Skip to content

Deploy to qa

Deploy to qa #837

Workflow file for this run

name: Deploy
on:
workflow_dispatch:
inputs:
environment:
description: "Target environment (dev/qa/prod)"
required: true
default: "dev"
commithash:
description: "Commit hash to deploy from"
required: true
env:
DOCKER_BUILDKIT: 1
SSH_AUTH_SOCK: /tmp/ssh_agent.sock
run-name: Deploy to ${{ inputs.environment }}
jobs:
checkbuilddeploy:
name: Build and deploy
environment:
name: ${{ github.event.inputs.environment }}
runs-on: ubuntu-20.04
permissions:
id-token: write
contents: read
steps:
- uses: actions/checkout@v3
with:
ref: ${{ github.event.inputs.commithash }}
# Number of commits to fetch. 0 indicates all history for all branches and tags.
fetch-depth: 0
- name: Print git diff with master branch
run: |
echo "Changed files:"
git diff --name-only origin/master...
echo "Changes to files:"
git diff origin/master...
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1-node16
with:
role-to-assume: ${{ secrets.ECR_ROLE }}
role-duration-seconds: 3600
role-session-name: KoskiDeploymentEcr-${{ github.event.inputs.environment }}-${{ github.event.inputs.commithash }}
aws-region: eu-west-1
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1
with:
registries: ${{ secrets.ECR_ACCOUNT_ID }}
mask-password: 'true'
- name: Check if container image already exists in ECR
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
ECR_REPOSITORY: koski
IMAGE_TAG: ${{ github.event.inputs.commithash }}
id: check-image
run: |
echo "image-exists=$(docker manifest inspect $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG > /dev/null 2>&1 ; echo $?)" >> $GITHUB_OUTPUT
- name: Set up SSH agent
if: steps.check-image.outputs.image-exists != '0'
run: |
ssh-agent -a $SSH_AUTH_SOCK > /dev/null
ssh-add - <<< "${{ secrets.ARTIFACTORY_DIST_KEY }}"
- name: Cache Maven packages
uses: actions/cache@v3
if: steps.check-image.outputs.image-exists != '0'
with:
path: ~/.m2/repository
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
restore-keys: |
${{ runner.os }}-maven-
- name: Cache Node modules
uses: actions/cache@v3
if: steps.check-image.outputs.image-exists != '0'
with:
path: ~/.npm
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-node-
- name: Set up Java 11
uses: actions/setup-java@v3
if: steps.check-image.outputs.image-exists != '0'
with:
java-version: '11'
architecture: 'x64'
distribution: 'zulu'
server-id: oph-sade-artifactory
server-username: ARTIFACTORY_USERNAME
server-password: ARTIFACTORY_PASSWORD
- name: Build and verify image
if: steps.check-image.outputs.image-exists != '0'
env:
ARTIFACTORY_USERNAME: ${{ secrets.ARTIFACTORY_USERNAME }}
ARTIFACTORY_PASSWORD: ${{ secrets.ARTIFACTORY_PASSWORD }}
run: make dist version=${{ github.event.inputs.commithash }}
- name: Build, tag, and push image to Amazon ECR
if: steps.check-image.outputs.image-exists != '0'
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
ECR_REPOSITORY: koski
IMAGE_TAG: ${{ github.event.inputs.commithash }}
run: |
docker build -f docker-build/Dockerfile -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG --build-arg KOSKI_VERSION=$IMAGE_TAG .
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1-node16
with:
role-to-assume: ${{ secrets.DEPLOY_ROLE }}
role-duration-seconds: 3600
role-session-name: KoskiDeployment-${{ github.event.inputs.environment }}-${{ github.event.inputs.commithash }}
aws-region: eu-west-1
- name: Login to Amazon ECR
id: login-deployment
uses: aws-actions/amazon-ecr-login@v1
with:
registries: ${{ secrets.ECR_ACCOUNT_ID }}
mask-password: 'true'
- name: Get task definition ARN
id: get-taskdef-arn
run: |
echo "taskdef-arn=$(aws ssm get-parameter --name /koski/task-definition-skeleton --output text --query 'Parameter.Value')" >> $GITHUB_OUTPUT
- name: Get task definition skeleton
run: |
