Skip to content

Continuous Deployment #23

Continuous Deployment

Continuous Deployment #23

Workflow file for this run

name: Continuous Deployment
on:
workflow_run:
workflows: ["Continuous Integration"]
types:
- completed
jobs:
deploy:
if: ${{ github.event.workflow_run.conclusion == 'success' }}
runs-on: ubuntu-latest
steps:
- name: Check out code
uses: actions/checkout@v3
- name: Set up Go environment
uses: actions/setup-go@v3
with:
go-version: 1.22
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v2
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.AWS_REGION }}
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
- name: Build, tag, and push image to Amazon ECR
id: build-image
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
ECR_REPOSITORY: ${{ secrets.ECR_REPOSITORY }}
IMAGE_TAG: ${{ github.sha }}
run: |
docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG \
--build-arg DB_HOST=${{ secrets.DB_HOST }} \
--build-arg DB_PORT=${{ secrets.DB_PORT }} \
--build-arg DB_NAME=${{ secrets.DB_NAME }} \
--build-arg DB_USER=${{ secrets.DB_USER }} \
--build-arg DB_SSLMODE=${{ secrets.DB_SSLMODE }} \
--build-arg DB_PASSWORD=${{ secrets.DB_PASSWORD }} \
--build-arg AWS_REGION=${{ secrets.AWS_REGION }} \
--build-arg ACCESS_TOKEN_EXPIRY_HOUR=${{ secrets.ACCESS_TOKEN_EXPIRY_HOUR }} \
--build-arg REFRESH_TOKEN_EXPIRY_HOUR=${{ secrets.REFRESH_TOKEN_EXPIRY_HOUR }} \
--build-arg ACCESS_TOKEN_SECRET=${{ secrets.ACCESS_TOKEN_SECRET }} \
--build-arg REFRESH_TOKEN_SECRET=${{ secrets.REFRESH_TOKEN_SECRET }} .
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
docker tag $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG $ECR_REGISTRY/$ECR_REPOSITORY:latest
docker push $ECR_REGISTRY/$ECR_REPOSITORY:latest
echo "image=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT
- name: Update ECS task definition
id: update-task-definition
env:
ECS_TASK_DEFINITION: ${{ secrets.ECS_TASK_DEFINITION }}
run: |
TASK_DEFINITION=$(aws ecs describe-task-definition --task-definition $ECS_TASK_DEFINITION --query taskDefinition)
# Filter out unwanted fields
TASK_DEFINITION=$(echo $TASK_DEFINITION | jq 'del(.taskDefinitionArn, .revision, .status, .requiresAttributes, .compatibilities, .registeredAt, .registeredBy)')
NEW_TASK_DEFINITION=$(echo $TASK_DEFINITION | jq --arg IMAGE "${{ steps.build-image.outputs.image }}" \
'.containerDefinitions[0].image = $IMAGE')
NEW_TASK_DEFINITION=$(echo $NEW_TASK_DEFINITION | jq '.containerDefinitions[0].environment = [
{"name": "DB_HOST", "value": "${{ secrets.DB_HOST }}"},
{"name": "DB_PORT", "value": "${{ secrets.DB_PORT }}"},
{"name": "DB_NAME", "value": "${{ secrets.DB_NAME }}"},
{"name": "DB_USER", "value": "${{ secrets.DB_USER }}"},
{"name": "DB_SSLMODE", "value": "${{ secrets.DB_SSLMODE }}"},
{"name": "DB_PASSWORD", "value": "${{ secrets.DB_PASSWORD }}"},
{"name": "AWS_REGION", "value": "${{ secrets.AWS_REGION }}"},
{"name": "ACCESS_TOKEN_SECRET", "value": "${{ secrets.ACCESS_TOKEN_SECRET }}"},
{"name": "REFRESH_TOKEN_SECRET", "value": "${{ secrets.REFRESH_TOKEN_SECRET }}"},
{"name": "ACCESS_TOKEN_EXPIRY_HOUR", "value": "${{ secrets.ACCESS_TOKEN_EXPIRY_HOUR }}"},
{"name": "REFRESH_TOKEN_EXPIRY_HOUR", "value": "${{ secrets.REFRESH_TOKEN_EXPIRY_HOUR }}"}
]')
NEW_TASK_DEFINITION_ARN=$(aws ecs register-task-definition --family $ECS_TASK_DEFINITION --cli-input-json "$NEW_TASK_DEFINITION" --query taskDefinition.taskDefinitionArn --output text)
if [ $? -ne 0 ]; then
echo "Failed to register new task definition. Error code: $?"
exit 1
fi
echo "NEW_TASK_DEFINITION_ARN=$NEW_TASK_DEFINITION_ARN" >> $GITHUB_OUTPUT
- name: Update ECS service
env:
ECS_CLUSTER: ${{ secrets.ECS_CLUSTER }}
ECS_SERVICE: ${{ secrets.ECS_SERVICE }}
run: |
aws ecs update-service --cluster $ECS_CLUSTER --service $ECS_SERVICE --task-definition ${{ steps.update-task-definition.outputs.NEW_TASK_DEFINITION_ARN }} --force-new-deployment
if [ $? -ne 0 ]; then
echo "Failed to update ECS service. Error code: $?"
exit 1
fi
- name: Verify deployment
env:
ECS_CLUSTER: ${{ secrets.ECS_CLUSTER }}
ECS_SERVICE: ${{ secrets.ECS_SERVICE }}
run: |
echo "Waiting for service to be stable..."
aws ecs wait services-stable --cluster $ECS_CLUSTER --services $ECS_SERVICE
if [ $? -ne 0 ]; then
echo "Service failed to stabilize. Error code: $?"
echo "Cluster: $ECS_CLUSTER"
echo "Service: $ECS_SERVICE"
exit 1
fi
echo "Deployment completed successfully"