Deploy Complete Elasticsearch Infrastructure #6
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy Elasticsearch Infrastructure | |
| on: | |
| push: | |
| branches: | |
| - main | |
| paths: | |
| - 'terraform/**' | |
| workflow_dispatch: | |
| permissions: | |
| id-token: write | |
| contents: read | |
| env: | |
| AWS_REGION: eu-central-1 | |
| ECS_CLUSTER: elasticsearch-javazone | |
| ECS_SERVICE: elasticsearch-javazone | |
| jobs: | |
| terraform-deploy: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Configure AWS Credentials (OIDC) | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-region: ${{ env.AWS_REGION }} | |
| role-to-assume: ${{ secrets.AWS_OIDC }} | |
| role-session-name: GitHubActions-OIDC | |
| - name: Assume CDK Deploy Role for Terraform | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-region: ${{ env.AWS_REGION }} | |
| role-to-assume: arn:aws:iam::553637109631:role/cdk-hnb659fds-deploy-role-553637109631-eu-central-1 | |
| role-chaining: true | |
| role-session-name: GitHubActions-Deploy | |
| - name: Setup Terraform | |
| uses: hashicorp/setup-terraform@v3 | |
| with: | |
| terraform_version: 1.6.0 | |
| terraform_wrapper: false | |
| - name: Terraform Init | |
| working-directory: terraform | |
| run: terraform init -reconfigure | |
| - name: Terraform Plan | |
| working-directory: terraform | |
| run: terraform plan -input=false | |
| env: | |
| TF_VAR_vpc_id: ${{ secrets.VPC_ID }} | |
| TF_VAR_subnet_ids: ${{ secrets.ES_SUBNET_IDS }} | |
| TF_VAR_assign_public_ip: false | |
| TF_VAR_allowed_cidr_blocks: ${{ secrets.VPC_CIDR_BLOCKS }} | |
| TF_VAR_elasticsearch_password: ${{ secrets.ELASTICSEARCH_PASSWORD }} | |
| TF_VAR_task_cpu: 1024 | |
| TF_VAR_task_memory: 2048 | |
| TF_VAR_heap_size: 1024 | |
| TF_VAR_enable_service_discovery: true | |
| - name: Terraform Apply | |
| working-directory: terraform | |
| run: terraform apply -auto-approve -input=false | |
| env: | |
| TF_VAR_vpc_id: ${{ secrets.VPC_ID }} | |
| TF_VAR_subnet_ids: ${{ secrets.ES_SUBNET_IDS }} | |
| TF_VAR_assign_public_ip: false | |
| TF_VAR_allowed_cidr_blocks: ${{ secrets.VPC_CIDR_BLOCKS }} | |
| TF_VAR_elasticsearch_password: ${{ secrets.ELASTICSEARCH_PASSWORD }} | |
| TF_VAR_task_cpu: 1024 | |
| TF_VAR_task_memory: 2048 | |
| TF_VAR_heap_size: 1024 | |
| TF_VAR_enable_service_discovery: true | |
| - name: Wait for Elasticsearch to be ready | |
| run: | | |
| echo "Waiting 120 seconds for Elasticsearch to start..." | |
| sleep 120 | |
| - name: Create Elasticsearch Index | |
| run: | | |
| # Get Elasticsearch URL from service discovery or task IP | |
| ES_URL="http://elasticsearch.javazone.internal:9200" | |
| # Create index (idempotent - won't fail if already exists) | |
| curl -X PUT "$ES_URL/javazone_talks" \ | |
| -u elastic:${{ secrets.ELASTICSEARCH_PASSWORD }} \ | |
| -H "Content-Type: application/json" \ | |
| -d @config/index-mapping.json || echo "Index may already exist" | |
| # Verify cluster health | |
| curl -u elastic:${{ secrets.ELASTICSEARCH_PASSWORD }} \ | |
| "$ES_URL/_cluster/health" |