aws ecs describe-task-definition --task-definition ${{ steps.get-taskdef-arn.outputs.taskdef-arn }} --query 'taskDefinition' > task-definition.json
- name: Render Amazon ECS task definition
id: task-def
uses: aws-actions/amazon-ecs-render-task-definition@v1
with:
task-definition: task-definition.json
container-name: KoskiContainer
image: ${{ steps.login-deployment.outputs.registry }}/koski:${{ github.event.inputs.commithash }}
- name: Get AppSpec template
run: |
aws ssm get-parameter --name /koski/appspec-template --output text --query 'Parameter.Value' > appspec.json
- name: Deploy using CodeDeploy
uses: aws-actions/amazon-ecs-deploy-task-definition@v1
with:
task-definition: ${{ steps.task-def.outputs.task-definition }}
service: koski
cluster: koski-cluster
wait-for-service-stability: true
codedeploy-appspec: appspec.json
codedeploy-application: koski
codedeploy-deployment-group: koski-deployment-group
- name: Get raportointikanta-loader loader task definition ARN
id: get-raportointikanta-loader-taskdef-arn
run: |
echo "taskdef-arn=$(aws ssm get-parameter --name /koski/raportointikanta-loader/task-definition-skeleton --output text --query 'Parameter.Value')" >> $GITHUB_OUTPUT
- name: Get task definition skeleton
run: |
aws ecs describe-task-definition --task-definition ${{ steps.get-raportointikanta-loader-taskdef-arn.outputs.taskdef-arn }} --query 'taskDefinition' > raportointikanta-loader-task-definition.json
- name: Render Amazon ECS task definition
id: raportointikanta-loader-task-def
uses: aws-actions/amazon-ecs-render-task-definition@v1
with:
task-definition: raportointikanta-loader-task-definition.json
container-name: RaportointikantaLoaderContainer
image: ${{ steps.login-deployment.outputs.registry }}/koski:${{ github.event.inputs.commithash }}
- name: Deploy Amazon ECS task definition
id: raportointikanta-loader-taskdef-deploy
uses: aws-actions/amazon-ecs-deploy-task-definition@v1
with:
task-definition: ${{ steps.raportointikanta-loader-task-def.outputs.task-definition }}
cluster: koski-cluster
- name: Write task definition ARN to parameter store
env:
TASKDEF_ARN: ${{ steps.raportointikanta-loader-taskdef-deploy.outputs.task-definition-arn }}
run: aws ssm put-parameter --overwrite --name /koski/raportointikanta-loader/task-definition --type String --value ${TASKDEF_ARN}
- name: Get ytr-data-loader loader task definition ARN
id: get-ytr-data-loader-taskdef-arn
run: |
echo "taskdef-arn=$(aws ssm get-parameter --name /koski/ytr-data-loader/task-definition-skeleton --output text --query 'Parameter.Value')" >> $GITHUB_OUTPUT
- name: Get task definition skeleton
run: |
aws ecs describe-task-definition --task-definition ${{ steps.get-ytr-data-loader-taskdef-arn.outputs.taskdef-arn }} --query 'taskDefinition' > ytr-data-loader-task-definition.json
- name: Render Amazon ECS task definition
id: ytr-data-loader-task-def
uses: aws-actions/amazon-ecs-render-task-definition@v1
with:
task-definition: ytr-data-loader-task-definition.json
container-name: YtrDataLoaderContainer
image: ${{ steps.login-deployment.outputs.registry }}/koski:${{ github.event.inputs.commithash }}
- name: Deploy Amazon ECS task definition
id: ytr-data-loader-taskdef-deploy
uses: aws-actions/amazon-ecs-deploy-task-definition@v1
with:
task-definition: ${{ steps.ytr-data-loader-task-def.outputs.task-definition }}
cluster: koski-cluster
- name: Write task definition ARN to parameter store
env:
TASKDEF_ARN: ${{ steps.ytr-data-loader-taskdef-deploy.outputs.task-definition-arn }}
run: aws ssm put-parameter --overwrite --name /koski/ytr-data-loader/task-definition --type String --value ${TASKDEF_ARN}
- name: Report task ready
uses: ravsamhq/notify-slack-action@95a35215cdf7ab510d2cdd20ae94f342d212a1a1
if: always()
with:
status: ${{ job.status }}
notification_title: ${{ github.event.inputs.environment }} install {status_message}
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}