-
Notifications
You must be signed in to change notification settings - Fork 3
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #9 from nicholascwd/feature/XDR-5474
XDR-5474: Add ecr and ecs workflows
Showing
2 changed files
with
179 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,69 @@ | ||
on: | ||
workflow_call: | ||
inputs: | ||
environment: | ||
description: The environment that this job references. e.g. prod | ||
required: false | ||
type: string | ||
default: '' | ||
awsRegion: | ||
description: AWS region. e.g. ap-southeast-1 | ||
required: true | ||
type: string | ||
iamRoleToAssume: | ||
description: IAM role to assume when logging in to AWS. e.g. arn:aws:iam::11111:role/read-only | ||
required: false | ||
type: string | ||
default: '' | ||
ecrRegistryName: | ||
description: ECR registry name. e.g. 11111111.dkr.ecr.ap-southeast-1.amazonaws.com | ||
required: true | ||
type: string | ||
imageRepoName: | ||
description: Docker image repository. e.g. customer | ||
required: true | ||
type: string | ||
imageTag: | ||
description: Docker image tag. e.g. 1.0.0 | ||
required: true | ||
type: string | ||
|
||
secrets: | ||
AWS_ACCESS_KEY_ID: | ||
description: AWS access key ID. | ||
required: true | ||
AWS_SECRET_ACCESS_KEY: | ||
description: AWS secret access key. | ||
required: true | ||
GIT_TOKEN_BASIC: | ||
required: false | ||
|
||
jobs: | ||
build-and-push-docker-image: | ||
name: Builds a Docker image and pushes it to an ECR repository. | ||
runs-on: ubuntu-latest | ||
environment: ${{ inputs.environment }} | ||
steps: | ||
- uses: actions/checkout@v4 | ||
with: | ||
submodules: true | ||
token: ${{ secrets.GIT_TOKEN_BASIC || github.token }} | ||
|
||
- name: Configure AWS Credentials | ||
uses: aws-actions/configure-aws-credentials@v4 | ||
with: | ||
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | ||
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | ||
aws-region: ${{ inputs.awsRegion }} | ||
role-to-assume: ${{ inputs.iamRoleToAssume }} | ||
|
||
- name: Login to ECR | ||
uses: docker/login-action@v3 | ||
with: | ||
registry: ${{ inputs.ecrRegistryName }} | ||
|
||
- name: Build and push | ||
uses: docker/build-push-action@v5 | ||
with: | ||
push: true | ||
tags: ${{ inputs.ecrRegistryName }}/${{ inputs.imageRepoName }}:${{ inputs.imageTag }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,110 @@ | ||
on: | ||
workflow_call: | ||
inputs: | ||
environment: | ||
description: The environment that this job references. e.g. prod | ||
required: false | ||
type: string | ||
default: '' | ||
awsRegion: | ||
description: AWS region. e.g. ap-southeast-1 | ||
required: true | ||
type: string | ||
iamRoleToAssume: | ||
description: IAM role to assume when logging in to AWS. e.g. arn:aws:iam::11111:role/read-only | ||
required: false | ||
type: string | ||
default: '' | ||
ecsCluster: | ||
description: The name of the ECS service's cluster | ||
required: true | ||
type: string | ||
ecsService: | ||
description: The name of the ECS service to update | ||
required: true | ||
type: string | ||
ecsTaskFamily: | ||
description: Family of the task. This is available in the JSON of the task definition. | ||
required: true | ||
type: string | ||
ecsNewDockerImage: | ||
description: The rull URI of the container image to insert into the ECS task definition. | ||
required: true | ||
type: string | ||
imageRepoName: | ||
description: The name of container image to insert into the ECS task definition. | ||
required: true | ||
type: string | ||
|
||
secrets: | ||
AWS_ACCESS_KEY_ID: | ||
description: AWS access key ID. | ||
required: true | ||
AWS_SECRET_ACCESS_KEY: | ||
description: AWS secret access key. | ||
required: true | ||
GIT_TOKEN_BASIC: | ||
required: false | ||
|
||
jobs: | ||
update-ecs: | ||
name: Update ECS task definition with a new Docker image, and update the ECS service. | ||
runs-on: ubuntu-latest | ||
environment: ${{ inputs.environment }} | ||
steps: | ||
- uses: actions/checkout@v4 | ||
with: | ||
submodules: true | ||
token: ${{ secrets.GIT_TOKEN_BASIC || github.token }} | ||
|
||
- name: Configure AWS Credentials | ||
uses: aws-actions/configure-aws-credentials@v4 | ||
with: | ||
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | ||
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | ||
aws-region: ${{ inputs.awsRegion }} | ||
role-to-assume: ${{ inputs.iamRoleToAssume }} | ||
|
||
- name: Download current task definition | ||
run: | | ||
echo "Getting latest task definition" | ||
latest_revision=$(aws ecs list-task-definitions --family-prefix ${{ inputs.ecsTaskFamily }} --query 'taskDefinitionArns[0]' --sort DESC --no-paginate | sed 's/.*:\(.*\)"/\1/') | ||
echo "Registering task definition" | ||
aws ecs describe-task-definition --task-definition "${{ inputs.ecsTaskFamily }}:${latest_revision}" --query \ | ||
'taskDefinition.{ | ||
family: family, | ||
taskRoleArn: taskRoleArn, | ||
executionRoleArn: executionRoleArn, | ||
networkMode: networkMode, | ||
containerDefinitions: containerDefinitions, | ||
volumes: volumes, | ||
placementConstraints: placementConstraints, | ||
requiresCompatibilities: requiresCompatibilities, | ||
cpu: cpu, | ||
memory: memory, | ||
ephemeralStorage: ephemeralStorage, | ||
runtimePlatform: runtimePlatform}' > latest-task-definition.json | ||
- name: Render new task definition | ||
id: render-new-task-definition | ||
uses: aws-actions/amazon-ecs-render-task-definition@v1 | ||
with: | ||
task-definition: latest-task-definition.json | ||
container-name: ${{ inputs.imageRepoName }} | ||
image: ${{ inputs.ecsNewDockerImage }} | ||
|
||
- name: Echo new task definition | ||
run: | | ||
echo "Print latest task definition" | ||
cat latest-task-definition.json | ||
echo ${{ steps.render-new-task-definition.outputs.task-definition }} | ||
- name: Update ECS service | ||
uses: aws-actions/amazon-ecs-deploy-task-definition@v1 | ||
with: | ||
task-definition: ${{ steps.render-new-task-definition.outputs.task-definition }} | ||
cluster: ${{ inputs.ecsCluster }} | ||
service: ${{ inputs.ecsService }} |