Skip to content

M2-7905 DR Add tag push stage to Github actions builds for DR ECR (#1… #191

M2-7905 DR Add tag push stage to Github actions builds for DR ECR (#1…

M2-7905 DR Add tag push stage to Github actions builds for DR ECR (#1… #191

name: Build and Deploy
on:
push:
# branches:
# - develop
workflow_dispatch: {}
concurrency:
cancel-in-progress: true
group: api-build
permissions:
id-token: write
contents: read
issues: write
env:
GITHUB_ORGANIZATION: ${{ github.repository_owner }}
GITHUB_REPO_NAME: ${{ github.event.repository.name }}
GITHUB_BRANCH_OR_TAG: ${{ github.ref_name }}
GITHUB_REF: ${{ github.ref }}
BUILD_NAME: ${{github.event_name}}
BUILD_NUMBER: ${{github.run_id}}
ECR_ADDRESS: 917902836630.dkr.ecr.us-east-1.amazonaws.com
DR_ECR_ADDRESS: 973422231492.dkr.ecr.us-west-2.amazonaws.com
OUT_DIR: ./out
AWS_REGION : "us-east-1"
DR_AWS_REGION : "us-west-2"
ECR_REPO: 917902836630.dkr.ecr.us-east-1.amazonaws.com/api-server
DR_ECR_REPO: 973422231492.dkr.ecr.us-west-2.amazonaws.com/api-server
jobs:
build_job:
name: Docker Build and Push
runs-on: ubuntu-latest
outputs:
IMAGE_NAME: ${{ steps.sha.outputs.IMAGE_NAME }}
IMAGE_SHA: ${{ steps.sha.outputs.SHORT_SHA }}
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: configure aws credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws:iam::917902836630:role/cmiml-devops-oidc-github-role
role-session-name: gha-oidc-runner
aws-region: ${{ env.AWS_REGION }}
- name: Get secrets by name and by ARN
uses: aws-actions/aws-secretsmanager-get-secrets@v2
with:
parse-json-secrets: true
secret-ids: |
,cmiml-devops
- name: Extract Jira ticket numbers from commit message
run: |
tickets=$(git log -1 --pretty=%B | grep -io 'M2-[0-9]\+' | tr '[:lower:]' '[:upper:]' | sort | uniq | tr '\n' ' ')
if [ -z "$tickets" ]; then
echo "No Jira tickets found in the latest commit message."
else
echo "Jira ticket numbers found: ${tickets}"
if [ "${GITHUB_BRANCH_OR_TAG}" != "develop" ]; then
echo "Skipping saving Jira ticket numbers to a file because the branch is not develop"
else
file="jira-tickets.json"
echo "{ \"issues\": $(echo "${tickets}" | jq -R -s -c 'split(" ")[:-1]') }" > "${file}"
echo "Jira ticket numbers saved to ${file}"
fi
fi
- name: Login to ECR
run: |
aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin ${{ env.ECR_ADDRESS }}
- name: configure aws DR credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws:iam::973422231492:role/cmiml-dr-oidc-github-role
role-session-name: gha-oidc-runner
aws-region: ${{ env.DR_AWS_REGION }}
- name: Login to DR ECR
run: |
aws ecr get-login-password --region ${{ env.DR_AWS_REGION }} | docker login --username AWS --password-stdin ${{ env.DR_ECR_ADDRESS }}
- name: Generate short sha
id: sha
run: |
SHORT_SHA=$(git rev-parse --short HEAD)
echo "SHORT_SHA=${SHORT_SHA}" >> $GITHUB_OUTPUT
echo "IMAGE_NAME=${ECR_REPO}:${SHORT_SHA}" >> "$GITHUB_OUTPUT"
- name: Build and push
uses: docker/build-push-action@v5
with:
context: .
file: ./compose/fastapi/Dockerfile
push: true
build-args: |
PIPENV_EXTRA_ARGS=--dev
cache-to: mode=max,image-manifest=true,oci-mediatypes=true,type=registry,ref=${{ env.ECR_REPO }}:cache
cache-from: type=registry,ref=${{ env.ECR_REPO }}:cache
tags: |
${{ env.ECR_REPO }}:latest
${{ env.ECR_REPO }}:${{ steps.sha.outputs.SHORT_SHA }}
${{ env.DR_ECR_REPO }}:latest
${{ env.DR_ECR_REPO }}:${{ steps.sha.outputs.SHORT_SHA }}
platforms: linux/amd64,linux/arm64
- name: Upload artifacts
uses: actions/upload-artifact@v4
with:
name: build-artifacts
path: |
${GITHUB_REPO_NAME}/${OUT_DIR}/build.yml
${GITHUB_REPO_NAME}/${OUT_DIR}/jira-tickets.json
deploy_to_dev:
name: Deploy to Dev
needs: build_job
# environment: dev
#if: ${{ github.event.pull_request.merged }}
uses: ./.github/workflows/run_deploy_dev.yaml
with:
IMAGE_NAME: ${{ needs.build_job.outputs.IMAGE_NAME }}
# deploy_to_uat:
# needs: build_job
# uses: ./.github/workflows/run_deploy_uat.yaml
# with:
# COMMIT_HASH: ${{ github.sha }}
# IMAGE_NAME: ${{ needs.build_job.outputs.IMAGE_NAME }}
#
# deploy_to_test:
# needs: build_job
# uses: ChildMindInstitute/mindlogger-backend-refactor/.github/workflows/run_deploy_test.yaml@develop
# with:
# COMMIT_HASH: ${{ github.sha }}
# IMAGE_PREFIX: ${{ github.ref_name }}