aggiunta possibilita di scrivere il fs #88
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build & Deploy | |
| on: | |
| push: | |
| branches: | |
| - develop | |
| - main | |
| merge_group: | |
| branches: | |
| - develop | |
| - main | |
| workflow_dispatch: | |
| permissions: | |
| id-token: write # This is required for requesting the JWT | |
| contents: read # This is required for actions/checkout | |
| env: | |
| SERVICE_NAME: multicarrier-email-daemon | |
| ACCOUNT_ID: ${{ vars.ACCOUNT_ID }} | |
| MC_EMAIL_EFS_FOLDER_NAME: ${{ vars.MC_EMAIL_EFS_FOLDER_NAME }} | |
| MD_REST_EFS_FOLDER_NAME: ${{ vars.MD_REST_EFS_FOLDER_NAME }} | |
| SERVICE_CONTAINER_PORT: ${{ vars.SERVICE_CONTAINER_PORT }} | |
| SERVICE_HOST_PORT: ${{ vars.SERVICE_HOST_PORT }} | |
| SMTP_SENDER: ${{ secrets.SMTP_SENDER }} | |
| jobs: | |
| fetch-ecr-password: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write | |
| contents: read | |
| steps: | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: ${{ secrets.OIDC_ROLE_ARN }} | |
| aws-region: ${{ vars.AWS_REGION }} | |
| - id: get-ecr-pw | |
| run: | | |
| echo "ECR_PW=$(aws ecr get-login-password --region ${{ env.AWS_REGION }} --output text)" >> "$GITHUB_OUTPUT" | |
| outputs: | |
| ECR_PW: ${{ steps.get-ecr-pw.outputs.ecr_pw }} | |
| set-environment-variables: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Select Environment | |
| run: | | |
| if [ "${{ github.ref }}" == "refs/heads/main" ]; then | |
| echo "ENVIRONMENT=prod" >> $GITHUB_ENV | |
| echo "SERVICE_CPU=${{ vars.PROD_SERVICE_CPU }}" >> $GITHUB_ENV | |
| echo "SERVICE_MEMORY=${{ vars.PROD_SERVICE_MEMORY }}" >> $GITHUB_ENV | |
| echo "OUTBOX_TABLE_NAME_PARAMETER_NAME=${{ vars.PROD_OUTBOX_TABLE_NAME_PARAMETER_NAME }}" >> $GITHUB_ENV | |
| echo "MC_EML_EFS_ACCESS_POINT_ARN_PARAMETER_NAME=${{ vars.PROD_MC_EML_EFS_ACCESS_POINT_ARN_PARAMETER_NAME }}" >> $GITHUB_ENV | |
| echo "MC_EML_EFS_ACCESS_POINT_ID_PARAMETER_NAME=${{ vars.PROD_MC_EML_EFS_ACCESS_POINT_ID_PARAMETER_NAME }}" >> $GITHUB_ENV | |
| echo "MC_EML_EFS_ID_PARAMETER_NAME=${{ vars.PROD_MC_EML_EFS_ID_PARAMETER_NAME }}" >> $GITHUB_ENV | |
| echo "REPOSITORY_NAME_PARAMETER_NAME=${{ vars.PROD_REPOSITORY_NAME_PARAMETER_NAME }}" >> $GITHUB_ENV | |
| echo "MD_REST_EFS_ID_PARAMETER_NAME=${{ vars.PROD_MD_REST_EFS_ID_PARAMETER_NAME }}" >> $GITHUB_ENV | |
| echo "MD_REST_ACCESS_POINT_ID_PARAMETER_NAME=${{ vars.PROD_MD_REST_ACCESS_POINT_ID_PARAMETER_NAME }}" >> $GITHUB_ENV | |
| echo "MD_REST_ACCESS_POINT_ARN_PARAMETER_NAME=${{ vars.PROD_MD_REST_ACCESS_POINT_ARN_PARAMETER_NAME }}" >> $GITHUB_ENV | |
| echo "TASK_DEFINITION_ARN_PARAMETER_NAME=${{ vars.PROD_TASK_DEFINITION_ARN_PARAMETER_NAME }}" >> $GITHUB_ENV | |
| echo "TMP_TASK_DEFINITION_ARN_PARAMETER_NAME=${{ vars.PROD_TMP_TASK_DEFINITION_ARN_PARAMETER_NAME }}" >> $GITHUB_ENV | |
| echo "CALLBACK_ENDPOINT_PARAMETER_NAME=${{ vars.PROD_CALLBACK_ENDPOINT_PARAMETER_NAME }}" >> $GITHUB_ENV | |
| echo "SES_SMTP_CREDENTIALS_SECRET_NAME=${{ vars.PROD_SES_SMTP_CREDENTIALS_SECRET_NAME }}" >> $GITHUB_ENV | |
