Skip to content

0.10.8

0.10.8 #20

Workflow file for this run

# Continuous Delivery Workflow
#
# This should happen whenever we push a new tag, and we tag an existing
# commit after we know it's good (e.g., has been tested).
#
# To create a new tag, we also need to update the package.json version:
#
# $ npm version 0.5.0
#
# This will update `version` in package.json to `0.5.0` and create a new
# tag, `v0.5.0` in git. We'll then use this tag (i.e., `v0.5.0`) to tag
# our docker image before we push to AWS.
name: cd
on:
push:
# Whenever a new tag is pushed
tags:
# Any tag starting with v... should trigger this workflow.
- 'v**'
jobs:
# NOTE: this assumes our CI jobs have already passed previously
# (i.e., that we don't tag a commit manually until we know a build is working)
aws:
name: AWS
runs-on: ubuntu-latest
steps:
# Check out code from git as we need to build a new Docker image from the git
- name: Check out code
uses: actions/checkout@v3
# Use buildx, which is faster and can optimize the build steps
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
# NOTE: ending and restarting the Learner Lab will void these secrets,
# update them if you are doing this during a new session:
# `Error: The security token included in the request is expired`
- name: Configure AWS Credentials using Secrets
uses: aws-actions/configure-aws-credentials@v2
with:
# Use our GitHub Encrypted Secrets via secrets.*
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-session-token: ${{ secrets.AWS_SESSION_TOKEN }}
# Hard-code our region, which isn't a secret, and won't change
aws-region: us-east-1
# Login to our ECR repository using the configured credentials
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1
# Build and Push an Image to Amazon ECR
- name: Build and push to Amazon ECR
env:
# Define an Environment Variable with our ECR Registry, getting
# the value from the previous step's outputs
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
# Define an Environment Variable with our ECR Repository Name
ECR_REPO: fragments
# We'll give this image two different tags. First, we'll use the git tag (vX.Y.Z)
# so that we can always go back and re-create this setup again in the future
# if we have to test or debug something. Second, we'll also replace the
# `latest` tag, since this is our most up-to-date version.
VERSION_TAG: ${{ github.ref_name }}
uses: docker/build-push-action@v4
with:
push: true
# Use the git tag version and `latest`
tags: ${{ env.ECR_REGISTRY }}/${{ env.ECR_REPO }}:${{ env.VERSION_TAG }}, ${{ env.ECR_REGISTRY }}/${{ env.ECR_REPO }}:latest
- name: Fill in the new image ID in the Amazon ECS task definition
id: update-task-def
uses: aws-actions/amazon-ecs-render-task-definition@v1
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
ECR_REPO: fragments
VERSION_TAG: ${{ github.ref_name }}
with:
task-definition: fragments-definition.json
container-name: fragments
# Use the image we just built and pushed to ECR for this tag
image: ${{ env.ECR_REGISTRY }}/${{ env.ECR_REPO }}:${{ env.VERSION_TAG }}
# Add all the necessary environment variables, using GitHub Encrypted Secrets
# for any values that should not be checked into git directly. Here are
# a few to get you started, but you should fill in the rest yourself.
environment-variables: |
LOG_LEVEL=info
NODE_ENV=production
AWS_ACCESS_KEY_ID=${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY=${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_SESSION_TOKEN=${{ secrets.AWS_SESSION_TOKEN }}
AWS_REGION=us-east-1
AWS_COGNITO_POOL_ID=${{ secrets.AWS_COGNITO_POOL_ID }}
AWS_COGNITO_CLIENT_ID=${{ secrets.AWS_COGNITO_CLIENT_ID }}
API_URL=${{ secrets.API_URL }}
- name: Deploy Amazon ECS task definition
uses: aws-actions/amazon-ecs-deploy-task-definition@v1
with:
task-definition: ${{ steps.update-task-def.outputs.task-definition }}
cluster: fragments-cluster
service: fragments-service
wait-for-service-stability: true