passed aws config arguments in docker build #19
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Catalog Deployment | |
on: | |
push: | |
branches: | |
- CF-test-ci/cd | |
jobs: | |
deploy: | |
#runs-on: self-hosted | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout Code | |
uses: actions/checkout@v3 | |
# - name: Install Docker | |
# run: | | |
# sudo apt-get update | |
# sudo apt-get install -y docker.io | |
# sudo systemctl start docker | |
# sudo systemctl enable docker | |
- name: Install Docker | |
run: | | |
# Add Docker's official GPG key: | |
sudo apt-get update | |
sudo apt-get install ca-certificates curl | |
sudo install -m 0755 -d /etc/apt/keyrings | |
sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc | |
sudo chmod a+r /etc/apt/keyrings/docker.asc # Add the repository to Apt sources: | |
echo \ | |
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \ | |
$(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \ | |
sudo tee /etc/apt/sources.list.d/docker.list > /dev/null | |
sudo apt-get update | |
sudo apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin | |
- name: Install AWS CLI | |
run: | | |
sudo apt-get install -y unzip | |
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" | |
unzip awscliv2.zip | |
sudo ./aws/install --update | |
rm -rf awscliv2.zip aws/ | |
- name: Set up OpenJDK 8 | |
uses: actions/setup-java@v3 | |
with: | |
java-version: '8' | |
distribution: 'temurin' | |
cache: maven | |
- name: Install Maven | |
run: | | |
sudo apt update | |
sudo apt install -y maven | |
- name: Verify Java and Maven Versions | |
run: | | |
java -version | |
mvn -version | |
- name: Configure AWS CLI Profile (tf_user) | |
run: | | |
aws configure set aws_access_key_id ${{ secrets.AWS_ACCOUNT_ACCESS_KEY_ID }} --profile tf_user | |
aws configure set aws_secret_access_key ${{ secrets.AWS_ACCOUNT_SECRET_ACCESS_KEY }} --profile tf_user | |
aws configure set region us-east-2 --profile tf_user | |
- name: Configure AWS CLI Profile (feeds) | |
run: | | |
aws configure set aws_access_key_id ${{ secrets.AWS_ACCOUNT_ACCESS_KEY_ID }} --profile feeds | |
aws configure set aws_secret_access_key ${{ secrets.AWS_ACCOUNT_SECRET_ACCESS_KEY }} --profile feeds | |
aws configure set region us-east-2 --profile feeds | |
aws configure set role_arn arn:aws:iam::868719706466:role/CloudfeedsEnvTrustRole --profile feeds | |
aws configure set source_profile tf_user --profile feeds | |
- name: Set default AWS profile to tf_user | |
run: | | |
export AWS_PROFILE=tf_user | |
- name: Log in to Amazon ECR | |
run: | | |
aws ecr get-login-password --region us-east-2 --profile tf_user | docker login --username AWS --password-stdin 583275065488.dkr.ecr.us-east-2.amazonaws.com | |
# ADDED aws credentials so that during docker build the s3 objacet can be accessed | |
- name: Build Docker image with unique tag | |
run: | | |
export IMAGE_TAG=$(date +%Y%m%d%H%M%S) | |
echo "IMAGE_TAG=$IMAGE_TAG" >> $GITHUB_ENV | |
export NEW_IMAGE_URI="583275065488.dkr.ecr.us-east-2.amazonaws.com/catalog:$IMAGE_TAG" | |
echo "NEW_IMAGE_URI=$NEW_IMAGE_URI" >> $GITHUB_ENV | |
sudo docker build --build-arg TOKEN=${{ secrets.TOKEN }} --build-arg AWS_SECRET_ACCESS_KEY=${{ secrets.AWS_ACCOUNT_ACCESS_KEY_ID }} --build-arg AWS_ACCESS_KEY_ID=${{ secrets.AWS_ACCOUNT_SECRET_ACCESS_KEY }} -f docker/Dockerfile -t test-catalog:$IMAGE_TAG . | |
sudo docker tag test-catalog:$IMAGE_TAG $NEW_IMAGE_URI | |
- name: Push Docker image to Amazon ECR | |
run: | | |
sudo docker push $NEW_IMAGE_URI | |
- name: Set environment variables and profile feeds | |
run: | | |
export AWS_PROFILE=feeds | |
echo "CLUSTER_NAME=abdu7511-test-cloudfeeds-ecs-cluster" >> $GITHUB_ENV | |
echo "SERVICE_NAME=test-abdu7511-cloudfeedscatalog" >> $GITHUB_ENV | |
echo "TASK_DEFINITION_NAME=test-abdu7511-cloudfeedscatalog" >> $GITHUB_ENV | |
echo "IMAGE_TAG=$(date +%Y%m%d%H%M%S)" >> $GITHUB_ENV | |
echo "NEW_IMAGE_URI=583275065488.dkr.ecr.us-east-2.amazonaws.com/catalog:${IMAGE_TAG}" >> $GITHUB_ENV | |
- name: Update ECS task definition with new image | |
run: | | |
aws ecs describe-task-definition --task-definition $TASK_DEFINITION_NAME --query 'taskDefinition' --output json > task-def-template.json | |
sed -i.bak '/"name": "abdu7511-catalog"/,/}/s|\"image\": \".*\"|\"image\": \"$NEW_IMAGE_URI\"|' task-def-template.json | |
NEW_TASK_DEF_ARN=$(aws ecs register-task-definition --cli-input-json file://task-def-template.json --query 'taskDefinition.taskDefinitionArn' --output text) | |
echo "task_definition_arn=$NEW_TASK_DEF_ARN" >> $GITHUB_ENV | |
rm task-def-template.json task-def-template.json.bak | |
- name: Deploy updated task definition to ECS | |
run: | | |
aws ecs update-service --cluster $CLUSTER_NAME --service $SERVICE_NAME --task-definition "$NEW_TASK_DEF_ARN" --region us-east-2 |