| elif [ "${{ github.ref }}" == "refs/heads/develop" ]; then | |
| echo "ENVIRONMENT=stage" >> $GITHUB_ENV | |
| echo "SERVICE_CPU=${{ vars.STAGE_SERVICE_CPU }}" >> $GITHUB_ENV | |
| echo "SERVICE_MEMORY=${{ vars.STAGE_SERVICE_MEMORY }}" >> $GITHUB_ENV | |
| echo "OUTBOX_TABLE_NAME_PARAMETER_NAME=${{ vars.STAGE_OUTBOX_TABLE_NAME_PARAMETER_NAME }}" >> $GITHUB_ENV | |
| echo "MC_EML_EFS_ACCESS_POINT_ARN_PARAMETER_NAME=${{ vars.STAGE_MC_EML_EFS_ACCESS_POINT_ARN_PARAMETER_NAME }}" >> $GITHUB_ENV | |
| echo "MC_EML_EFS_ACCESS_POINT_ID_PARAMETER_NAME=${{ vars.STAGE_MC_EML_EFS_ACCESS_POINT_ID_PARAMETER_NAME }}" >> $GITHUB_ENV | |
| echo "MC_EML_EFS_ID_PARAMETER_NAME=${{ vars.STAGE_MC_EML_EFS_ID_PARAMETER_NAME }}" >> $GITHUB_ENV | |
| echo "REPOSITORY_NAME_PARAMETER_NAME=${{ vars.STAGE_REPOSITORY_NAME_PARAMETER_NAME }}" >> $GITHUB_ENV | |
| echo "MD_REST_EFS_ID_PARAMETER_NAME=${{ vars.STAGE_MD_REST_EFS_ID_PARAMETER_NAME }}" >> $GITHUB_ENV | |
| echo "MD_REST_ACCESS_POINT_ID_PARAMETER_NAME=${{ vars.STAGE_MD_REST_ACCESS_POINT_ID_PARAMETER_NAME }}" >> $GITHUB_ENV | |
| echo "MD_REST_ACCESS_POINT_ARN_PARAMETER_NAME=${{ vars.STAGE_MD_REST_ACCESS_POINT_ARN_PARAMETER_NAME }}" >> $GITHUB_ENV | |
| echo "TASK_DEFINITION_ARN_PARAMETER_NAME=${{ vars.STAGE_TASK_DEFINITION_ARN_PARAMETER_NAME }}" >> $GITHUB_ENV | |
| echo "TMP_TASK_DEFINITION_ARN_PARAMETER_NAME=${{ vars.STAGE_TMP_TASK_DEFINITION_ARN_PARAMETER_NAME }}" >> $GITHUB_ENV | |
| echo "CALLBACK_ENDPOINT_PARAMETER_NAME=${{ vars.STAGE_CALLBACK_ENDPOINT_PARAMETER_NAME }}" >> $GITHUB_ENV | |
| echo "SES_SMTP_CREDENTIALS_SECRET_NAME=${{ vars.STAGE_SES_SMTP_CREDENTIALS_SECRET_NAME }}" >> $GITHUB_ENV | |
| fi | |
| echo "IMAGE_TAG=${{ github.sha }}" >> $GITHUB_ENV | |
| outputs: | |
| ENVIRONMENT: ${{ env.ENVIRONMENT }} | |
| SERVICE_CPU: ${{ env.SERVICE_CPU }} | |
| SERVICE_MEMORY: ${{ env.SERVICE_MEMORY }} | |
| OUTBOX_TABLE_NAME_PARAMETER_NAME: ${{ env.OUTBOX_TABLE_NAME_PARAMETER_NAME }} | |
| MC_EML_EFS_ACCESS_POINT_ARN_PARAMETER_NAME: ${{ env.MC_EML_EFS_ACCESS_POINT_ARN_PARAMETER_NAME }} | |
| MC_EML_EFS_ACCESS_POINT_ID_PARAMETER_NAME: ${{ env.MC_EML_EFS_ACCESS_POINT_ID_PARAMETER_NAME }} | |
| MC_EML_EFS_ID_PARAMETER_NAME: ${{ env.MC_EML_EFS_ID_PARAMETER_NAME }} | |
| REPOSITORY_NAME_PARAMETER_NAME: ${{ env.REPOSITORY_NAME_PARAMETER_NAME }} | |
| MD_REST_EFS_ID_PARAMETER_NAME: ${{ env.MD_REST_EFS_ID_PARAMETER_NAME }} | |
| MD_REST_ACCESS_POINT_ID_PARAMETER_NAME: ${{ env.MD_REST_ACCESS_POINT_ID_PARAMETER_NAME }} | |
| MD_REST_ACCESS_POINT_ARN_PARAMETER_NAME: ${{ env.MD_REST_ACCESS_POINT_ARN_PARAMETER_NAME }} | |
| TASK_DEFINITION_ARN_PARAMETER_NAME: ${{ env.TASK_DEFINITION_ARN_PARAMETER_NAME }} | |
| TMP_TASK_DEFINITION_ARN_PARAMETER_NAME: ${{ env.TMP_TASK_DEFINITION_ARN_PARAMETER_NAME }} | |
| CALLBACK_ENDPOINT_PARAMETER_NAME: ${{ env.CALLBACK_ENDPOINT_PARAMETER_NAME }} | |
| SES_SMTP_CREDENTIALS_SECRET_NAME: ${{ env.SES_SMTP_CREDENTIALS_SECRET_NAME }} | |
| IMAGE_TAG: ${{ env.IMAGE_TAG }} | |
| IMAGE_NAME: ${{ env.ENVIRONMENT }}-${{ env.SERVICE_NAME }} | |
