AWS PCM Promote and deploy PROD #75
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
on: | |
release: | |
types: [created] | |
tags: | |
- 'prod-v*\.*\.*' | |
name: AWS PCM Promote and deploy PROD | |
jobs: | |
deploy: | |
if: ${{ startsWith(github.ref, 'refs/tags/prod') }} | |
name: Deploy | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Set output | |
id: vars | |
run: echo "tag=${GITHUB_REF#refs/*/}" | sed 's/prod-v//' >> "${GITHUB_OUTPUT}" | |
- name: Check output | |
env: | |
RELEASE_VERSION: ${{ steps.vars.outputs.tag }} | |
run: | | |
echo $RELEASE_VERSION | |
echo ${{ steps.vars.outputs.tag }} | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v1 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: eu-south-1 | |
- name: Login to Amazon ECR | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v1 | |
- name: Build, tag, and push the image to Amazon ECR | |
id: build-image | |
env: | |
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
ECR_REPOSITORY: ${{ secrets.REPO_NAME }} | |
IMAGE_TAG: ${{ steps.vars.outputs.tag }} | |
ECR_REPOSITORY_PROD: ${{ secrets.REPO_NAME_PROD }} | |
run: | | |
docker pull $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG | |
docker tag $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG $ECR_REGISTRY/$ECR_REPOSITORY_PROD:$IMAGE_TAG | |
docker push $ECR_REGISTRY/$ECR_REPOSITORY_PROD:$IMAGE_TAG | |
- name: Update kube config for prod EKS | |
id: update-kube-config-prod | |
run: aws eks update-kubeconfig --name ${{ secrets.EKS_CLUSTER_NAME_PROD }} | |
- name: Apply the deployment to EKS | |
id: deploy | |
env: | |
IMAGE_TAG: ${{ steps.vars.outputs.tag }} | |
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
ECR_REPOSITORY: ${{ secrets.REPO_NAME }} | |
ECR_REPOSITORY_PROD: ${{ secrets.REPO_NAME_PROD }} | |
run: | | |
echo "Image tag: $IMAGE_TAG" | |
tag=$(echo ${IMAGE_TAG##*:}) | |
echo "prod ecr: $ECR_REGISTRY/$ECR_REPOSITORY_PROD:$tag" | |
echo "Deploying to prod EKS..." | |
#job fields are immutable, so we need to delete and recreate the job | |
kubectl delete job dtd-crawler-web-server-job-prod -n dtd-crawler-prod | |
sleep 2 | |
cat git-deployment-prod.yml | sed "s|ImagePlaceholder|$ECR_REGISTRY/$ECR_REPOSITORY_PROD:$tag|g" | kubectl apply -f - | |
- name: Check the deploy to EKS PROD | |
id: deploy-eks-prod | |
env: | |
IMAGE_TAG: ${{ steps.vars.outputs.tag }} | |
run: | | |
kubectl get cronjobs -n dtd-crawler-prod | |
tag=$(echo ${IMAGE_TAG##*:}) | |
for cronjob in $(kubectl get cronjobs | awk '{print $1}' | grep -iv name); do kubectl get cronjob ${cronjob} -o json | jq -r '.spec.jobTemplate.spec.template.spec.containers[].image' | cut -d ':' -f2 | while read result; do { [[ ${result} == ${tag} ]] && echo "Deployment ${cronjob} ok"; } || { echo "Deployment ${cronjob} ko" && exit 1; }; done ; done | |
- name: Delete old jobs | |
id: delete-jobs | |
env: | |
IMAGE_TAG: ${{ steps.vars.outputs.tag }} | |
run: | | |
tag=$(echo ${IMAGE_TAG##*:}) | |
kubectl get jobs -n dtd-crawler-prod | grep -i dtd-crawler-scan-manager | awk '{print $1}' | while read job; do kubectl -n dtd-crawler-prod get job -o json ${job} | jq '.spec.template.spec.containers[].image' -r | cut -d ':' -f2 | while read version; do { [[ ${version} != ${tag} ]] && kubectl -n dtd-crawler-prod delete job ${job}; } || { echo "${job} to not be deleted"; }; done ; done | |
- name: Send SNS notification when the deploy completes in production | |
id: sns-success | |
if: success() | |
run: | | |
aws sns publish --topic-arn ${{ secrets.SNS_TOPIC_ARN }} --subject "[PCM DTD CRAWLER PROD] Deployment della versione ${{ steps.vars.outputs.tag }} avvenuto con successo" --message "Il deployment della versione ${{ steps.vars.outputs.tag }} è avvenuto con successo su EKS PROD" | |
- name: Send SNS notification when the deploy fails in production | |
id: sns-failure | |
if: failure() | |
run: | | |
aws sns publish --topic-arn ${{ secrets.SNS_TOPIC_ARN }} --subject "[PCM DTD CRAWLER PROD] Deployment della versione ${{ steps.vars.outputs.tag }} fallito" --message "Il deployment della versione ${{ steps.vars.outputs.tag }} è fallito su EKS PROD" |