-
Notifications
You must be signed in to change notification settings - Fork 87
115 lines (106 loc) · 5.11 KB
/
deploy-ecs.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
name: Deploy to AWS ECS
on:
push:
branches:
- staging-alt3
# used to configure IAM to trust Github's OIDC provider
permissions:
id-token: write
contents: read
jobs:
# github.ref_name is the current branch name
# this sets the branch_name output to eg, staging-alt3
# other jobs can use this output via needs.set_branch_name.outputs.branch_name
set_branch_name:
outputs:
branch_name: ${{ steps.set_branch_name.outputs.branch_name }}
runs-on: ubuntu-latest
steps:
- id: set_branch_name
# this uses github context which exists in the runner environment
run: echo "branch_name=${{github.ref_name}}" >> $GITHUB_OUTPUT
deploy:
name: Deploy to ECS
needs: set_branch_name
runs-on: ubuntu-latest
# can be used for env rules defined in GH repo settings
environment: ${{ needs.set_branch_name.outputs.branch_name }}
env:
# this is the unique tag for the built docker image
IMAGE_TAG: github-actions-${{ github.sha }}-${{ github.run_id }}-${{github.run_attempt}}
steps:
# checks out the latest code from the repo branch into the runner environment
# dont need this as done directly by buildkit
# need this for the frontend build env vars
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Setup secrets for datadog sourcemap deployment
run: |
echo "APP_VERSION=$(jq -r .version package.json)-$(echo ${GITHUB_REF##*/})-$(echo ${GITHUB_SHA} | cut -c1-8)" >> $GITHUB_ENV
- name: Inject frontend build env vars
env:
VITE_APP_DD_RUM_APP_ID: ${{ secrets.DD_RUM_APP_ID }}
VITE_APP_DD_RUM_CLIENT_TOKEN: ${{ secrets.DD_RUM_CLIENT_TOKEN }}
VITE_APP_DD_RUM_ENV: ${{ secrets.DD_ENV }}
VITE_APP_DD_SAMPLE_RATE: ${{ secrets.DD_SAMPLE_RATE }}
VITE_APP_GA_TRACKING_ID: ${{ secrets.GA_TRACKING_ID }}
VITE_APP_FORMSG_SDK_MODE: ${{ secrets.REACT_APP_FORMSG_SDK_MODE }}
VITE_APP_URL: ${{ secrets.APP_URL }}
run: |
sed -i -e "s|@VITE_APP_URL|${{secrets.APP_URL}}|g" -e "s/@VITE_APP_DD_RUM_APP_ID/$VITE_APP_DD_RUM_APP_ID/g" -e "s/@VITE_APP_DD_RUM_CLIENT_TOKEN/$VITE_APP_DD_RUM_CLIENT_TOKEN/g" -e "s/@VITE_APP_DD_RUM_ENV/$VITE_APP_DD_RUM_ENV/g" -e "s/@VITE_APP_VERSION/${{env.APP_VERSION}}/g" -e "s/@VITE_APP_DD_SAMPLE_RATE/$VITE_APP_DD_SAMPLE_RATE/g" frontend/datadog-chunk.ts
echo VITE_APP_VERSION=${{env.APP_VERSION}} > frontend/.env
echo VITE_APP_URL=$VITE_APP_URL > frontend/.env
echo VITE_APP_GA_TRACKING_ID=$VITE_APP_GA_TRACKING_ID >> frontend/.env
echo VITE_APP_FORMSG_SDK_MODE=$VITE_APP_FORMSG_SDK_MODE >> frontend/.env
echo VITE_APP_DD_RUM_CLIENT_TOKEN=$VITE_APP_DD_RUM_CLIENT_TOKEN >> frontend/.env
echo VITE_APP_DD_RUM_ENV=$VITE_APP_DD_RUM_ENV >> frontend/.env
# configures the runner environment with AWS credentials
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
# to update later to use the new role
role-to-assume: arn:aws:iam::445567101234:role/Staging-Alt3-OIDC
aws-region: ${{ secrets.AWS_DEFAULT_REGION }}
# logs into the Amazon ECR repository, requires the configure AWS credentials above
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build and push Docker image
uses: docker/build-push-action@v6
env:
DD_API_KEY: ${{ secrets.DD_API_KEY }}
DD_ENV: ${{ secrets.DD_ENV }}
with:
# not needed since done by Buildkit which uses git context
context: .
file: Dockerfile.production
push: true
tags: |
${{ steps.login-ecr.outputs.registry }}/formsg/staging-alt3:${{ env.IMAGE_TAG }}
${{ steps.login-ecr.outputs.registry }}/formsg/staging-alt3:latest
build-args: |
APP_VERSION=${{ env.APP_VERSION }}
APP_URL=${{ secrets.APP_URL }}
REPO_URL=${{ github.server_url }}/${{ github.repository }}
secrets: |
"dd_api_key=${{ secrets.DD_API_KEY }}"
# - name: Update ECS service
# run: |
# aws ecs update-service \
# --cluster ${{ secrets.ECS_CLUSTER }} \
# --service ${{ secrets.ECS_SERVICE }} \
# --force-new-deployment \
# --task-definition $(aws ecs register-task-definition \
# --family ${{ secrets.ECS_TASK_FAMILY }} \
# --execution-role-arn ${{ secrets.ECS_TASK_EXECUTION_ROLE }} \
# --container-definitions '[{
# "name": "${{ secrets.ECS_CONTAINER_NAME }}",
# "image": "${{ steps.login-ecr.outputs.registry }}/${{ secrets.ECR_REPOSITORY }}:${{ env.IMAGE_TAG }}",
# "essential": true,
# "portMappings": [{"containerPort": 8080, "protocol": "tcp"}]
# }]' \
# --query 'taskDefinition.taskDefinitionArn' --output text)