-
Notifications
You must be signed in to change notification settings - Fork 12
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Feature: Add cd pipeline to build and deploy to aws app runner (#1998)
* Add cd pipeline to build and deploy to aws app runner * Fix ci * Add env AWS_DEFAULT_REGION * Configure AWS credentials to region us-east-1 * Update aws cd * Update aws cd * Update image tag name * Comment Access role ARN * Revert "Comment Access role ARN" This reverts commit 8b7a3b01ecc7c3801c9190f4742567d11e443cb6. * Change AWS authentication region during login * use us-east-1 region to push to ECR * Update CI * Add variables to CD * Update .github/workflows/aws_deploy_staging.yml --------- Co-authored-by: Kevin BEAUGRAND <contact@kbeaugrand.fr> Co-authored-by: Kevin BEAUGRAND <9513635+kbeaugrand@users.noreply.github.com>
- Loading branch information
3 people
committed
Jun 20, 2023
1 parent
6ab4a3d
commit 96e7e9a
Showing
1 changed file
with
131 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,131 @@ | ||
| name: AWS Deploy Staging | ||
|
|
||
| on: | ||
| push: | ||
| branches: [ main-vnext ] | ||
| workflow_dispatch: | ||
|
|
||
| jobs: | ||
| build: | ||
| name: Build and push to ECR | ||
| runs-on: ubuntu-latest | ||
| environment: | ||
| name: AWS Staging | ||
| outputs: | ||
| aws_public_registry: ${{ steps.login-ecr-public.outputs.registry }} | ||
| steps: | ||
| - uses: actions/checkout@v3.4.0 | ||
|
|
||
| - id: docker-tag | ||
| uses: yuya-takeyama/docker-tag-from-github-ref-action@v1 | ||
|
|
||
| - name: Configure AWS credentials | ||
| id: aws-credentials | ||
| uses: aws-actions/configure-aws-credentials@v2 | ||
| with: | ||
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | ||
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | ||
| # Should use us-east-1 region to push to ECR public registry | ||
| aws-region: ${{ secrets.AWS_REGION }} | ||
|
|
||
| - name: Login to Amazon ECR | ||
| id: login-ecr | ||
| uses: aws-actions/amazon-ecr-login@v1 | ||
|
|
||
| - name: Get a latest Git tag | ||
| uses: actions-ecosystem/action-get-latest-tag@v1 | ||
| id: get-latest-tag | ||
| with: | ||
| semver_only: true | ||
|
|
||
| - name: Bump the semver version up | ||
| uses: actions-ecosystem/action-bump-semver@v1 | ||
| id: bump-semver | ||
| with: | ||
| current_version: ${{ steps.get-latest-tag.outputs.tag }} | ||
| level: minor | ||
|
|
||
| - name: Remove leading v to semver | ||
| id: final-version | ||
| run: | | ||
| echo "::set-output name=new_version::$(echo ${{ steps.bump-semver.outputs.new_version }} | sed 's/^v//')" | ||
| - name: Docker meta | ||
| id: meta | ||
| uses: docker/metadata-action@v4 | ||
| with: | ||
| # list of Docker images to use as base name for tags | ||
| images: | | ||
| ${{ steps.login-ecr.outputs.registry }}/${{ vars.AWS_ECR_REPOSITORY }} | ||
| tags: | | ||
| type=raw,enable=true,priority=200,prefix=,suffix=,value=${{ steps.final-version.outputs.new_version }} | ||
| flavor: | | ||
| latest=true | ||
| - name: Build and push | ||
| # You may pin to the exact commit or the version. | ||
| uses: docker/build-push-action@v4.0.0 | ||
| with: | ||
| # Build's context is the set of files located in the specified PATH or URL | ||
| context: src/ | ||
| # Push is a shorthand for --output=type=registry | ||
| push: true | ||
| build-args: | | ||
| BUILD_VERSION=${{ steps.final-version.outputs.new_version }} | ||
| GITHUB_RUN_NUMBER=${{ github.run_number }} | ||
| tags: | ||
| ${{ steps.meta.outputs.tags }} | ||
|
|
||
| deploy: | ||
| name: Deploy to AWS | ||
| runs-on: ubuntu-latest | ||
| needs: build | ||
| environment: | ||
| name: AWS Staging | ||
| steps: | ||
| - name: Configure AWS credentials | ||
| id: aws-credentials | ||
| uses: aws-actions/configure-aws-credentials@v2 | ||
| with: | ||
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | ||
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | ||
| aws-region: ${{ secrets.AWS_REGION }} | ||
|
|
||
| - name: Login to Amazon ECR | ||
| id: login-ecr | ||
| uses: aws-actions/amazon-ecr-login@v1 | ||
|
|
||
| - name: Deploy to App Runner Image | ||
| id: deploy-apprunner | ||
| uses: awslabs/amazon-app-runner-deploy@main | ||
| env: | ||
| CLOUDPROVIDER: AWS | ||
| PORTALNAME: ${{ vars.PORTALNAME }} | ||
| AWS__REGION: ${{ secrets.AWS_REGION }} | ||
| AWS__BUCKETNAME: ${{ vars.AWS_BUCKETNAME }} | ||
| OIDC__APICLIENTID: ${{ vars.OIDC_APICLIENTID }} | ||
| OIDC__CLIENTID: ${{ vars.OIDC_CLIENTID }} | ||
| OIDC__AUTHORITY: ${{ vars.OIDC_AUTHORITY }} | ||
| OIDC__METADATAURL: ${{ vars.OIDC_METADATAURL }} | ||
| OIDC__SCOPE: ${{ vars.OIDC_SCOPE }} | ||
| with: | ||
| service: ${{ vars.AWS_APP_RUNNER_NAME }} | ||
| image: ${{ steps.login-ecr.outputs.registry }}/${{ vars.AWS_ECR_REPOSITORY }}:latest | ||
| access-role-arn: ${{ secrets.AWS_ROLE_ARN }} | ||
| region: ${{ secrets.AWS_REGION }} | ||
| cpu : 1 | ||
| memory : 2 | ||
| wait-for-service-stability-seconds: 1200 | ||
| copy-env-vars: | | ||
| CLOUDPROVIDER | ||
| PORTALNAME | ||
| AWS__REGION | ||
| AWS__BUCKETNAME | ||
| OIDC__APICLIENTID | ||
| OIDC__CLIENTID | ||
| OIDC__AUTHORITY | ||
| OIDC__METADATAURL | ||
| OIDC__SCOPE | ||
| - name: App Runner URL | ||
| run: echo "App runner URL ${{ steps.deploy-apprunner.outputs.service-url }}" |