Deploy application to sandbox-alpha #71
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy application | |
| run-name: Deploy application to ${{ inputs.environment }} | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| environment: | |
| description: Deployment environment | |
| required: true | |
| type: choice | |
| options: | |
| - qa | |
| - test | |
| - preview | |
| - training | |
| - production | |
| - sandbox-alpha | |
| - sandbox-beta | |
| git_sha_to_deploy: | |
| description: The git commit SHA to deploy. | |
| required: false | |
| type: string | |
| workflow_call: | |
| inputs: | |
| environment: | |
| required: true | |
| type: string | |
| git_sha_to_deploy: | |
| description: The git commit SHA to deploy. | |
| required: true | |
| type: string | |
| permissions: {} | |
| concurrency: | |
| group: deploy-mavis-${{ inputs.environment }} | |
| env: | |
| aws_role: ${{ inputs.environment == 'production' | |
| && 'arn:aws:iam::820242920762:role/GithubDeployECSService' | |
| || 'arn:aws:iam::393416225559:role/GithubDeployECSService' }} | |
| aws_account_id: ${{ inputs.environment == 'production' && '820242920762' || '393416225559' }} | |
| cluster_name: mavis-${{ inputs.environment }} | |
| jobs: | |
| validate-inputs: | |
| runs-on: ubuntu-latest | |
| permissions: {} | |
| steps: | |
| - name: Validate inputs | |
| run: | | |
| if [[ "${{ inputs.environment }}" == "preview" || "${{ inputs.environment }}" == "production" ]]; then | |
| if [[ -z "${{ inputs.git_sha_to_deploy }}" ]]; then | |
| echo "Error: git_sha_to_deploy is required for preview and production environments." | |
| exit 1 | |
| fi | |
| fi | |
| determine-git-sha: | |
| runs-on: ubuntu-latest | |
| permissions: {} | |
| needs: validate-inputs | |
| outputs: | |
| git-sha: ${{ steps.get-git-sha.outputs.git-sha }} | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v5 | |
| with: | |
| ref: ${{ inputs.git_sha_to_deploy || github.sha }} | |
| - name: Get git sha | |
| id: get-git-sha | |
| run: echo "git-sha=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT | |
| build-and-push-image: | |
| permissions: | |
| id-token: write | |
| needs: determine-git-sha | |
| uses: ./.github/workflows/build-and-push-image.yml | |
| with: | |
| git-sha: ${{ needs.determine-git-sha.outputs.git-sha }} | |
| prepare-deployment: | |
| name: Prepare deployment | |
| runs-on: ubuntu-latest | |
| needs: build-and-push-image | |
| permissions: | |
| id-token: write | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v5 | |
| with: | |
| ref: ${{ inputs.git_sha_to_deploy || github.sha }} | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v5 | |
| with: | |
| role-to-assume: ${{ env.aws_role }} | |
| aws-region: eu-west-2 | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@v6 | |
| - name: Setup python | |
| uses: actions/setup-python@v6 | |
| with: | |
| python-version: 3.13.0 | |
| - run: uv sync --dev | |
| - name: Get image digest | |
| id: get-image-digest | |
| run: | | |
| digest=$(aws ecr describe-images \ | |
| --repository-name mavis/reporting \ | |
| --image-ids imageTag=${{ inputs.git_sha_to_deploy || github.sha }} \ | |
| --query 'imageDetails[0].imageDigest' \ | |
| --output text) | |
| echo "digest=$digest" >> $GITHUB_OUTPUT | |
| - name: Parse environment variables | |
| id: parse-environment-variables | |
| run: | | |
| parsed_env_vars=$(yq -r '.environments.${{ inputs.environment }} | to_entries | .[] | .key + "=" + .value' config/container_variables.yml) | |
| { | |
| echo 'parsed_env_vars<<EOF' | |
| echo "$parsed_env_vars" | |
| echo 'EOF' | |
| } >> "$GITHUB_OUTPUT" | |
| - name: Populate reporting task definition | |
| id: create-task-definition | |
| uses: aws-actions/amazon-ecs-render-task-definition@v1 | |
| with: | |
| task-definition-family: "mavis-reporting-task-definition-${{ inputs.environment }}-template" | |
| container-name: "application" | |
| image: "${{ env.aws_account_id }}.dkr.ecr.eu-west-2.amazonaws.com/mavis/reporting@${{ steps.get-image-digest.outputs.digest }}" | |
| environment-variables: ${{ steps.parse-environment-variables.outputs.parsed_env_vars }} | |
| - name: Rename task definition file | |
| run: mv ${{ steps.create-task-definition.outputs.task-definition }} ${{ runner.temp }}/reporting-task-definition.json | |
| - name: Populate SSM parameters for reporting service | |
| run: | | |
| uv run scripts/populate_ssm_parameters.py ${{ inputs.environment }} reporting | |
| - name: Upload artifact for reporting task definition | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: ${{ inputs.environment }}-reporting-task-definition | |
| path: ${{ runner.temp }}/reporting-task-definition.json | |
| approve-deployments: | |
| name: Wait for approval if required | |
| runs-on: ubuntu-latest | |
| needs: prepare-deployment | |
| environment: ${{ inputs.environment }} | |
| steps: | |
| - run: echo "Proceeding with deployment to ${{ inputs.environment }} environment" | |
| deploy: | |
| name: Deploy reporting service | |
| runs-on: ubuntu-latest | |
| needs: [prepare-deployment, approve-deployments] | |
| permissions: | |
| id-token: write | |
| steps: | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v5 | |
| with: | |
| role-to-assume: ${{ env.aws_role }} | |
| aws-region: eu-west-2 | |
| - name: Checkout code | |
| uses: actions/checkout@v5 | |
| - name: Download reporting task definition artifact | |
| uses: actions/download-artifact@v5 | |
| with: | |
| path: ${{ runner.temp }} | |
| name: ${{ inputs.environment }}-reporting-task-definition | |
| - name: Change family of task definition | |
| run: | | |
| file_path="${{ runner.temp }}/reporting-task-definition.json" | |
| family_name="mavis-reporting-task-definition-${{ inputs.environment }}" | |
| echo "$(jq --arg f "$family_name" '.family = $f' "$file_path")" > "$file_path" | |
| - name: Register reporting task definition | |
| id: register-task-definition | |
| uses: aws-actions/amazon-ecs-deploy-task-definition@v2 | |
| with: | |
| task-definition: ${{ runner.temp }}/reporting-task-definition.json | |
| - name: Create appspec.yml | |
| run: | | |
| cp config/templates/appspec.yaml.tpl appspec.yaml | |
| sed -i "s#TASK_ARN#${{ steps.register-task-definition.outputs.task-definition-arn }}#g" appspec.yaml | |
| - name: Deploy reporting service with CodeDeploy | |
| id: deploy-reporting-service | |
| uses: aws-actions/amazon-ecs-deploy-task-definition@v2 | |
| with: | |
| task-definition: ${{ runner.temp }}/reporting-task-definition.json | |
| cluster: ${{ env.cluster_name }} | |
| service: mavis-${{ inputs.environment }}-reporting | |
| codedeploy-application: mavis-${{ inputs.environment }} | |
| codedeploy-deployment-group: reporting-${{ inputs.environment }} | |
| - name: Wait for deployment to complete | |
| run: | | |
| echo "Waiting for CodeDeploy deployment ${{ steps.deploy-reporting-service.outputs.codedeploy-deployment-id }} to complete..." | |
| aws deploy wait deployment-successful --deployment-id "${{ steps.deploy-reporting-service.outputs.codedeploy-deployment-id }}" | |
| echo "Deployment successful" |