-
Notifications
You must be signed in to change notification settings - Fork 16
223 lines (216 loc) · 8.42 KB
/
deploy-application.yml
File metadata and controls
223 lines (216 loc) · 8.42 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
name: Deploy application
run-name: Deploy application to ${{ inputs.environment }}
on:
workflow_dispatch:
inputs:
environment:
description: Deployment environment
required: true
type: choice
options:
- qa
- poc
- copilotmigration
- test
- preview
- training
- production
image_tag:
description: Docker image tag
required: false
type: string
server_types:
description: Server types to deploy
required: true
type: choice
options:
- all
- web
- good-job
default: all
workflow_call:
inputs:
environment:
required: true
type: string
image_tag:
required: false
type: string
server_types:
required: true
type: string
concurrency:
group: deploy-application-${{ inputs.environment }}
env:
aws-role: ${{ inputs.environment == 'production'
&& 'arn:aws:iam::820242920762:role/GithubDeployMavisAndInfrastructure'
|| 'arn:aws:iam::393416225559:role/GithubDeployMavisAndInfrastructure' }}
terraform-working-directory: terraform/app
jobs:
plan-changes:
name: Plan task definition changes
runs-on: ubuntu-latest
permissions:
id-token: write
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ env.aws-role }}
aws-region: eu-west-2
- name: Login to ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
- name: pull docker image
run: |
DOCKER_IMAGE="${{ steps.login-ecr.outputs.registry }}/mavis/webapp:${{ inputs.image_tag || github.sha }}"
docker pull "$DOCKER_IMAGE"
echo "DOCKER_IMAGE=$DOCKER_IMAGE" >> $GITHUB_ENV
- name: Extract image digest
run: |
DOCKER_DIGEST=$(docker inspect --format='{{index .RepoDigests 0}}' "$DOCKER_IMAGE")
DIGEST="${DOCKER_DIGEST#*@}"
echo "DIGEST=$DIGEST" >> $GITHUB_ENV
- name: Install terraform
uses: hashicorp/setup-terraform@v3
with:
terraform_version: 1.10.5
- name: Update the task definition
id: plan
working-directory: ${{ env.terraform-working-directory }}
run: |
terraform init -backend-config="env/${{ inputs.environment }}-backend.hcl" -upgrade
terraform plan -var-file="env/${{ inputs.environment }}.tfvars" \
-var="image_digest=$DIGEST" -out=${{ runner.temp }}/tfplan | tee ${{ runner.temp }}/tf_stdout
- name: Validate the changes
run: |
./terraform/scripts/check_task_definition.sh ${{ runner.temp }}/tf_stdout
- name: Upload artifact
uses: actions/upload-artifact@v4
with:
name: tfplan_app-${{ inputs.environment }}
path: ${{ runner.temp }}/tfplan
apply-changes:
name: Apply task definition changes
runs-on: ubuntu-latest
needs: plan-changes
environment: ${{ inputs.environment }}
permissions:
id-token: write
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ env.aws-role }}
aws-region: eu-west-2
- name: Download artifact
uses: actions/download-artifact@v4
with:
name: tfplan_app-${{ inputs.environment }}
path: ${{ runner.temp }}
- name: Install terraform
uses: hashicorp/setup-terraform@v3
with:
terraform_version: 1.10.5
- name: Apply the changes
working-directory: ${{ env.terraform-working-directory }}
run: |
terraform init -backend-config="env/${{ inputs.environment }}-backend.hcl" -upgrade
terraform apply ${{ runner.temp }}/tfplan
echo "s3_bucket=$(terraform output -raw s3_bucket)" >> ${{ runner.temp }}/DEPLOYMENT_ENVS
echo "s3_key=$(terraform output -raw s3_key)" >> ${{ runner.temp }}/DEPLOYMENT_ENVS
echo "application=$(terraform output -raw codedeploy_application_name)" >> ${{ runner.temp }}/DEPLOYMENT_ENVS
