Skip to content

Deploy HRM to Amazon ECS #547

Deploy HRM to Amazon ECS

Deploy HRM to Amazon ECS #547

Workflow file for this run

# Copyright (C) 2021-2023 Technology Matters
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published
# by the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see https://www.gnu.org/licenses/.
name: 'Deploy HRM to Amazon ECS'
on:
workflow_dispatch:
inputs:
environment:
description: HRM environment to deploy.
default: development
required: true
type: choice
options:
- development
- staging
- production
workflow_call:
secrets:
AWS_ACCESS_KEY_ID:
required: true
AWS_SECRET_ACCESS_KEY:
required: true
inputs:
environment:
description: HRM environment to deploy. E.G = development, staging, production (must match with the AWS environment value). Default value = development
type: string
default: development
required: true
send-slack-message:
description: 'Specifies if should send a Slack message at the end of successful run. Defaults to true'
required: false
default: 'true'
type: string
env:
ECR_REPOSITORY: ${{ inputs.environment }}-hrm
# if anything is set as a secret, it can't be used in outputs. So we need to set it as an env var
PRIMARY_AWS_REGION: us-east-1
jobs:
deploy_docker:
name: Build Docker Image and Set regions
runs-on: ubuntu-latest
outputs:
regions: ${{ steps.generate-output.outputs.regions }}
docker_image: ${{ steps.generate-output.outputs.docker_image}}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ env.PRIMARY_AWS_REGION }}
# this plugin sets the AWS account ID to a secret which is not allowed in outputs
# we have to disable that so repo output will work
mask-aws-account-id: 'no'
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
- name: Build and Push Docker Image
uses: docker/build-push-action@v6
with:
context: ./
file: ./hrm-domain/hrm-service/Dockerfile
push: true
tags: ${{ steps.login-ecr.outputs.registry }}/${{ env.ECR_REPOSITORY }}:live,${{ steps.login-ecr.outputs.registry }}/${{ env.ECR_REPOSITORY }}:${{ inputs.environment }}-hrm-${{ github.sha }}
- id: generate-output
run: |
regions=$(jq --arg env "${{ inputs.environment }}" '[.[$env] | values[]]' ./.github/workflows/config/environment-region-map.json)
echo "regions=$(echo $regions)" >> $GITHUB_OUTPUT
echo "docker_image=${{ steps.login-ecr.outputs.registry }}/${{ env.ECR_REPOSITORY }}:${{ inputs.environment }}-hrm-${{ github.sha }}" >> $GITHUB_OUTPUT
- name: Upload artifacts
uses: actions/upload-artifact@v4
with:
name: workflow-scripts-artifacts
path: .github/workflows/scripts
deploy_ecs:
needs: deploy_docker
name: Deploy to Amazon ECS
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
region: ${{ fromJson(needs.deploy_docker.outputs.regions) }}
env:
DOCKER_IMAGE: ${{ needs.deploy_docker.outputs.docker_image }}
steps:
- name: Download artifacts
uses: actions/download-artifact@v4
with:
name: workflow-scripts-artifacts
path: .github/workflows/scripts
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ matrix.region }}
# this plugin sets the AWS account ID to a secret which is not allowed in outputs
# we have to disable that so env.DOCKER_IMAGE will work
mask-aws-account-id: 'no'
- name: Download current ECS task definition for the job processor
run: aws ecs describe-task-definition --task-definition ${{ inputs.environment }}-hrm-job-processor --query taskDefinition > task-definition-job-processor.json
- name: Fill in the new image ID in the Amazon ECS task definition
id: task-def-job-processor
uses: aws-actions/amazon-ecs-render-task-definition@v1
with:
task-definition: task-definition-job-processor.json
container-name: ${{ inputs.environment }}-hrm-job-processor
image: ${{ env.DOCKER_IMAGE }}
- name: Deploy Amazon ECS task definition for the job processor
