# Continuous Delivery Workflow # # This should happen whenever we push a new tag, and we tag an existing # commit after we know it's good (e.g., has been tested). # # To create a new tag, we also need to update the package.json version: # # $ npm version 0.5.0 # # This will update `version` in package.json to `0.5.0` and create a new # tag, `v0.5.0` in git. We'll then use this tag (i.e., `v0.5.0`) to tag # our docker image before we push to AWS. name: cd on: push: # Whenever a new tag is pushed tags: # Any tag starting with v... should trigger this workflow. - 'v**' jobs: # NOTE: this assumes our CI jobs have already passed previously # (i.e., that we don't tag a commit manually until we know a build is working) aws: name: AWS runs-on: ubuntu-latest steps: - name: Check out code uses: actions/checkout@v3 # Use buildx, which is faster and can optimize the build steps - name: Set up Docker Buildx uses: docker/setup-buildx-action@v2 # NOTE: ending and restarting the Learner Lab will void these secrets, # update them if you are doing this during a new session: # `Error: The security token included in the request is expired` - name: Configure AWS Credentials using Secrets uses: aws-actions/configure-aws-credentials@v2 with: # Use our GitHub Encrypted Secrets via secrets.* aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} aws-session-token: ${{ secrets.AWS_SESSION_TOKEN }} # Hard-code our region, which isn't a secret, and won't change aws-region: us-east-1 # Login to our ECR repository using the configured credentials - name: Login to Amazon ECR id: login-ecr uses: aws-actions/amazon-ecr-login@v1 # Build and Push an Image to Amazon ECR - name: Build and push to Amazon ECR env: # Define an Environment Variable with our ECR Registry, getting # the value from the previous step's outputs ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} # Define an Environment Variable with our ECR Repository Name ECR_REPO: fragments # We'll give this image two different tags. First, we'll use the git tag (vX.Y.Z) # so that we can always go back and re-create this setup again in the future # if we have to test or debug something. Second, we'll also replace the # `latest` tag, since this is our most up-to-date version. VERSION_TAG: ${{ github.ref_name }} uses: docker/build-push-action@v4 with: push: true # Use the git tag version and `latest` tags: ${{ env.ECR_REGISTRY }}/${{ env.ECR_REPO }}:${{ env.VERSION_TAG }}, ${{ env.ECR_REGISTRY }}/${{ env.ECR_REPO }}:latest # We need to update our fragment's Task Definition JSON # (i.e., fragments-definition.json) to use the newly # updated Docker Image to use (i.e., the tag we just pushed to ECR). # We can also update/set the environment variables if we want. - name: Fill in the new image ID in the Amazon ECS task definition id: update-task-def uses: aws-actions/amazon-ecs-render-task-definition@v1 env: ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} ECR_REPO: fragments VERSION_TAG: ${{ github.ref_name }} with: task-definition: fragments-definition.json container-name: fragments # Use the image we just built and pushed to ECR for this tag image: ${{ env.ECR_REGISTRY }}/${{ env.ECR_REPO }}:${{ env.VERSION_TAG }} # Add all the necessary environment variables, using GitHub Encrypted Secrets # for any values that should not be checked into git directly. Here are # a few to get you started, but you should fill in the rest yourself. environment-variables: | LOG_LEVEL=info NODE_ENV=production API_URL=http://ec2con-ecsel-ndbxa4tknlkp-1711976616.us-east-1.elb.amazonaws.com:8080/ AWS_S3_BUCKET_NAME=mphong-duc-fragments AWS_DYNAMODB_TABLE_NAME=fragments PORT=8080 HTPASSWD_FILE=tests/.htpasswd AWS_COGNITO_POOL_ID=${{ secrets.AWS_COGNITO_POOL_ID }} AWS_COGNITO_CLIENT_ID=${{ secrets.AWS_COGNITO_CLIENT_ID }} - name: Deploy Amazon ECS task definition uses: aws-actions/amazon-ecs-deploy-task-definition@v1 with: task-definition: ${{ steps.update-task-def.outputs.task-definition }} cluster: fragments-cluster service: fragments-service wait-for-service-stability: true