Skip to content

Commit

Permalink
Merge pull request #9 from nicholascwd/feature/XDR-5474
Browse files Browse the repository at this point in the history
XDR-5474: Add ecr and ecs workflows
GerardSetho authored Feb 20, 2024
2 parents 7c63197 + af4eeba commit 92d6496
Showing 2 changed files with 179 additions and 0 deletions.
69 changes: 69 additions & 0 deletions .github/workflows/build-and-push-image-to-ecr.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,69 @@
on:
workflow_call:
inputs:
environment:
description: The environment that this job references. e.g. prod
required: false
type: string
default: ''
awsRegion:
description: AWS region. e.g. ap-southeast-1
required: true
type: string
iamRoleToAssume:
description: IAM role to assume when logging in to AWS. e.g. arn:aws:iam::11111:role/read-only
required: false
type: string
default: ''
ecrRegistryName:
description: ECR registry name. e.g. 11111111.dkr.ecr.ap-southeast-1.amazonaws.com
required: true
type: string
imageRepoName:
description: Docker image repository. e.g. customer
required: true
type: string
imageTag:
description: Docker image tag. e.g. 1.0.0
required: true
type: string

secrets:
AWS_ACCESS_KEY_ID:
description: AWS access key ID.
required: true
AWS_SECRET_ACCESS_KEY:
description: AWS secret access key.
required: true
GIT_TOKEN_BASIC:
required: false

jobs:
build-and-push-docker-image:
name: Builds a Docker image and pushes it to an ECR repository.
runs-on: ubuntu-latest
environment: ${{ inputs.environment }}
steps:
- uses: actions/checkout@v4
with:
submodules: true
token: ${{ secrets.GIT_TOKEN_BASIC || github.token }}

- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ inputs.awsRegion }}
role-to-assume: ${{ inputs.iamRoleToAssume }}

- name: Login to ECR
uses: docker/login-action@v3
with:
registry: ${{ inputs.ecrRegistryName }}

- name: Build and push
uses: docker/build-push-action@v5
with:
push: true
tags: ${{ inputs.ecrRegistryName }}/${{ inputs.imageRepoName }}:${{ inputs.imageTag }}
110 changes: 110 additions & 0 deletions .github/workflows/update-ecs.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,110 @@
on:
workflow_call:
inputs:
environment:
description: The environment that this job references. e.g. prod
required: false
type: string
default: ''
awsRegion:
description: AWS region. e.g. ap-southeast-1
required: true
type: string
iamRoleToAssume:
description: IAM role to assume when logging in to AWS. e.g. arn:aws:iam::11111:role/read-only
required: false
type: string
default: ''
ecsCluster:
description: The name of the ECS service's cluster
required: true
type: string
ecsService:
description: The name of the ECS service to update
required: true
type: string
ecsTaskFamily:
description: Family of the task. This is available in the JSON of the task definition.
required: true
type: string
ecsNewDockerImage:
description: The rull URI of the container image to insert into the ECS task definition.
required: true
type: string
imageRepoName:
description: The name of container image to insert into the ECS task definition.
required: true
type: string

secrets:
AWS_ACCESS_KEY_ID:
description: AWS access key ID.
required: true
AWS_SECRET_ACCESS_KEY:
description: AWS secret access key.
required: true
GIT_TOKEN_BASIC:
required: false

jobs:
update-ecs:
name: Update ECS task definition with a new Docker image, and update the ECS service.
runs-on: ubuntu-latest
environment: ${{ inputs.environment }}
steps:
- uses: actions/checkout@v4
with:
submodules: true
token: ${{ secrets.GIT_TOKEN_BASIC || github.token }}

- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ inputs.awsRegion }}
role-to-assume: ${{ inputs.iamRoleToAssume }}

- name: Download current task definition
run: |
echo "Getting latest task definition"
latest_revision=$(aws ecs list-task-definitions --family-prefix ${{ inputs.ecsTaskFamily }} --query 'taskDefinitionArns[0]' --sort DESC --no-paginate | sed 's/.*:\(.*\)"/\1/')
echo "Registering task definition"
aws ecs describe-task-definition --task-definition "${{ inputs.ecsTaskFamily }}:${latest_revision}" --query \
'taskDefinition.{
family: family,
taskRoleArn: taskRoleArn,
executionRoleArn: executionRoleArn,
networkMode: networkMode,
containerDefinitions: containerDefinitions,
volumes: volumes,
placementConstraints: placementConstraints,
requiresCompatibilities: requiresCompatibilities,
cpu: cpu,
memory: memory,
ephemeralStorage: ephemeralStorage,
runtimePlatform: runtimePlatform}' > latest-task-definition.json
- name: Render new task definition
id: render-new-task-definition
uses: aws-actions/amazon-ecs-render-task-definition@v1
with:
task-definition: latest-task-definition.json
container-name: ${{ inputs.imageRepoName }}
image: ${{ inputs.ecsNewDockerImage }}

- name: Echo new task definition
run: |
echo "Print latest task definition"
cat latest-task-definition.json
echo ${{ steps.render-new-task-definition.outputs.task-definition }}
- name: Update ECS service
uses: aws-actions/amazon-ecs-deploy-task-definition@v1
with:
task-definition: ${{ steps.render-new-task-definition.outputs.task-definition }}
cluster: ${{ inputs.ecsCluster }}
service: ${{ inputs.ecsService }}

0 comments on commit 92d6496

Please sign in to comment.