echo "application_group=$(terraform output -raw codedeploy_deployment_group_name)" >> ${{ runner.temp }}/DEPLOYMENT_ENVS
echo "ecs_variables=$(terraform output -json ecs_variables | sed 's/\"/\\"/g')" >> ${{ runner.temp }}/DEPLOYMENT_ENVS
- name: Upload artifact
uses: actions/upload-artifact@v4
with:
name: DEPLOYMENT_ENVS-${{ inputs.environment }}
path: ${{ runner.temp }}/DEPLOYMENT_ENVS
create-web-deployment:
name: Create web deployment
runs-on: ubuntu-latest
needs: apply-changes
if: inputs.server_types == 'web' || inputs.server_types == 'all'
environment: ${{ inputs.environment }}
permissions:
id-token: write
steps:
- name: Download artifact
uses: actions/download-artifact@v4
with:
name: DEPLOYMENT_ENVS-${{ inputs.environment }}
path: ${{ runner.temp }}/artifact
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ env.aws-role }}
aws-region: eu-west-2
- name: Install AWS CLI
run: sudo snap install --classic aws-cli
- name: Trigger CodeDeploy deployment
run: |
source ${{ runner.temp }}/artifact/DEPLOYMENT_ENVS
deployment_id=$(aws deploy create-deployment \
--application-name "$application" --deployment-group-name "$application_group" \
--s3-location bucket="$s3_bucket",key="$s3_key",bundleType=yaml | jq -r .deploymentId)
echo "Deployment started: $deployment_id"
echo "deployment_id=$deployment_id" >> $GITHUB_ENV
- name: Wait up to 30 minutes for deployment to complete
run: |
aws deploy wait deployment-successful --deployment-id $deployment_id
echo "Deployment successful"
create-good-job-deployment:
name: Create good-job deployment
runs-on: ubuntu-latest
needs: apply-changes
if: inputs.server_types == 'good-job' || inputs.server_types == 'all'
environment: ${{ inputs.environment }}
permissions:
id-token: write
steps:
- name: Download artifact
uses: actions/download-artifact@v4
with:
name: DEPLOYMENT_ENVS-${{ inputs.environment }}
path: ${{ runner.temp }}/artifact
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ env.aws-role }}
aws-region: eu-west-2
- name: Install AWS CLI
run: sudo snap install --classic aws-cli
- name: Trigger ECS Deployment
run: |
source ${{ runner.temp }}/artifact/DEPLOYMENT_ENVS
echo "$ecs_variables"
cluster_name=$(echo "$ecs_variables" | jq -r '.cluster_name')
service_name=$(echo "$ecs_variables" | jq -r '.good_job.service_name')
task_definition=$(echo "$ecs_variables" | jq -r '.good_job.task_definition.arn')
DEPLOYMENT_ID=$(aws ecs update-service --cluster $cluster_name --service $service_name \
--task-definition $task_definition --force-new-deployment \
--query 'service.deployments[?rolloutState==`IN_PROGRESS`].[id][0]' --output text)
echo "Deployment started: $DEPLOYMENT_ID"
echo "deployment_id=$DEPLOYMENT_ID" >> $GITHUB_ENV
- name: Wait for deployment to complete
run: |
source ${{ runner.temp }}/artifact/DEPLOYMENT_ENVS
cluster_name=$(echo "$ecs_variables" | jq -r '.cluster_name')
service_name=$(echo "$ecs_variables" | jq -r '.good_job.service_name')
DEPLOYMENT_STATE=IN_PROGRESS
while [ "$DEPLOYMENT_STATE" == "IN_PROGRESS" ]; do
echo "Waiting for deployment to complete..."
sleep 30
DEPLOYMENT_STATE="$(aws ecs describe-services --cluster $cluster_name --services $service_name \
--query "services[0].deployments[?id == \`$deployment_id\`].[rolloutState][0]" --output text)"
done
if [ "$DEPLOYMENT_STATE" != "COMPLETED" ]; then
echo "Deployment failed with state: $DEPLOYMENT_STATE"
exit 1
fi
echo "Deployment successful"