Deploy to Amazon ECS PRODUCTION #15
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This workflow uses actions that are not certified by GitHub. | |
| # They are provided by a third-party and are governed by | |
| # separate terms of service, privacy policy, and support | |
| # documentation. | |
| # GitHub recommends pinning actions to a commit SHA. | |
| # To get a newer version, you will need to update the SHA. | |
| # You can also reference a tag or branch, but the action may change without warning. | |
| name: Deploy to Amazon ECS PRODUCTION | |
| on: | |
| # pull_request: | |
| # push: | |
| # branches: | |
| # - master | |
| workflow_dispatch: | |
| inputs: | |
| refToDeploy: | |
| description: "Branch, tag or commit SHA1 to deploy" | |
| required: true | |
| type: string | |
| defaults: | |
| run: | |
| shell: bash | |
| env: | |
| AWS_REGION: eu-west-2 | |
| ECR_REPOSITORY: paasmigration-default-webapp-repository # set this to your Amazon ECR repository name | |
| ECS_SERVICE: paasmigration-default-webapp-service # set this to your Amazon ECS service name | |
| ECS_CLUSTER: paasmigration-default-ecs-cluster # set this to your Amazon ECS cluster name | |
| # ECS_TASK_DEFINITION: MY_ECS_TASK_DEFINITION # set this to the path to your Amazon ECS task definition | |
| # file, e.g. .aws/task-definition.json | |
| CONTAINER_NAME: | |
| HfUApp # set this to the name of the container in the | |
| # containerDefinitions section of your task definition | |
| jobs: | |
| # test: | |
| # name: Test | |
| # runs-on: ubuntu-latest | |
| # services: | |
| # postgres: | |
| # image: postgres:13.5 | |
| # env: | |
| # POSTGRES_PASSWORD: password | |
| # POSTGRES_USER: ukraine | |
| # POSTGRES_DB: ukraine | |
| # ports: | |
| # - 5432:5432 | |
| # # needed because the postgres container does not provide a healthcheck | |
| # # tmpfs makes DB faster by using RAM | |
| # options: >- | |
| # --mount type=tmpfs,destination=/var/lib/postgresql/data | |
| # --health-cmd pg_isready | |
| # --health-interval 10s | |
| # --health-timeout 5s | |
| # --health-retries 5 | |
| # redis: | |
| # # Docker Hub image | |
| # image: redis | |
| # # Set health checks to wait until redis has started | |
| # options: >- | |
| # --health-cmd "redis-cli ping" | |
| # --health-interval 10s | |
| # --health-timeout 5s | |
| # --health-retries 5 | |
| # env: | |
| # RAILS_ENV: test | |
| # INSTANCE_NAME: ukraine-sponsor-resettlement-test | |
| # VCAP_SERVICES: '{"redis":[{"instance_name":"ukraine-sponsor-resettlement-test-redis","credentials":{"uri":"redis://redis"}}],"aws-s3-bucket":[{"instance_name":"ukraine-sponsor-resettlement-test-s3","credentials":{"aws_access_key_id":"access-key-id","aws_secret_access_key":"secret-access-key","aws_region":"eu-west-2","bucket_name":"test-bucket"}}]}' | |
| # GEMFILE_RUBY_VERSION: 3.1.2 | |
| # DB_HOST: localhost | |
| # DB_DATABASE: ukraine | |
| # DB_USERNAME: ukraine | |
| # DB_PASSWORD: password | |
| # GOVUK_NOTIFY_API_KEY: ${{ secrets.GOVUK_NOTIFY_API_KEY }} | |
| # steps: | |
| # - name: Checkout | |
| # uses: actions/checkout@v4 | |
| # with: | |
| # ref: ${{ inputs.refToDeploy }} | |
| # - name: Set up Ruby | |
| # uses: ruby/setup-ruby@v1 | |
| # with: | |
| # # runs 'bundle install' and caches installed gems automatically | |
| # bundler-cache: true | |
| # - name: Set up node | |
| # uses: actions/setup-node@v4 | |
| # with: | |
| # node-version: "20" | |
| # - name: Create DB | |
| # run: | | |
| # bundle exec rake db:prepare | |
| # - name: Migrate DB | |
| # run: | | |
