fix: add depths and env #6
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Deploy to AWS ECS | |
on: | |
push: | |
branches: | |
- staging-alt3 | |
# used to configure IAM to trust Github's OIDC provider | |
permissions: | |
id-token: write | |
contents: read | |
jobs: | |
# github.ref_name is the current branch name | |
# this sets the branch_name output to eg, staging-alt3 | |
# other jobs can use this output via needs.set_branch_name.outputs.branch_name | |
set_branch_name: | |
outputs: | |
branch_name: ${{ steps.set_branch_name.outputs.branch_name }} | |
runs-on: ubuntu-latest | |
steps: | |
- id: set_branch_name | |
# this uses github context which exists in the runner environment | |
run: echo "branch_name=${{github.ref_name}}" >> $GITHUB_OUTPUT | |
deploy: | |
name: Deploy to ECS | |
needs: set_branch_name | |
runs-on: ubuntu-latest | |
# can be used for env rules defined in GH repo settings | |
environment: ${{ needs.set_branch_name.outputs.branch_name }} | |
env: | |
# this is the unique tag for the built docker image | |
IMAGE_TAG: github-actions-${{ github.sha }}-${{ github.run_id }}-${{github.run_attempt}} | |
steps: | |
# checks out the latest code from the repo branch into the runner environment | |
# dont need this as done directly by buildkit | |
# need this for the frontend build env vars | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Setup secrets for datadog sourcemap deployment | |
run: | | |
echo "APP_VERSION=$(jq -r .version package.json)-$(echo ${GITHUB_REF##*/})-$(echo ${GITHUB_SHA} | cut -c1-8)" >> $GITHUB_ENV | |
- name: Inject frontend build env vars | |
env: | |
VITE_APP_DD_RUM_APP_ID: ${{ secrets.DD_RUM_APP_ID }} | |
VITE_APP_DD_RUM_CLIENT_TOKEN: ${{ secrets.DD_RUM_CLIENT_TOKEN }} | |
VITE_APP_DD_RUM_ENV: ${{ secrets.DD_ENV }} | |
VITE_APP_DD_SAMPLE_RATE: ${{ secrets.DD_SAMPLE_RATE }} | |
VITE_APP_GA_TRACKING_ID: ${{ secrets.GA_TRACKING_ID }} | |
VITE_APP_FORMSG_SDK_MODE: ${{ secrets.REACT_APP_FORMSG_SDK_MODE }} | |
VITE_APP_URL: ${{ secrets.APP_URL }} | |
run: | | |
sed -i -e "s|@VITE_APP_URL|${{secrets.APP_URL}}|g" -e "s/@VITE_APP_DD_RUM_APP_ID/$VITE_APP_DD_RUM_APP_ID/g" -e "s/@VITE_APP_DD_RUM_CLIENT_TOKEN/$VITE_APP_DD_RUM_CLIENT_TOKEN/g" -e "s/@VITE_APP_DD_RUM_ENV/$VITE_APP_DD_RUM_ENV/g" -e "s/@VITE_APP_VERSION/${{env.APP_VERSION}}/g" -e "s/@VITE_APP_DD_SAMPLE_RATE/$VITE_APP_DD_SAMPLE_RATE/g" frontend/datadog-chunk.ts | |
echo VITE_APP_VERSION=${{env.APP_VERSION}} > frontend/.env | |
echo VITE_APP_URL=$VITE_APP_URL > frontend/.env | |
echo VITE_APP_GA_TRACKING_ID=$VITE_APP_GA_TRACKING_ID >> frontend/.env | |
echo VITE_APP_FORMSG_SDK_MODE=$VITE_APP_FORMSG_SDK_MODE >> frontend/.env | |
echo VITE_APP_DD_RUM_CLIENT_TOKEN=$VITE_APP_DD_RUM_CLIENT_TOKEN >> frontend/.env | |
echo VITE_APP_DD_RUM_ENV=$VITE_APP_DD_RUM_ENV >> frontend/.env | |
# configures the runner environment with AWS credentials | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
# to update later to use the new role | |
role-to-assume: arn:aws:iam::445567101234:role/Staging-Alt3-OIDC | |
aws-region: ${{ secrets.AWS_DEFAULT_REGION }} | |
# logs into the Amazon ECR repository, requires the configure AWS credentials above | |
- name: Login to Amazon ECR | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v2 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Build and push Docker image | |
uses: docker/build-push-action@v6 | |
env: | |
DD_API_KEY: ${{ secrets.DD_API_KEY }} | |
DD_ENV: ${{ secrets.DD_ENV }} | |
with: | |
# not needed since done by Buildkit which uses git context | |
context: . | |
file: Dockerfile.production | |
push: true | |
tags: | | |
${{ steps.login-ecr.outputs.registry }}/formsg/staging-alt3:${{ env.IMAGE_TAG }} | |
${{ steps.login-ecr.outputs.registry }}/formsg/staging-alt3:latest | |
build-args: | | |
APP_VERSION=${{ env.APP_VERSION }} | |
APP_URL=${{ secrets.APP_URL }} | |
REPO_URL=${{ github.server_url }}/${{ github.repository }} | |
secrets: | | |
"dd_api_key=${{ secrets.DD_API_KEY }}" | |
# - name: Update ECS service | |
# run: | | |
# aws ecs update-service \ | |
# --cluster ${{ secrets.ECS_CLUSTER }} \ | |
# --service ${{ secrets.ECS_SERVICE }} \ | |
# --force-new-deployment \ | |
# --task-definition $(aws ecs register-task-definition \ | |
# --family ${{ secrets.ECS_TASK_FAMILY }} \ | |
# --execution-role-arn ${{ secrets.ECS_TASK_EXECUTION_ROLE }} \ | |
# --container-definitions '[{ | |
# "name": "${{ secrets.ECS_CONTAINER_NAME }}", | |
# "image": "${{ steps.login-ecr.outputs.registry }}/${{ secrets.ECR_REPOSITORY }}:${{ env.IMAGE_TAG }}", | |
# "essential": true, | |
# "portMappings": [{"containerPort": 8080, "protocol": "tcp"}] | |
# }]' \ | |
# --query 'taskDefinition.taskDefinitionArn' --output text) | |