-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
902c22a
commit b4cc116
Showing
8 changed files
with
272 additions
and
59 deletions.
There are no files selected for viewing
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,65 @@ | ||
name: Test, Build & Push (dev) | ||
|
||
on: | ||
workflow_call: | ||
outputs: | ||
image_tag: | ||
description: "The image tag that was pushed to ECR" | ||
value: ${{ jobs.push_to_ecr.outputs.image_tag }} | ||
|
||
# TODO: move to workflow inputs: | ||
env: | ||
AWS_REGION: us-east-1 | ||
AWS_ROLE: arn:aws:iam::019120760881:role/prod-use1-github-oidc-role | ||
AWS_ECR_REPOSITORY: probelab | ||
|
||
jobs: | ||
push_to_ecr: | ||
name: Build & Push | ||
runs-on: ubuntu-latest | ||
outputs: | ||
image_tag: ${{ steps.meta.outputs.image }} | ||
steps: | ||
- name: Checking out the Repository | ||
uses: actions/checkout@v4 | ||
|
||
- name: Configuring AWS credentials | ||
uses: aws-actions/configure-aws-credentials@v4 | ||
with: | ||
aws-region: ${{ env.AWS_REGION }} | ||
role-to-assume: ${{ env.AWS_ROLE }} | ||
role-session-name: PushToECR | ||
|
||
- name: Logging in to Amazon ECR | ||
id: login-ecr | ||
uses: aws-actions/amazon-ecr-login@v2 | ||
|
||
- name: Building ants Image Metadata | ||
id: meta | ||
run: | | ||
SHA_SHORT=${{ github.sha }} | ||
SHA_SHORT=${SHA_SHORT::7} | ||
NAMESPACE=${{ steps.login-ecr.outputs.registry }} | ||
TAG="ants-sha${SHA_SHORT}" | ||
IMAGE="$NAMESPACE/$AWS_ECR_REPOSITORY:$TAG" | ||
echo "tag=$TAG" >> $GITHUB_OUTPUT | ||
echo "image=$IMAGE" >> $GITHUB_OUTPUT | ||
- name: Checking if Image exists in ECR | ||
id: check-ecr | ||
run: | | ||
aws ecr describe-images --repository-name $AWS_ECR_REPOSITORY --image-ids imageTag=${{ steps.meta.outputs.tag }} || exit_code=$? | ||
echo "exit_code=$exit_code" >> $GITHUB_OUTPUT | ||
- name: Building Docker Image ${{ steps.meta.outputs.tag }} | ||
id: build | ||
if: steps.check-ecr.outputs.exit_code != 0 | ||
run: docker build -t ${{ steps.meta.outputs.image }} . | ||
|
||
- name: Pushing Docker Image ${{ steps.meta.outputs.tag }} to Amazon ECR | ||
id: push | ||
if: steps.check-ecr.outputs.exit_code != 0 | ||
run: docker push ${{ steps.meta.outputs.image }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,93 @@ | ||
name: Deployment (prod) | ||
|
||
on: | ||
workflow_call: | ||
secrets: | ||
slack_webhook_url: | ||
required: true | ||
|
||
# TODO: move to workflow inputs: | ||
env: | ||
AWS_REGION: us-east-1 | ||
AWS_ROLE: arn:aws:iam::019120760881:role/prod-use1-github-oidc-role | ||
AWS_ECS_TASK_DEFINITION: prod-use1-cmi-ants-celestia-watch-task | ||
AWS_ECS_SERVICE: prod-use1-cmi-ants-celestia-watch | ||
AWS_ECS_CLUSTER_NAME: default | ||
AWS_ECR_REPOSITORY: probelab | ||
|
||
jobs: | ||
deploy: | ||
name: Deploy | ||
runs-on: ubuntu-latest | ||
needs: build_push | ||
steps: | ||
- name: Configuring AWS credentials | ||
uses: aws-actions/configure-aws-credentials@v4 | ||
with: | ||
aws-region: ${{ env.AWS_REGION }} | ||
role-to-assume: ${{ env.AWS_ROLE }} | ||
role-session-name: deploy-ants | ||
|
||
- name: Downloading latest Amazon ECS task definition | ||
id: download | ||
run: | | ||
aws ecs describe-task-definition \ | ||
--task-definition ${{ env.AWS_ECS_TASK_DEFINITION }} \ | ||
--query taskDefinition > task-definition.json | ||
# Extract downloaded task definition revision | ||
REVISION=$(cat task-definition.json | jq -r '.revision') | ||
# Store task definition revision | ||
echo "task_definition=${{ env.AWS_ECS_TASK_DEFINITION }}:$REVISION" >> $GITHUB_OUTPUT | ||
# https://github.com/aws-actions/amazon-ecs-deploy-task-definition/issues/176 | ||
# This isn't critical but just avoids some warning messages in the next step | ||
- name: Removing invalid task definition fields | ||
run: | | ||
cat task-definition.json | jq -r 'del( | ||
.taskDefinitionArn, | ||
.requiresAttributes, | ||
.compatibilities, | ||
.revision, | ||
.status, | ||
.registeredAt, | ||
.registeredBy | ||
