DPC - Promote Build #150
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: 'DPC - Promote Build' | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| from_env: | |
| description: AWS environment to promote FROM | |
| required: true | |
| type: 'string' | |
| default: 'dev' | |
| to_env: | |
| description: AWS environment to promote TO | |
| required: true | |
| type: 'string' | |
| default: 'test' | |
| confirm_env: | |
| description: Double check environment to promote TO | |
| required: true | |
| type: 'string' | |
| default: '' | |
| concurrency: | |
| group: promote-to-${{ inputs.to_env }} | |
| cancel-in-progress: true | |
| permissions: | |
| id-token: write | |
| contents: read | |
| jobs: | |
| set-parameters: | |
| name: "Set Parameters" | |
| runs-on: codebuild-dpc-app-${{github.run_id}}-${{github.run_attempt}} | |
| outputs: | |
| app_version: ${{ steps.fetch-info.outputs.app_version }} | |
| ecr_image_tag: ${{ steps.fetch-info.outputs.ecr_image_tag }} | |
| steps: | |
| - name: "Validate Environment" | |
| if: ${{ inputs.to_env != inputs.confirm_env }} | |
| run: | | |
| echo "Target deployment environment \"${{ inputs.to_env }}\" must be specified and match confirmed deployment environment \"${{ inputs.confirm_env }}\"." | |
| exit 1 | |
| - name: Configure AWS Credentials (non-prod) | |
| if: ${{ inputs.from_env == 'dev' || inputs.from_env == 'test' }} | |
| uses: aws-actions/configure-aws-credentials@b47578312673ae6fa5b5096b330d9fbac3d116df # v4.2.1 | |
| with: | |
| aws-region: ${{ vars.AWS_REGION }} | |
| role-to-assume: arn:aws:iam::${{ secrets.NON_PROD_ACCOUNT_ID }}:role/delegatedadmin/developer/dpc-${{ inputs.from_env }}-github-actions | |
| - name: Configure AWS Credentials (prod) | |
| if: ${{ inputs.from_env == 'sandbox' || inputs.from_env == 'prod' }} | |
| uses: aws-actions/configure-aws-credentials@b47578312673ae6fa5b5096b330d9fbac3d116df # v4.2.1 | |
| with: | |
| aws-region: ${{ vars.AWS_REGION }} | |
| role-to-assume: arn:aws:iam::${{ secrets.PROD_ACCOUNT_ID }}:role/delegatedadmin/developer/dpc-${{ inputs.from_env }}-github-actions | |
| - name: "Fetch Image and App Version from AWS" | |
| id: fetch-info | |
| run: | | |
| SERVICE_INFO=$(aws ecs describe-services --services dpc-${{ inputs.from_env }}-api-v9 --cluster dpc-${{ inputs.from_env }}-frontend --query "services[0].deployments[0]") | |
| TASK_DEFINITION=`echo $SERVICE_INFO | jq -r '.taskDefinition | split(":")[-1]'` | |
| TASK_INFO=`aws ecs describe-task-definition --task-definition dpc-${{ inputs.from_env }}-api:$TASK_DEFINITION --query "taskDefinition.containerDefinitions[0].{Image: image, Version: environment[?name=='APP_VERSION'].value | [0]}"` | |
| IMAGE_TAG=`echo $TASK_INFO | jq -r '.Image | split(":")[1]'` | |
| echo $IMAGE_TAG | |
| echo "ecr_image_tag=$IMAGE_TAG" >> "$GITHUB_OUTPUT" | |
| APP_VERSION=`echo $TASK_INFO | jq -r '.Version'` | |
| echo $APP_VERSION | |
| echo "app_version=$APP_VERSION" >> "$GITHUB_OUTPUT" | |
| deploy: | |
| needs: set-parameters | |
| uses: ./.github/workflows/ecs-deploy.yml | |
| with: | |
| env: ${{ inputs.to_env }} | |
| confirm_env: ${{ inputs.to_env }} | |
| ecr_image_tag: ${{ needs.set-parameters.outputs.ecr_image_tag }} | |
| app-version: ${{ needs.set-parameters.outputs.app_version }} | |
| secrets: inherit | |
| smoke-test: | |
| needs: deploy | |
| uses: ./.github/workflows/smoke-test.yml | |
| with: | |
| env: ${{ inputs.to_env }} | |
| secrets: inherit |