| build-image: | |
| env: | |
| IMAGE_TAG: ${{ needs.set-environment-variables.outputs.IMAGE_TAG }} | |
| IMAGE_NAME: ${{ needs.set-environment-variables.outputs.IMAGE_NAME }} | |
| runs-on: ubuntu-latest | |
| needs: | |
| - set-environment-variables | |
| steps: | |
| - name: Checkout Code | |
| uses: actions/checkout@v3 | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: ${{ secrets.OIDC_ROLE_ARN }} | |
| aws-region: ${{ vars.AWS_REGION }} | |
| - name: Login ECR | |
| id: login-ecr | |
| uses: aws-actions/amazon-ecr-login@v2 | |
| - name: Image build | |
| continue-on-error: false | |
| id: build-image | |
| env: | |
| ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
| IMAGE_NAME: ${{ env.IMAGE_NAME }} | |
| IMAGE_TAG: ${{ env.IMAGE_TAG }} | |
| run: | | |
| docker build -t "$IMAGE_NAME:latest" -f Dockerfile . | |
| docker tag $IMAGE_NAME:latest $ECR_REGISTRY/$IMAGE_NAME:latest | |
| docker tag $IMAGE_NAME:latest $ECR_REGISTRY/$IMAGE_NAME:$IMAGE_TAG | |
| docker push $ECR_REGISTRY/$IMAGE_NAME --all-tags | |
| deploy-cdk: | |
| env: | |
| ENVIRONMENT: ${{ needs.set-environment-variables.outputs.ENVIRONMENT }} | |
| IMAGE_NAME: ${{ needs.set-environment-variables.outputs.IMAGE_NAME }} | |
| IMAGE_TAG: ${{ needs.set-environment-variables.outputs.IMAGE_TAG }} | |
| TMP_TASK_DEFINITION_ARN_PARAMETER_NAME: ${{ needs.set-environment-variables.outputs.TMP_TASK_DEFINITION_ARN_PARAMETER_NAME }} | |
| TASK_DEFINITION_ARN_PARAMETER_NAME: ${{ needs.set-environment-variables.outputs.TASK_DEFINITION_ARN_PARAMETER_NAME }} | |
| SERVICE_CPU: ${{ needs.set-environment-variables.outputs.SERVICE_CPU }} | |
| SERVICE_MEMORY: ${{ needs.set-environment-variables.outputs.SERVICE_MEMORY }} | |
| OUTBOX_TABLE_NAME_PARAMETER_NAME: ${{ needs.set-environment-variables.outputs.OUTBOX_TABLE_NAME_PARAMETER_NAME }} | |
| MC_EML_EFS_ACCESS_POINT_ARN_PARAMETER_NAME: ${{ needs.set-environment-variables.outputs.MC_EML_EFS_ACCESS_POINT_ARN_PARAMETER_NAME }} | |
| MC_EML_EFS_ACCESS_POINT_ID_PARAMETER_NAME: ${{ needs.set-environment-variables.outputs.MC_EML_EFS_ACCESS_POINT_ID_PARAMETER_NAME }} | |
| MC_EML_EFS_ID_PARAMETER_NAME: ${{ needs.set-environment-variables.outputs.MC_EML_EFS_ID_PARAMETER_NAME }} | |
| REPOSITORY_NAME_PARAMETER_NAME: ${{ needs.set-environment-variables.outputs.REPOSITORY_NAME_PARAMETER_NAME }} | |
| MD_REST_EFS_ID_PARAMETER_NAME: ${{ needs.set-environment-variables.outputs.MD_REST_EFS_ID_PARAMETER_NAME }} | |
| MD_REST_ACCESS_POINT_ID_PARAMETER_NAME: ${{ needs.set-environment-variables.outputs.MD_REST_ACCESS_POINT_ID_PARAMETER_NAME }} | |
| MD_REST_ACCESS_POINT_ARN_PARAMETER_NAME: ${{ needs.set-environment-variables.outputs.MD_REST_ACCESS_POINT_ARN_PARAMETER_NAME }} | |
| CALLBACK_ENDPOINT_PARAMETER_NAME: ${{ needs.set-environment-variables.outputs.CALLBACK_ENDPOINT_PARAMETER_NAME }} | |
| SES_SMTP_CREDENTIALS_SECRET_NAME: ${{ needs.set-environment-variables.outputs.SES_SMTP_CREDENTIALS_SECRET_NAME }} | |
| runs-on: ubuntu-latest | |
| needs: | |
| - fetch-ecr-password | |
| - set-environment-variables | |
