Deploy application to qa #95
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy application | |
| run-name: Deploy application to ${{ inputs.environment }} | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| environment: | |
| description: Deployment environment | |
| required: true | |
| type: choice | |
| options: | |
| - qa | |
| - test | |
| - preview | |
| - training | |
| - production | |
| - sandbox-alpha | |
| - sandbox-beta | |
| git_sha_to_deploy: | |
| description: The git commit SHA to deploy. | |
| required: false | |
| type: string | |
| workflow_call: | |
| inputs: | |
| environment: | |
| required: true | |
| type: string | |
| git_sha_to_deploy: | |
| description: The git commit SHA to deploy. | |
| required: true | |
| type: string | |
| permissions: {} | |
| concurrency: | |
| group: deploy-mavis-${{ inputs.environment }} | |
| env: | |
| aws_role: ${{ inputs.environment == 'production' | |
| && 'arn:aws:iam::820242920762:role/GithubDeployECSService' | |
| || 'arn:aws:iam::393416225559:role/GithubDeployECSService' }} | |
| aws_account_id: ${{ inputs.environment == 'production' && '820242920762' || '393416225559' }} | |
| cluster_name: mavis-${{ inputs.environment }} | |
| family_name: mavis-reporting-task-definition-${{ inputs.environment }} | |
| jobs: | |
| validate-inputs: | |
| runs-on: ubuntu-latest | |
| permissions: {} | |
| steps: | |
| - name: Validate inputs | |
| run: | | |
| if [[ "${{ inputs.environment }}" == "preview" || "${{ inputs.environment }}" == "production" ]]; then | |
| if [[ -z "${{ inputs.git_sha_to_deploy }}" ]]; then | |
| echo "Error: git_sha_to_deploy is required for preview and production environments." | |
| exit 1 | |
| fi | |
| fi | |
| determine-git-sha: | |
| runs-on: ubuntu-latest | |
| permissions: {} | |
| needs: validate-inputs | |
| outputs: | |
| git-sha: ${{ steps.get-git-sha.outputs.git-sha }} | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v6 | |
| with: | |
| ref: ${{ inputs.git_sha_to_deploy || github.sha }} | |
| - name: Get git sha | |
| id: get-git-sha | |
| run: echo "git-sha=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT | |
| build-and-push-image: | |
| permissions: | |
| id-token: write | |
| needs: determine-git-sha | |
| uses: ./.github/workflows/build-and-push-image.yml | |
| with: | |
| git-sha: ${{ needs.determine-git-sha.outputs.git-sha }} | |
| prepare-deployment: | |
| name: Prepare deployment | |
| runs-on: ubuntu-latest | |
| needs: build-and-push-image | |
| permissions: | |
| id-token: write | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v6 | |
| with: | |
| ref: ${{ inputs.git_sha_to_deploy || github.sha }} | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v5 | |
| with: | |
| role-to-assume: ${{ env.aws_role }} | |
| aws-region: eu-west-2 | |
| - name: Get image digest | |
| id: get-image-digest | |
| run: | | |
| digest=$(aws ecr describe-images \ | |
| --repository-name mavis/reporting \ | |
| --image-ids imageTag=${{ inputs.git_sha_to_deploy || github.sha }} \ | |
| --query 'imageDetails[0].imageDigest' \ | |
| --output text) | |
| echo "digest=$digest" >> $GITHUB_OUTPUT | |
| - name: Populate reporting task definition | |
| id: create-task-definition | |
| uses: aws-actions/amazon-ecs-render-task-definition@v1 | |
| with: | |
| task-definition-family: "mavis-reporting-task-definition-${{ inputs.environment }}-template" | |
| container-name: "application" | |
| image: "${{ env.aws_account_id }}.dkr.ecr.eu-west-2.amazonaws.com/mavis/reporting@${{ steps.get-image-digest.outputs.digest }}" | |
| - name: Rename task definition file | |
| run: mv ${{ steps.create-task-definition.outputs.task-definition }} ${{ runner.temp }}/reporting-task-definition.json | |
| - name: Upload artifact for reporting task definition | |
| uses: actions/upload-artifact@v5 | |
| with: | |
| name: ${{ inputs.environment }}-reporting-task-definition | |
| path: ${{ runner.temp }}/reporting-task-definition.json | |
| deploy: | |
| name: Deploy reporting service | |
| runs-on: ubuntu-latest | |
| needs: prepare-deployment | |
| environment: ${{ inputs.environment }} | |
| permissions: | |
| id-token: write | |
| steps: | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v5 | |
| with: | |
| role-to-assume: ${{ env.aws_role }} | |
| aws-region: eu-west-2 | |
| - name: Download reporting task definition artifact | |
| uses: actions/download-artifact@v6 | |
| with: | |
| path: ${{ runner.temp }} | |
| name: ${{ inputs.environment }}-reporting-task-definition | |
| - name: Change family of task definition | |
| run: | | |
| file_path="${{ runner.temp }}/reporting-task-definition.json" | |
| family_name="mavis-reporting-task-definition-${{ inputs.environment }}" | |
| echo "$(jq --arg f "$family_name" '.family = $f' "$file_path")" > "$file_path" | |
| - name: Deploy reporting service | |
| uses: aws-actions/amazon-ecs-deploy-task-definition@v2 | |
| with: | |
| task-definition: ${{ runner.temp }}/reporting-task-definition.json | |
| cluster: ${{ env.cluster_name }} | |
| service: mavis-${{ inputs.environment }}-reporting | |
| force-new-deployment: true | |
| wait-for-service-stability: true |