)' > task-definition-cleaned.json | ||
- name: Updating image tag of task definition ${{ steps.download.outputs.task_definition }} | ||
id: task-def | ||
uses: aws-actions/amazon-ecs-render-task-definition@v1 | ||
with: | ||
task-definition: task-definition-cleaned.json | ||
container-name: prod-use1-cmi-ants-celestia-watch | ||
image: ${{ needs.build_push.outputs.image_tag }} | ||
|
||
- name: Deploying to Amazon ECS | ||
uses: aws-actions/amazon-ecs-deploy-task-definition@v2 | ||
with: | ||
task-definition: ${{ steps.task-def.outputs.task-definition }} | ||
service: ${{ env.AWS_ECS_SERVICE }} | ||
cluster: ${{ env.AWS_ECS_CLUSTER_NAME }} | ||
wait-for-service-stability: true | ||
wait-for-minutes: 15 # default is 30 | ||
propagate-tags: SERVICE | ||
enable-ecs-managed-tags: true | ||
|
||
- name: Publishing Success Notification to Slack | ||
if: success() | ||
uses: slackapi/[email protected] | ||
with: | ||
webhook: ${{ secrets.slack_webhook_url }} | ||
webhook-type: incoming-webhook | ||
payload: | | ||
text: "✅ Successfully deployed task definition ${{ steps.download.outputs.task_definition }}. <https://${{ env.AWS_REGION }}.console.aws.amazon.com/ecs/v2/clusters/${{ env.AWS_ECS_CLUSTER_NAME }}/services/${{ env.AWS_ECS_SERVICE }}/health|View Service>" | ||
- name: Publishing Error Notification to Slack | ||
if: failure() | ||
uses: slackapi/[email protected] | ||
with: | ||
webhook: ${{ secrets.slack_webhook_url }} | ||
webhook-type: incoming-webhook | ||
payload: | | ||
text: "🚨 Deployment of task definition ${{ steps.download.outputs.task_definition }} failed. <${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|View Run>" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
name: Test | ||
|
||
on: | ||
workflow_call: | ||
jobs: | ||
test: | ||
name: Test | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Checking out repository code | ||
uses: actions/checkout@v4 | ||
|
||
- name: Setting up Golang | ||
uses: actions/setup-go@v5 | ||
with: | ||
go-version-file: go.mod | ||
|
||
- name: Checking Go fmt | ||
run: | | ||
if ! go fmt ./...; then | ||
echo "Go fmt check failed" | ||
exit 1 | ||
fi | ||
- name: Running vet | ||
run: go vet ./... | ||
|
||
- name: Running Tests | ||
run: go test ./... |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
name: Test, Build & Push (dev) | ||
|
||
on: | ||
pull_request: | ||
|
||
jobs: | ||
test: | ||
name: Ants | ||
uses: ./.github/workflows/jobs/test.yml | ||
permissions: | ||
id-token: write | ||
contents: read |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
name: Test, Build & Push (dev) | ||
|
||
on: | ||
workflow_trigger: | ||
push: | ||
branches: | ||
- dev | ||
|
||
env: | ||
AWS_REGION: us-east-1 | ||
AWS_ROLE: arn:aws:iam::019120760881:role/prod-use1-github-oidc-role | ||
AWS_ECR_REPOSITORY: probelab | ||
|
||
jobs: | ||
test: | ||
name: Ants | ||
uses: ./.github/workflows/jobs/test.yml | ||
permissions: | ||
id-token: write | ||
contents: read | ||
build_push: | ||
name: Ants | ||
uses: ./.github/workflows/jobs/build_push.yml | ||
needs: test | ||
permissions: | ||
id-token: write | ||
contents: read |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,38 @@ | ||
name: Deployment (prod) | ||
|
||
on: | ||
workflow_call: | ||
inputs: | ||
service: | ||
required: true | ||
type: string | ||
secrets: | ||
slack_webhook_url: | ||
required: true | ||
|
||
jobs: | ||
test: | ||
name: Ants | ||
uses: ./.github/workflows/jobs/test.yml | ||
permissions: | ||
id-token: write | ||
contents: read | ||
|
||
build_push: | ||
name: Ants | ||
uses: ./.github/workflows/jobs/build_push.yml | ||
needs: test | ||
permissions: | ||
id-token: write | ||
contents: read | ||
|
||
|
||
deploy: | ||
name: Ants | ||
uses: ./.github/workflows/jobs/deploy.yml | ||
needs: build_push | ||
permissions: | ||
id-token: write | ||
contents: read | ||
secrets: | ||
slack_webhook_url: ${{ secrets.SLACK_WEBHOOK_URL }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters