-
Notifications
You must be signed in to change notification settings - Fork 0
116 lines (104 loc) · 3.69 KB
/
npm_build_deploy_default.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
on:
workflow_call:
inputs:
app_name:
required: true
type: string
taskdef_file:
required: true
type: string
account_number:
required: true
type: string
docker_file:
required: true
type: string
cluster_name:
required: true
type: string
aws_region:
required: false
default: "eu-west-1"
type: string
environment:
required: false
default: "staging"
type: string
env_file_secret_var:
required: false
default: ""
type: string
description: "Variable name containing b64 encoded data for .env file"
secrets:
build_params_gh_secret_keys:
required: false
description: "Pass github secrets in json format for supporting docker build"
jobs:
deploy_workflow:
name: Deploy ${{ inputs.app_name }}
permissions:
id-token: write
contents: write
environment: ${{ inputs.environment }}
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-region: ${{ inputs.aws_region }}
role-to-assume: arn:aws:iam::${{ inputs.account_number }}:role/${{ inputs.app_name }}-GithubActionsRole
role-session-name: GithubActionsSession
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1
- name: Setup node
uses: actions/setup-node@v2
with:
node-version: 20.9.0
- name: Set up secrets
run: |
if [ -n "${{ secrets.build_params_gh_secret_keys }}" ]; then
echo "${{ secrets.build_params_gh_secret_keys }}" > secrets.json
fi
- name: Parse secrets and set environment variables
run: |
if [ -f secrets.json ]; then
echo "Setting environment variables from JSON..."
jq -r 'to_entries | .[] | "\(.key)=\(.value)"' secrets.json >> $GITHUB_ENV
fi
- name: Set up secrets from base64 encoded secret to .env file in code directory
run: |
if [[ -n "${{ inputs.env_file_secret_var }}" ]]; then
echo "Fetching and decoding .env file data from secret.${{ inputs.env_file_secret_var }}"
echo "${{ secrets[inputs.env_file_secret_var] }}" | base64 -d > code/.env
fi
- name: INSTALL
run: npm install
- name: Build
run: npm run build
- name: Build, tag, and push image to Amazon ECR
id: build-image
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
IMAGE_TAG: ${{ github.sha }}
ECR_REPOSITORY: ${{ inputs.app_name }}-ecr
run: |
docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
echo "image=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT
- name: Fill in the new image ID in the Amazon ECS task definition
id: task-def
uses: aws-actions/amazon-ecs-render-task-definition@v1
with:
task-definition: ${{ inputs.taskdef_file }}
container-name: ${{ inputs.app_name }}
image: ${{ steps.build-image.outputs.image }}
- name: Deploy Amazon ECS task definition
uses: aws-actions/amazon-ecs-deploy-task-definition@v1
with:
task-definition: ${{ steps.task-def.outputs.task-definition }}
service: ${{ inputs.app_name }}-ecs-service
cluster: ${{ inputs.cluster_name }}
wait-for-service-stability: true