From 3bb7a852175bf4b110c2820fadbbd53a0aa507cc Mon Sep 17 00:00:00 2001 From: Pavlo Getta Date: Tue, 4 Mar 2025 08:26:30 +0100 Subject: [PATCH] Add GH actions to publish images and deploy --- .github/workflows/deploy-staging.yml | 64 ++++++++++++++++ .github/workflows/deploy.yml | 25 ------- .../workflows/publish-production-image.yml | 73 +++++++++++++++++++ 3 files changed, 137 insertions(+), 25 deletions(-) create mode 100644 .github/workflows/deploy-staging.yml delete mode 100644 .github/workflows/deploy.yml create mode 100644 .github/workflows/publish-production-image.yml diff --git a/.github/workflows/deploy-staging.yml b/.github/workflows/deploy-staging.yml new file mode 100644 index 0000000..19e7696 --- /dev/null +++ b/.github/workflows/deploy-staging.yml @@ -0,0 +1,64 @@ +name: Deploy to STAGING + +permissions: + id-token: write # Required for OIDC authentication + contents: read # Standard permission for GitHub Actions + +on: + push: + branches: + - develop + workflow_dispatch: + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +jobs: + deploy-staging: + runs-on: ubuntu-latest + env: + ENVIRONMENT: staging + IMAGE_NAME: ${{ vars.PUBLICECR_URI }} + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-access-key-id: ${{ secrets.PUBLICECR_UPLOAD_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.PUBLICECR_UPLOAD_SECRET_ACCESS_KEY }} + aws-region: ${{ vars.PUBLICECR_REGION }} + + - name: Authenticate with AWS ECR + uses: aws-actions/amazon-ecr-login@v2 + with: + registry-type: public + + - name: Build a Docker image + run: | + docker build --build-arg DEPLOYMENT_ENV=staging -t ${{ vars.PUBLICECR_URI }}:staging . + + - name: Publish To AWS ECR + run: | + docker push ${{ vars.PUBLICECR_URI }}:staging + + - name: Authenticate with AWS ECS + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ vars.AWS_STAGING_ECS_REDEPLOY_ROLE_ARN }} + aws-region: ${{ vars.AWS_STAGING_REGION }} + + - name: Trigger new deployment + run: | + aws ecs update-service \ + --cluster ${{ vars.AWS_STAGING_ECS_CLUSTER }} \ + --service ${{ vars.AWS_STAGING_ECS_SERVICE }} \ + --force-new-deployment + + - name: Wait until the service is stable + run: | + aws ecs wait services-stable \ + --cluster ${{ vars.AWS_STAGING_ECS_CLUSTER }} \ + --service ${{ vars.AWS_STAGING_ECS_SERVICE }} diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml deleted file mode 100644 index 263d336..0000000 --- a/.github/workflows/deploy.yml +++ /dev/null @@ -1,25 +0,0 @@ -name: Publish develop - -on: - push: - branches: - - develop - -jobs: - publish-to-docker-hub: - runs-on: ubuntu-latest - steps: - - name: Checkout code - uses: actions/checkout@v4 - - name: Login to Docker Hub - uses: docker/login-action@v3 - with: - username: ${{ vars.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PASSWORD }} - - name: Build - run: | - docker build -t bluebrain/blue-naas-single-cell . --platform=linux/amd64 - - - name: Publish To DockerHub - run: | - docker push bluebrain/blue-naas-single-cell diff --git a/.github/workflows/publish-production-image.yml b/.github/workflows/publish-production-image.yml new file mode 100644 index 0000000..2c165b6 --- /dev/null +++ b/.github/workflows/publish-production-image.yml @@ -0,0 +1,73 @@ +name: Publish PRODUCTION image + +on: + workflow_dispatch: + +permissions: + contents: write + +jobs: + tag-and-publish-image: + runs-on: ubuntu-latest + env: + ENVIRONMENT: staging + IMAGE_NAME: ${{ vars.PUBLICECR_URI }} + steps: + - name: Fail if branch is not main + if: github.event_name == 'workflow_dispatch' && github.ref != 'refs/heads/main' + run: | + echo "This workflow should not be triggered with workflow_dispatch on a branch other than main" + exit 1 + + - name: Checkout repository + uses: actions/checkout@v4 + with: + fetch-depth: 0 # Get full history to check existing tags + + - name: Set up Git + run: | + git config --global user.name "github-actions[bot]" + git config --global user.email "github-actions[bot]@users.noreply.github.com" + + - name: Determine new tag + id: tag + run: | + YEAR=$(date +'%Y') + MONTH=$(date +'%m') + DAY=$(date +'%d') + LATEST_TAG=$(git tag --sort=-v:refname | grep -E "^${YEAR}\.${MONTH}\.${DAY}\.[0-9]+$" | head -n 1 || echo "") + + if [[ -z "$LATEST_TAG" ]]; then + COUNTER=1 + else + COUNTER=$(( ${LATEST_TAG##*.} + 1 )) + fi + + NEW_TAG="${YEAR}.${MONTH}.${DAY}.${COUNTER}" + echo "NEW_TAG=${NEW_TAG}" >> $GITHUB_ENV + echo "New tag: $NEW_TAG" + + - name: Create Git Tag + run: | + git tag $NEW_TAG + git push origin $NEW_TAG + + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-access-key-id: ${{ secrets.PUBLICECR_UPLOAD_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.PUBLICECR_UPLOAD_SECRET_ACCESS_KEY }} + aws-region: ${{ vars.PUBLICECR_REGION }} + + - name: Authenticate with AWS Public ECR + uses: aws-actions/amazon-ecr-login@v2 + with: + registry-type: public + + - name: Build a Docker image + run: | + docker build --build-arg DEPLOYMENT_ENV=production -t ${{ vars.PUBLICECR_URI }}:${{ env.NEW_TAG }} . + + - name: Publish To AWS ECR + run: | + docker push ${{ vars.PUBLICECR_URI }}:${{ env.NEW_TAG }}