Continuous Deployment #23
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Continuous Deployment | |
on: | |
workflow_run: | |
workflows: ["Continuous Integration"] | |
types: | |
- completed | |
jobs: | |
deploy: | |
if: ${{ github.event.workflow_run.conclusion == 'success' }} | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out code | |
uses: actions/checkout@v3 | |
- name: Set up Go environment | |
uses: actions/setup-go@v3 | |
with: | |
go-version: 1.22 | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v2 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: ${{ secrets.AWS_REGION }} | |
- name: Login to Amazon ECR | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v2 | |
- name: Build, tag, and push image to Amazon ECR | |
id: build-image | |
env: | |
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
ECR_REPOSITORY: ${{ secrets.ECR_REPOSITORY }} | |
IMAGE_TAG: ${{ github.sha }} | |
run: | | |
docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG \ | |
--build-arg DB_HOST=${{ secrets.DB_HOST }} \ | |
--build-arg DB_PORT=${{ secrets.DB_PORT }} \ | |
--build-arg DB_NAME=${{ secrets.DB_NAME }} \ | |
--build-arg DB_USER=${{ secrets.DB_USER }} \ | |
--build-arg DB_SSLMODE=${{ secrets.DB_SSLMODE }} \ | |
--build-arg DB_PASSWORD=${{ secrets.DB_PASSWORD }} \ | |
--build-arg AWS_REGION=${{ secrets.AWS_REGION }} \ | |
--build-arg ACCESS_TOKEN_EXPIRY_HOUR=${{ secrets.ACCESS_TOKEN_EXPIRY_HOUR }} \ | |
--build-arg REFRESH_TOKEN_EXPIRY_HOUR=${{ secrets.REFRESH_TOKEN_EXPIRY_HOUR }} \ | |
--build-arg ACCESS_TOKEN_SECRET=${{ secrets.ACCESS_TOKEN_SECRET }} \ | |
--build-arg REFRESH_TOKEN_SECRET=${{ secrets.REFRESH_TOKEN_SECRET }} . | |
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG | |
docker tag $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG $ECR_REGISTRY/$ECR_REPOSITORY:latest | |
docker push $ECR_REGISTRY/$ECR_REPOSITORY:latest | |
echo "image=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT | |
- name: Update ECS task definition | |
id: update-task-definition | |
env: | |
ECS_TASK_DEFINITION: ${{ secrets.ECS_TASK_DEFINITION }} | |
run: | | |
TASK_DEFINITION=$(aws ecs describe-task-definition --task-definition $ECS_TASK_DEFINITION --query taskDefinition) | |
# Filter out unwanted fields | |
TASK_DEFINITION=$(echo $TASK_DEFINITION | jq 'del(.taskDefinitionArn, .revision, .status, .requiresAttributes, .compatibilities, .registeredAt, .registeredBy)') | |
NEW_TASK_DEFINITION=$(echo $TASK_DEFINITION | jq --arg IMAGE "${{ steps.build-image.outputs.image }}" \ | |
'.containerDefinitions[0].image = $IMAGE') | |
NEW_TASK_DEFINITION=$(echo $NEW_TASK_DEFINITION | jq '.containerDefinitions[0].environment = [ | |
{"name": "DB_HOST", "value": "${{ secrets.DB_HOST }}"}, | |
{"name": "DB_PORT", "value": "${{ secrets.DB_PORT }}"}, | |
{"name": "DB_NAME", "value": "${{ secrets.DB_NAME }}"}, | |
{"name": "DB_USER", "value": "${{ secrets.DB_USER }}"}, | |
{"name": "DB_SSLMODE", "value": "${{ secrets.DB_SSLMODE }}"}, | |
{"name": "DB_PASSWORD", "value": "${{ secrets.DB_PASSWORD }}"}, | |
{"name": "AWS_REGION", "value": "${{ secrets.AWS_REGION }}"}, | |
{"name": "ACCESS_TOKEN_SECRET", "value": "${{ secrets.ACCESS_TOKEN_SECRET }}"}, | |
{"name": "REFRESH_TOKEN_SECRET", "value": "${{ secrets.REFRESH_TOKEN_SECRET }}"}, | |
{"name": "ACCESS_TOKEN_EXPIRY_HOUR", "value": "${{ secrets.ACCESS_TOKEN_EXPIRY_HOUR }}"}, | |
{"name": "REFRESH_TOKEN_EXPIRY_HOUR", "value": "${{ secrets.REFRESH_TOKEN_EXPIRY_HOUR }}"} | |
]') | |
NEW_TASK_DEFINITION_ARN=$(aws ecs register-task-definition --family $ECS_TASK_DEFINITION --cli-input-json "$NEW_TASK_DEFINITION" --query taskDefinition.taskDefinitionArn --output text) | |
if [ $? -ne 0 ]; then | |
echo "Failed to register new task definition. Error code: $?" | |
exit 1 | |
fi | |
echo "NEW_TASK_DEFINITION_ARN=$NEW_TASK_DEFINITION_ARN" >> $GITHUB_OUTPUT | |
- name: Update ECS service | |
env: | |
ECS_CLUSTER: ${{ secrets.ECS_CLUSTER }} | |
ECS_SERVICE: ${{ secrets.ECS_SERVICE }} | |
run: | | |
aws ecs update-service --cluster $ECS_CLUSTER --service $ECS_SERVICE --task-definition ${{ steps.update-task-definition.outputs.NEW_TASK_DEFINITION_ARN }} --force-new-deployment | |
if [ $? -ne 0 ]; then | |
echo "Failed to update ECS service. Error code: $?" | |
exit 1 | |
fi | |
- name: Verify deployment | |
env: | |
ECS_CLUSTER: ${{ secrets.ECS_CLUSTER }} | |
ECS_SERVICE: ${{ secrets.ECS_SERVICE }} | |
run: | | |
echo "Waiting for service to be stable..." | |
aws ecs wait services-stable --cluster $ECS_CLUSTER --services $ECS_SERVICE | |
if [ $? -ne 0 ]; then | |
echo "Service failed to stabilize. Error code: $?" | |
echo "Cluster: $ECS_CLUSTER" | |
echo "Service: $ECS_SERVICE" | |
exit 1 | |
fi | |
echo "Deployment completed successfully" |