Production release

.github/actions/deploy-ecs/action.yaml

@@ -0,0 +1,60 @@
+name: "Deploy to ECS"
+description: "Deploy new image to given ECS service by updating task definition file"
+inputs:
+  aws-role:
+    required: true
+    description: "AWS ROLE"
+  aws-region:
+    required: true
+    description: "AWS REGION"
+  task-definition:
+    required: true
+    description: "TASK DEFINITION"
+  container-name:
+    required: true
+    description: "CONTAINER NAME"
+  ecs-service:
+    required: true
+    description: "ECS SERVICE"
+  ecs-cluster:
+    required: true
+    description: "ECS CLUSTER"
+  image:
+    required: true
+    description: "APP IMAGE"
+runs:
+  using: "composite"
+  steps:
+    - name: Configure AWS credentials
+      uses: aws-actions/configure-aws-credentials@v4
+      with:
+        role-to-assume: ${{ inputs.aws-role }}
+        aws-region: ${{ inputs.aws-region }}
+
+    - name: Download task definition
+      run: |
+        aws ecs describe-task-definition --task-definition ${{ inputs.task-definition }} \
+        --query taskDefinition > task-definition.json
+      shell: bash
+
+    - name: Fill in the new image ID in the Amazon ECS task definition
+      id: task_def
+      uses: aws-actions/amazon-ecs-render-task-definition@v1
+      with:
+        task-definition: task-definition.json
+        container-name: ${{ inputs.container-name }}
+        image: ${{ inputs.image }}
+
+    - name: Remove unwanted fields from task definition
+      id: task_def_cleanup
+      shell: bash
+      run: |
+          jq 'del(.taskDefinitionArn, .revision, .status, .requiresAttributes, .compatibilities, .registeredAt, .registeredBy)' ${{ steps.task_def.outputs.task-definition }} > updated-task-definition.json
+
+    - name: Deploy Amazon ECS task definition
+      uses: aws-actions/amazon-ecs-deploy-task-definition@v2
+      with:
+        task-definition: updated-task-definition.json
+        service: ${{ inputs.ecs-service }}
+        cluster: ${{ inputs.ecs-cluster }}
+        wait-for-service-stability: true

.github/workflows/README.md

@@ -0,0 +1,34 @@
+# Conductor CI/CD Workflow
+
+This repository contains workflow files for implementing Continuous Integration (CI) and Continuous Deployment (CD) processes separately for Conductor UI and server components. The workflow is designed to deploy to both development (dev) and production (prd) environments on AWS (ECS).
+
+## Workflow Overview
+
+The CI/CD workflow is triggered manually & comprises two main components:
+
+1. **Conductor UI CI/CD:**
+   - Workflow file: `.github/workflows/ci-ui.yaml`
+                    `.github/workflows/cd-ui.yaml`
+   - These workflows handle the CI & CD process for Conductor UI.
+
+2. **Conductor Server CI/CD:**
+   - Workflow file: `.github/workflows/ci-server.yaml`
+                    `.github/workflows/cd-server.yaml`
+   - These workflows handle the CI & CD process for Conductor server.
+
+## Deployment Strategy
+
+- **Branches:**
+  - The `production` branch is considered the master branch for all deployments.
+  - All deployments to both development and production environments are triggered from the `production` branch.
+
+- **Input Variables:**
+  - The workflow takes the following input variables:
+    1. **Branch:** Specifies the branch to be deployed (e.g., `production`).
+    2. **Environment:** Specifies the deployment environment (e.g., `dev` or `prd`).
+    3. **Tag:** Specifies the version to be deployed. This version is used for tagging the Docker image.
+
+## Versioning and Docker Image Tagging
+
+The version provided as an input variable is crucial for versioning and tagging Docker images. The workflow utilizes this version to tag the Docker image before deploying to the AWS Elastic Container Registry (ECR). During ECS deployment, this tagged image is fetched from ECR.
+