uses: aws-actions/amazon-ecs-deploy-task-definition@v2
with:
task-definition: ${{ steps.task-def-job-processor.outputs.task-definition }}
service: ${{ inputs.environment }}-job-processor
cluster: ${{ inputs.environment }}-ecs-cluster
wait-for-service-stability: true
- name: Download current ECS task definition for the api service
run: aws ecs describe-task-definition --task-definition ${{ inputs.environment }}-hrm-task --query taskDefinition > task-definition.json
- name: Fill in the new image ID in the Amazon ECS task definition
id: task-def
uses: aws-actions/amazon-ecs-render-task-definition@v1
with:
task-definition: task-definition.json
container-name: ${{ inputs.environment }}-hrm-container
image: ${{ env.DOCKER_IMAGE }}
- name: Deploy Amazon ECS task definition for the api service
uses: aws-actions/amazon-ecs-deploy-task-definition@v2
with:
task-definition: ${{ steps.task-def.outputs.task-definition }}
service: ${{ inputs.environment }}-ecs-service
cluster: ${{ inputs.environment }}-ecs-cluster
wait-for-service-stability: true
- name: Download current ECS task definition for scheduled tasks
run: aws ecs describe-task-definition --task-definition ${{ inputs.environment }}-hrm-scheduled-task --query taskDefinition > task-definition-hrm-scheduled-task.json
- name: Fill in the new image ID in the Amazon ECS task definition
id: task-def-scheduled-task
uses: aws-actions/amazon-ecs-render-task-definition@v1
with:
task-definition: task-definition-hrm-scheduled-task.json
container-name: ${{ inputs.environment }}-hrm-scheduled-task
image: ${{ env.DOCKER_IMAGE }}
- name: Deploy Amazon ECS task definition scheduled tasks
id: scheduled-task-definition
uses: aws-actions/amazon-ecs-deploy-task-definition@v2
with:
task-definition: ${{ steps.task-def-scheduled-task.outputs.task-definition }}
cluster: ${{ inputs.environment }}-ecs-cluster
- name: Update EventBridge target
run: |
chmod +x ./.github/workflows/scripts/update-event-bridge-target.sh
./.github/workflows/scripts/update-event-bridge-target.sh "${{ inputs.environment }}-hrm-scheduled-task" "${{ steps.scheduled-task-definition.outputs.task-definition-arn }}"
# reconfigure AWS credentials to use the default region for SSM Parameter Store.
# aws-actions/configure-aws-credentials@v4 overrides env.AWS_DEFAULT_REGION, so
# we name our env var PRIMARY_AWS_REGION to avoid that.
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ env.PRIMARY_AWS_REGION }}
# Set any env vars needed from Parameter Store here
- name: Set GITHUB_ACTIONS_SLACK_BOT_TOKEN
uses: 'marvinpinto/action-inject-ssm-secrets@latest'
with:
ssm_parameter: 'GITHUB_ACTIONS_SLACK_BOT_TOKEN'
env_variable_name: 'GITHUB_ACTIONS_SLACK_BOT_TOKEN'
- name: Set ASELO_DEPLOYS_CHANNEL_ID
uses: 'marvinpinto/action-inject-ssm-secrets@latest'
with:
ssm_parameter: 'ASELO_DEPLOYS_CHANNEL_ID'
env_variable_name: 'ASELO_DEPLOYS_CHANNEL_ID'
# Send Slack notifying success
- name: Slack Aselo channel
id: slack
uses: slackapi/slack-github-action@v2.0.0
with:
channel-id: ${{ env.ASELO_DEPLOYS_CHANNEL_ID }}
slack-message: '`[HRM]` Deployment of ${{ github.ref_type }} `${{ github.ref_name }}` requested by `${{ github.triggering_actor }}` completed with SHA ${{ github.sha }} to region `${{ matrix.region }}`, environment `${{ inputs.environment }}` :rocket:.'
env:
SLACK_BOT_TOKEN: ${{ env.GITHUB_ACTIONS_SLACK_BOT_TOKEN }}
if: ${{ inputs.send-slack-message != 'false' }}
# Update deployment matrix
- name: Update deployment matrix
id: update-deployment-matrix
uses: techmatters/flex-plugins/.github/actions/deployment-matrix@master
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ env.PRIMARY_AWS_REGION }}
identifier: ${{ matrix.region }}
environment: ${{ inputs.environment }}
service_repo: 'hrm-service'
version_tag: ${{ github.ref_name }}