Merge pull request #394 from mikeyavorsky/fix-lockfile #10
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Backend Build and Deploy to AWS ECS | |
| on: | |
| push: | |
| branches: | |
| - 'main' | |
| release: | |
| types: | |
| - created | |
| workflow_dispatch: | |
| inputs: | |
| env: | |
| description: 'AWS Env' | |
| required: true | |
| default: 'dev' | |
| ref: | |
| description: 'Branch, Tag, or Full SHA' | |
| required: true | |
| env: | |
| AWS_APP_NAME: police-data-trust-backend | |
| AWS_REGION: us-east-1 | |
| DOCKERFILE: ./backend/Dockerfile.cloud | |
| DOCKER_PATH: ./ | |
| PLATFORMS: linux/amd64,linux/arm64 | |
| jobs: | |
| setup_env: | |
| name: Set-up environment | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Debug Action | |
| uses: hmarr/debug-action@v3.0.0 | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event.inputs.ref }} | |
| - name: Set AWS Env & Image Tag per workflow | |
| run: | | |
| SHORT_SHA=$(git rev-parse --short HEAD) | |
| if [[ "$GITHUB_EVENT_NAME" == "push" ]]; then | |
| echo AWS_APPENV="$AWS_APP_NAME"-dev >> $GITHUB_ENV | |
| echo IMAGE_TAG=$SHORT_SHA >> $GITHUB_ENV | |
| fi | |
| if [[ "$GITHUB_EVENT_NAME" == "release" ]]; then | |
| RELEASE_TAG=$(git describe --tags) | |
| echo AWS_APPENV="$AWS_APP_NAME"-prod >> $GITHUB_ENV | |
| echo IMAGE_TAG=$RELEASE_TAG >> $GITHUB_ENV | |
| fi | |
| if [[ "$GITHUB_EVENT_NAME" == "workflow_dispatch" ]]; then | |
| INPUT_ENV=${{ github.event.inputs.env }}; INPUT_REF=${{ github.event.inputs.ref }} | |
| echo AWS_APPENV="$AWS_APP_NAME"-$INPUT_ENV >> $GITHUB_ENV | |
| echo IMAGE_TAG=$SHORT_SHA >> $GITHUB_ENV | |
| fi | |
| outputs: | |
| AWS_APPENV: ${{ env.AWS_APPENV }} | |
| IMAGE_TAG: ${{ env.IMAGE_TAG }} | |
| build: | |
| name: Build & Push Docker Image | |
| runs-on: ubuntu-latest | |
| needs: [setup_env] | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event.inputs.ref }} | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: ${{ env.AWS_REGION }} | |
| - name: Login to ECR | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ env.AWS_REGION }}.amazonaws.com | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Build and push | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: ${{ env.DOCKER_PATH }} | |
| file: ${{ env.DOCKERFILE }} | |
| platforms: ${{ env.PLATFORMS }} | |
| push: true | |
| tags: ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ env.AWS_REGION }}.amazonaws.com/${{ needs.setup_env.outputs.AWS_APPENV }}:${{ needs.setup_env.outputs.IMAGE_TAG }}, ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ env.AWS_REGION }}.amazonaws.com/${{ needs.setup_env.outputs.AWS_APPENV }}:latest | |
| deploy: | |
| name: Deploy to AWS ECS | |
| runs-on: ubuntu-latest | |
| needs: [setup_env, build] | |
| steps: | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: ${{ env.AWS_REGION }} | |
| - name: Login to Amazon ECR | |
| id: login-ecr | |
| uses: aws-actions/amazon-ecr-login@v2 | |
| - name: Pull Task Definition & write to file | |
| id: aws-task-definition | |
| run: | | |
| aws ecs describe-task-definition \ | |
| --task-definition ${{ needs.setup_env.outputs.AWS_APPENV }} \ | |
| --query taskDefinition | \ | |
| jq 'del(.taskDefinitionArn,.revision,.status,.registeredBy,.registeredAt,.compatibilities,.requiresAttributes)' > task-def-backend.json | |
| - name: Interpolate new Docker Image into Task Definition | |
| id: task-definition | |
| uses: aws-actions/amazon-ecs-render-task-definition@v1 | |
| with: | |
| task-definition: task-def-backend.json | |
| container-name: ${{ needs.setup_env.outputs.AWS_APPENV }} | |
| image: ${{ steps.login-ecr.outputs.registry }}/${{ needs.setup_env.outputs.AWS_APPENV }}:${{ needs.setup_env.outputs.IMAGE_TAG }} | |
| - name: Deploy Amazon ECS | |
| uses: aws-actions/amazon-ecs-deploy-task-definition@v1 | |
| with: | |
| task-definition: ${{ steps.task-definition.outputs.task-definition }} | |
| service: ${{ needs.setup_env.outputs.AWS_APPENV }} | |
| cluster: infra-prod | |
| wait-for-service-stability: false | |
| wait-for-minutes: 7 minutes |