.github/workflows/cd-server.yaml

@@ -0,0 +1,162 @@
+name: Deploy Conductor Server
+
+on:
+  workflow_dispatch:
+    inputs:
+      Environment:
+        required: true
+        type: choice
+        description: Choose aws env
+        options:
+          - dev
+          - stg
+          - prd
+      Tag:
+        required: true
+        type: string
+        description: Provide tag (Eg:v3.14.0)
+permissions:
+  id-token: write
+  contents: write
+  packages: read
+  actions: read
+env:
+  SERVICE_NAME: conductor
+  AWS_REGION: "ap-south-1"
+  HELM_CHART_NAME: "application-helm-chart"
+
+jobs:
+  prepare-env:
+    name: Prepare Env
+    runs-on: "ubuntu-latest"
+    timeout-minutes: 2
+    outputs:
+      AWS_ROLE: ${{ steps.vars.outputs.AWS_ROLE }}
+      ENV: ${{ steps.vars.outputs.ENV }}
+      PROJECT_PREFIX: ${{ steps.vars.outputs.PROJECT_PREFIX }}
+      K8S_CLUSTER: ${{ steps.vars.outputs.K8S_CLUSTER }}
+      ECR_REPOSITORY: ${{ steps.set_env.outputs.ECR_REPOSITORY }}
+      ENVIRONMENT_BUCKET: ${{ steps.set_env.outputs.ENVIRONMENT_BUCKET }}
+      SLACK_WEBHOOK_URL: ${{ steps.vars.outputs.SLACK_WEBHOOK_URL }}
+      AWS_ACCOUNT_ID: ${{ steps.vars.outputs.AWS_ACCOUNT_ID}}
+
+    steps:
+      - id: vars
+        shell: bash
+        run: |
+          BRANCH="${GITHUB_REF#refs/heads/}"
+          ENV=${{ github.event.inputs.environment }}
+          IMAGE_TAG=${{ github.event.inputs.tag }}
+          echo $BRANCH
+
+          if [ -z "$ENV" ]
+          then
+            case $BRANCH in
+              "dev")
+                ENV="dev"
+                ;;
+              "stg")
+                ENV="stg"
+                ;;
+              "main")
+                ENV="prd"
+                ;;
+              *)
+                echo "ENV not configured" && exit 1
+                ;;
+            esac
+          fi
+          if [[ $ENV == 'prd' && $BRANCH == 'production' ]]
+          then
+            echo "AWS_ROLE=PRD_AWS_ROLE" >> $GITHUB_OUTPUT
+            echo "PROJECT_PREFIX=sirn-prd-mb" >> $GITHUB_OUTPUT
+            echo "SLACK_WEBHOOK_URL=PRD_SLACK_WEBHOOK_URL" >> $GITHUB_OUTPUT    
+            echo "AWS_ACCOUNT_ID=PRD_AWS_ACCOUNT_ID" >> $GITHUB_OUTPUT
+            echo "K8S_CLUSTER=sirn-prd-mb-prime" >> $GITHUB_OUTPUT
+          elif [ $ENV == 'stg' ]
+          then
+            echo "AWS_ROLE=STG_AWS_ROLE" >> $GITHUB_OUTPUT
+            echo "PROJECT_PREFIX=sirn-stg-mb" >> $GITHUB_OUTPUT
+            echo "SLACK_WEBHOOK_URL=DEV_SLACK_WEBHOOK_URL" >> $GITHUB_OUTPUT  
+            echo "AWS_ACCOUNT_ID=NON_PRD_AWS_ACCOUNT_ID" >> $GITHUB_OUTPUT
+            echo "K8S_CLUSTER=sirn-dev-mb-prime" >> $GITHUB_OUTPUT
+          elif [ $ENV == 'dev' ]
+          then
+            echo "AWS_ROLE=DEV_AWS_ROLE" >> $GITHUB_OUTPUT
+            echo "PROJECT_PREFIX=sirn-dev-mb" >> $GITHUB_OUTPUT
+            echo "SLACK_WEBHOOK_URL=DEV_SLACK_WEBHOOK_URL" >> $GITHUB_OUTPUT
+            echo "AWS_ACCOUNT_ID=NON_PRD_AWS_ACCOUNT_ID" >> $GITHUB_OUTPUT
+            echo "K8S_CLUSTER=sirn-dev-mb-prime" >> $GITHUB_OUTPUT