| - build-image | |
| container: | |
| image: 823598220965.dkr.ecr.eu-west-1.amazonaws.com/alpine-cdk-runner:0ce104344ee2d098f181b1d785bfa55fa68b6e9f | |
| credentials: | |
| username: AWS | |
| password: ${{ needs.fetch-ecr-password.outputs.ECR_PW }} | |
| steps: | |
| - name: Checkout Code | |
| uses: actions/checkout@v3 | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: ${{ secrets.OIDC_ROLE_ARN }} | |
| aws-region: ${{ vars.AWS_REGION }} | |
| - name: Inject cross repo shared token | |
| working-directory: cdk | |
| run: | | |
| mv requirements.txt temp_requirements.txt | |
| sed -e "s/__SHARED_TOKEN__/${{ secrets.SHARED_TOKEN }}/g" temp_requirements.txt > requirements.txt | |
| - name: Set CDK environment variables | |
| run: | | |
| echo "CDK_DEFAULT_ACCOUNT=$(aws sts get-caller-identity --query Account --output text)" >> $GITHUB_ENV | |
| echo "CDK_DEFAULT_REGION=${{ vars.AWS_REGION }}" >> $GITHUB_ENV | |
| - name: Deploy CDK Stack | |
| working-directory: cdk | |
| run: | | |
| python3 -m venv venv | |
| . venv/bin/activate | |
| pip install -r requirements.txt | |
| cdk deploy -c environment=${{ env.ENVIRONMENT }} \ | |
| -c image_tag=${{ env.IMAGE_TAG }} \ | |
| -c dd_api_key_secret_name=${{ ( env.ENVIRONMENT == 'prod' ) && secrets.PROD_DD_API_KEY_SECRET_NAME || secrets.STAGE_DD_API_KEY_SECRET_NAME }} \ | |
| -c smtp_user=${{ ( env.ENVIRONMENT == 'prod' ) && secrets.PROD_SMTP_USER || secrets.STAGE_SMTP_USER }} \ | |
| -c smtp_password=${{ ( env.ENVIRONMENT == 'prod' ) && secrets.PROD_SMTP_PASSWORD || secrets.STAGE_SMTP_PASSWORD }} \ | |
| --require-approval never \ | |
| --all | |
| - name: Retrieve image updated task definition | |
| continue-on-error: false | |
| id: get-tmp-task-definition | |
| run: | | |
| TMP_TASK_DEFINITION_ARN=$(aws ssm get-parameter --name ${{ env.TMP_TASK_DEFINITION_ARN_PARAMETER_NAME }} --query Parameter.Value --output text) | |
| echo "task-definition-arn=$TMP_TASK_DEFINITION_ARN" >> $GITHUB_OUTPUT | |
| - name: Deploy task definition | |
| id: task-definition-deploy | |
| run: | | |
| aws ecs update-service \ | |
| --cluster ${{ env.ENVIRONMENT }} \ | |
| --service ${{ env.SERVICE_NAME }} \ | |
| --task-definition ${{ steps.get-tmp-task-definition.outputs.task-definition-arn }} \ | |
| --no-paginate | |
| aws ecs wait services-stable \ | |
| --cluster ${{ env.ENVIRONMENT }} \ | |
| --services ${{ env.SERVICE_NAME }} | |
| - name: Update the task definition ssm parameter | |
| if: ${{ steps.task-definition-deploy.outcome == 'success' }} | |
| continue-on-error: false | |
| run: | | |
| aws ssm put-parameter \ | |
| --name ${{ env.TASK_DEFINITION_ARN_PARAMETER_NAME }} \ | |
| --value ${{ steps.get-tmp-task-definition.outputs.task-definition-arn }} \ | |
| --type String \ | |
| --overwrite | |
| - name: Delete task definition if deploy fails | |
| if: ${{ steps.task-definition-deploy.outcome == 'failure' }} | |
| run: | | |
| aws ecs deregister-task-definition \ | |
| --task-definition ${{ steps.get-tmp-task-definition.outputs.task-definition-arn }} |