| # bundle exec rake db:migrate | |
| # - name: Compile Assets | |
| # run: | | |
| # bundle exec rake assets:precompile | |
| # - name: Run tests | |
| # run: | | |
| # bundle exec rake | |
| # #- name: Test coverage | |
| # # uses: joshmfrankel/simplecov-check-action@main | |
| # # with: | |
| # # github_token: ${{ secrets.GITHUB_TOKEN }} | |
| # # minimum_suite_coverage: 70 | |
| # # minimum_file_coverage: 0 | |
| # lint: | |
| # name: Lint | |
| # runs-on: ubuntu-latest | |
| # steps: | |
| # - name: Checkout | |
| # uses: actions/checkout@v4 | |
| # with: | |
| # ref: ${{ inputs.refToDeploy }} | |
| # - name: Set up Ruby | |
| # uses: ruby/setup-ruby@v1 | |
| # with: | |
| # # runs 'bundle install' and caches installed gems automatically | |
| # bundler-cache: true | |
| # - name: Rubocop | |
| # run: | | |
| # bundle exec rubocop | |
| # audit: | |
| # name: Audit dependencies | |
| # runs-on: ubuntu-latest | |
| # steps: | |
| # - name: Checkout | |
| # uses: actions/checkout@v4 | |
| # with: | |
| # ref: ${{ inputs.refToDeploy }} | |
| # - name: Set up Ruby | |
| # uses: ruby/setup-ruby@v1 | |
| # with: | |
| # # runs 'bundle install' and caches installed gems automatically | |
| # bundler-cache: true | |
| # - name: Audit | |
| # run: | | |
| # bundle exec bundler-audit | |
| # brakeman-scan: | |
| # name: Brakeman Scan | |
| # runs-on: ubuntu-latest | |
| # steps: | |
| # # Checkout the repository to the GitHub Actions runner | |
| # - name: Checkout | |
| # uses: actions/checkout@v4 | |
| # with: | |
| # ref: ${{ inputs.refToDeploy }} | |
| # # Customize the ruby version depending on your needs | |
| # - name: Setup Ruby | |
| # uses: ruby/setup-ruby@v1 | |
| # - name: Setup Brakeman | |
| # run: | | |
| # gem install brakeman | |
| # # Execute Brakeman CLI and generate a SARIF output with the security issues identified during the analysis | |
| # - name: Scan | |
| # run: | | |
| # brakeman --color -o /dev/stdout | |
| deploy: | |
| name: Deploy | |
| runs-on: ubuntu-latest | |
| environment: aws-production | |
| # needs: [lint, test, audit, brakeman-scan] | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ inputs.refToDeploy }} | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: ${{ env.AWS_REGION }} | |
| - name: Login to Amazon ECR | |
| id: login-ecr | |
| uses: aws-actions/amazon-ecr-login@v2 | |
| - name: Build, tag, and push image to Amazon ECR | |
| id: build-image | |
| env: | |
| ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
| IMAGE_TAG: latest | |
| run: | | |
| # Build a docker container and | |
| # push it to ECR so that it can | |
| # be deployed to ECS. | |
| docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG -f Dockerfile-prod . | |
| docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG | |
| echo "image=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT | |
| - name: Run DB migrations | |
| id: db-migrate | |
| run: aws ecs run-task --cluster paasmigration-default-ecs-cluster --launch-type FARGATE --task-definition paasmigration-default-dbmigrate --network-configuration "awsvpcConfiguration={subnets=[subnet-091481d87daeaa67e,subnet-02591304001ccdcf4,subnet-037b1a22886c08933],securityGroups=[sg-03b9ae71f227ea847]}" | |
| - name: Force deployment | |
| id: force-deploy | |
| run: | | |
| aws ecs update-service --cluster paasmigration-default-ecs-cluster --service paasmigration-default-webapp-service --force-new-deployment | |
| aws ecs update-service --cluster paasmigration-default-ecs-cluster --service paasmigration-default-sidekiq-service --force-new-deployment |