Skip to content

Commit

Permalink
Push idos-extension image to ecr
Browse files Browse the repository at this point in the history
  • Loading branch information
@sapience
sapience committed Mar 13, 2024
1 parent 55c6aaf commit b7f494a
Show file tree
Hide file tree
Showing 2 changed files with 202 additions and 0 deletions.
120 changes: 120 additions & 0 deletions .github/workflows/deploy.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,120 @@
name: "Deploy"

on:
workflow_call:
inputs:
AWS_REGION:
required: true
type: string
ENVIRONMENT:
required: true
type: string
PRODUCT:
required: true
type: string
PROJECT:
required: true
type: string
secrets:
AWS_ACCESS_KEY_ID:
required: true
AWS_SECRET_ACCESS_KEY:
required: true
SLACK_BOT_TOKEN:
required: true
DOCKER_HUB_USERNAME:
required: true
DOCKER_HUB_PASSWORD:
required: true

jobs:
deploy:
name: "Publish image"
runs-on: ubuntu-latest
timeout-minutes: 15
steps:
- uses: actions/checkout@v4

- name: Notify slack deployment start
uses: trustfractal/[email protected]
id: slack
env:
SLACK_BOT_TOKEN: "${{secrets.SLACK_BOT_TOKEN}}"
with:
channel: id-deployments
status: STARTING
color: warning
custom_attachments: |
[{ "title": "Environment", "value": "${{inputs.ENVIRONMENT}}", "short": true }]
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v1
with:
mask-aws-account-id: false
aws-region: ${{inputs.AWS_REGION}}
aws-access-key-id: ${{secrets.AWS_ACCESS_KEY_ID}}
aws-secret-access-key: ${{secrets.AWS_SECRET_ACCESS_KEY}}

- name: Log in to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_HUB_USERNAME }}
password: ${{ secrets.DOCKER_HUB_PASSWORD }}

- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1

- name: Build, tag, and push image to Amazon ECR
env:
ECR_REGISTRY: ${{steps.login-ecr.outputs.registry}}
ECR_REPOSITORY: "${{inputs.ENVIRONMENT}}-${{inputs.PRODUCT}}-${{inputs.PROJECT}}-idos-extension"
IMAGE_TAG: "${{steps.login-ecr.outputs.registry}}/${{inputs.ENVIRONMENT}}-${{inputs.PRODUCT}}-${{inputs.PROJECT}}-idos-extension:${{github.sha}}"

run: |
docker build ./go \
--file ./go/Dockerfile
--tag ${{env.IMAGE_TAG}} \
--platform linux/amd64
docker tag "${{env.IMAGE_TAG}}" "${{env.ECR_REGISTRY}}/${{env.ECR_REPOSITORY}}:latest"
docker push "${{env.IMAGE_TAG}}"
docker push "${{env.ECR_REGISTRY}}/${{env.ECR_REPOSITORY}}:latest"
echo "::set-output name=image_tag::$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG"
- name: Force new deployment
uses: trustfractal/[email protected]
with:
cluster: ${{inputs.ENVIRONMENT}}-${{inputs.PRODUCT}}
tag_filters: |
{ "Environment": ["${{inputs.ENVIRONMENT}}"], "Project": ["${{inputs.PROJECT}}"], "Product": ["${{inputs.PRODUCT}}"] }
- name: Move deployment branch
run: |
git push -f origin HEAD:${{inputs.ENVIRONMENT}}-${{inputs.PRODUCT}}-${{inputs.PROJECT}}-latest
- name: Notify slack success
if: success()
uses: trustfractal/[email protected]
env:
SLACK_BOT_TOKEN: ${{secrets.SLACK_BOT_TOKEN}}
with:
message_id: ${{steps.slack.outputs.message_id}}
channel: id-deployments
status: SUCCESS
color: good
custom_attachments: |
[{ "title": "Environment", "value": "${{inputs.ENVIRONMENT}}", "short": true }]
- name: Notify slack fail
if: failure()
uses: trustfractal/[email protected]
env:
SLACK_BOT_TOKEN: ${{secrets.SLACK_BOT_TOKEN}}
with:
message_id: ${{steps.slack.outputs.message_id}}
channel: id-deployments
status: FAILED
color: danger
custom_attachments: |
[{ "title": "Environment", "value": "${{inputs.ENVIRONMENT}}", "short": true }]
82 changes: 82 additions & 0 deletions .github/workflows/review_and_deploy.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,82 @@
name: "Review and deploy"

on:
pull_request:
push:
branches:
- master
- deploy_to_staging
- deploy_to_clients
- deploy_to_production

concurrency:
group: ${{ github.head_ref || github.ref }}
cancel-in-progress: false

jobs:
target_name:
runs-on: ubuntu-latest

outputs:
name: ${{steps.branch_name.outputs.current_branch}}

steps:
- uses: actions/checkout@v4

- name: Get branch name
id: branch_name
uses: tj-actions/[email protected]

staging:
uses: ./.github/workflows/deploy.yml
needs:
- target_name
if: ${{needs.target_name.outputs.name == 'master' || needs.target_name.outputs.name == 'deploy_to_staging'}}
with:
AWS_REGION: eu-west-1
ENVIRONMENT: "staging"
PRODUCT: "idos"
PROJECT: "kwil"

secrets:
AWS_ACCESS_KEY_ID: ${{secrets.STAGING_AWS_ACCESS_KEY_ID}}
AWS_SECRET_ACCESS_KEY: ${{secrets.STAGING_AWS_SECRET_ACCESS_KEY}}
SLACK_BOT_TOKEN: ${{secrets.SLACK_BOT_TOKEN}}
DOCKER_HUB_USERNAME: ${{secrets.DOCKER_HUB_USERNAME}}
DOCKER_HUB_PASSWORD: ${{secrets.DOCKER_HUB_PASSWORD}}

clients:
uses: ./.github/workflows/deploy.yml
needs:
- target_name
if: ${{false}} # Temporarily disabled
with:
AWS_REGION: eu-west-1
ENVIRONMENT: "clients"
PRODUCT: "idos"
PROJECT: "kwil"

secrets:
AWS_ACCESS_KEY_ID: ${{secrets.STAGING_AWS_ACCESS_KEY_ID}}
AWS_SECRET_ACCESS_KEY: ${{secrets.STAGING_AWS_SECRET_ACCESS_KEY}}
SLACK_BOT_TOKEN: ${{secrets.SLACK_BOT_TOKEN}}
DOCKER_HUB_USERNAME: ${{secrets.DOCKER_HUB_USERNAME}}
DOCKER_HUB_PASSWORD: ${{secrets.DOCKER_HUB_PASSWORD}}

production:
uses: ./.github/workflows/deploy.yml
needs:
- target_name
if: ${{false}} # Temporarily disabled
with:
AWS_REGION: eu-west-1
ENVIRONMENT: "production"
PRODUCT: "idos"
PROJECT: "kwil"

secrets:
AWS_ACCESS_KEY_ID: ${{secrets.PRODUCTION_AWS_ACCESS_KEY_ID}}
AWS_SECRET_ACCESS_KEY: ${{secrets.PRODUCTION_AWS_SECRET_ACCESS_KEY}}
SLACK_BOT_TOKEN: ${{secrets.SLACK_BOT_TOKEN}}
DOCKER_HUB_USERNAME: ${{secrets.DOCKER_HUB_USERNAME}}
DOCKER_HUB_PASSWORD: ${{secrets.DOCKER_HUB_PASSWORD}}

0 comments on commit b7f494a

Please sign in to comment.