+          else
+            echo "Branch not configured!"
+            exit 1
+          fi
+          echo "ENV=$ENV"  >> $GITHUB_OUTPUT
+          echo ":rocket: Environment - $ENV " >> $GITHUB_STEP_SUMMARY
+          echo ":label: Image Tag - $IMAGE_TAG " >> $GITHUB_STEP_SUMMARY
+      - name: set variables
+        id: set_env
+        run: |
+          PROJECT_PREFIX=${{ steps.vars.outputs.PROJECT_PREFIX }}
+          echo "ENVIRONMENT_BUCKET=$PROJECT_PREFIX-s3-environment"  >> $GITHUB_OUTPUT
+          echo ":seedling: Branch:${GITHUB_REF#refs/heads/}" >> $GITHUB_STEP_SUMMARY
+          echo "ECR_REPOSITORY=$PROJECT_PREFIX-ecr-conductor-server"  >> $GITHUB_OUTPUT
+
+  # Deploy Conductor UI Image to ECS
+  deploy-to-k8s:
+    name: Deploy to k8s
+    runs-on: ubuntu-latest
+    container:
+      image: public.ecr.aws/kvsiren-dev/pipeline/helm-deploy:latest
+    timeout-minutes: 15
+    permissions:
+      id-token: write
+      pull-requests: write
+      contents: read
+    needs:
+      - prepare-env
+    env:
+      AWS_ACCOUNT_ID: ${{ needs.prepare-env.outputs.AWS_ACCOUNT_ID }}
+      ECR_REPOSITORY: ${{ needs.prepare-env.outputs.ECR_REPOSITORY }}
+    steps:
+      - name: Checkout code from action
+        uses: actions/checkout@v2
+
+      - name: Checkout values.yaml from siren-infra
+        uses: actions/checkout@v4
+        with:
+          repository: KeyvalueSoftwareSystems/siren-infra
+          ref: main
+          token: ${{secrets.SIREN_PAT}}
+          sparse-checkout: |
+            k8s/siren-services/${{ env.SERVICE_NAME }}/${{ needs.prepare-env.outputs.ENV }}-values.yaml
+          sparse-checkout-cone-mode: false
+
+      - name: Rename values.yaml for Helm
+        shell: bash
+        run: |
+          cp k8s/siren-services/${{ env.SERVICE_NAME }}/${{ needs.prepare-env.outputs.ENV }}-values.yaml ./values.yaml
+          cat ./values.yaml
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: arn:aws:iam::${{ vars[env.AWS_ACCOUNT_ID] }}:role/github-actions
+          aws-region: ${{ env.AWS_REGION }}
+
+      - name: Deploy to Kubernetes
+        shell: bash
+        run: |
+          aws eks update-kubeconfig --name ${{ needs.prepare-env.outputs.K8S_CLUSTER }}
+          aws ecr get-login-password --region ${{ env.AWS_REGION }} | helm registry login --username AWS --password-stdin ${{ vars[env.AWS_ACCOUNT_ID] }}.dkr.ecr.${{ env.AWS_REGION }}.amazonaws.com
+
+          # Construct base Helm command
+          HELM_CMD="helm upgrade --install ${{ env.SERVICE_NAME }} oci://${{ vars[env.AWS_ACCOUNT_ID] }}.dkr.ecr.${{ env.AWS_REGION }}.amazonaws.com/${{ env.HELM_CHART_NAME }} \
+            --namespace ${{ needs.prepare-env.outputs.ENV }} \
+            --values values.yaml \
+            --set default.image.repository='${{ vars[env.AWS_ACCOUNT_ID] }}.dkr.ecr.${{ env.AWS_REGION }}.amazonaws.com/${{ env.ECR_REPOSITORY }}' \
+            --set default.image.tag='${{ github.event.inputs.tag }}'"
+
+          # Run the Helm command
+          echo "Running: $HELM_CMD"
+          eval $HELM_CMD