)
# so that we can always go back and re-create this setup again in the future
# if we have to test or debug something. Second, we'll also replace the
# `latest` tag, since this is our most up-to-date version.
VERSION_TAG: ${{ github.ref_name }}
uses: docker/build-push-action@v2
with:
push: true
# Use the git tag version and `latest`
tags: ${{ env.ECR_REGISTRY }}/${{ env.ECR_REPO }}:${{ env.VERSION_TAG }}, ${{ env.ECR_REGISTRY }}/${{ env.ECR_REPO }}:latest
# We need to update our fragment's Task Definition JSON
# (i.e., fragments-definition.json) to use the newly
# updated Docker Image to use (i.e., the tag we just pushed to ECR).
# We can also update/set the environment variables if we want.
- name: Fill in the new image ID in the Amazon ECS task definition
id: update-task-def
uses: aws-actions/amazon-ecs-render-task-definition@v1
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
ECR_REPO: fragments
VERSION_TAG: ${{ github.ref_name }}
with:
task-definition: fragments-definition.json
container-name: fragments
# Use the image we just built and pushed to ECR for this tag
image: ${{ env.ECR_REGISTRY }}/${{ env.ECR_REPO }}:${{ env.VERSION_TAG }}
environment-variables: |
LOG_LEVEL=info
NODE_ENV=production
API_URL=${{ secrets.API_URL }}
AWS_COGNITO_CLIENT_ID=${{ secrets.AWS_COGNITO_CLIENT_ID }}
AWS_COGNITO_POOL_ID=${{ secrets.AWS_COGNITO_POOL_ID }}
PORT=${{ secrets.PORT }}
AWS_REGION=${{ secrets.AWS_REGION }}
AWS_S3_BUCKET_NAME=${{ secrets.AWS_S3_BUCKET_NAME }}
AWS_ACCESS_KEY_ID=${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY=${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_SESSION_TOKEN=${{ secrets.AWS_SESSION_TOKEN }}
AWS_DYNAMODB_TABLE_NAME=fragments
# We need to deploy new Task Definition to ECS Cluster
- name: Deploy Amazon ECS task definition
uses: aws-actions/amazon-ecs-deploy-task-definition@v1
with:
task-definition: ${{ steps.update-task-def.outputs.task-definition }}
cluster: fragments-cluster
service: fragments-service
wait-for-service-stability: true