forms-api/.github/workflows/prod-deploy.yml at 351fa12aff26ed36babce1819d54bbe91a34fe2b · cds-snc/forms-api · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
name: Production - Deploy

on:
  workflow_run:
    workflows: ["Production — Docker build and push"]
    types:
      - completed

env:
  AWS_ACCOUNT_ID: ${{ vars.PRODUCTION_AWS_ACCOUNT_ID }}
  AWS_REGION: ca-central-1
  CLUSTER_NAME: Forms
  SERVICE_NAME: forms-api
  TASK_DEFINITION_NAME: forms-api
  REGISTRY: ${{ vars.PRODUCTION_AWS_ACCOUNT_ID }}.dkr.ecr.ca-central-1.amazonaws.com/forms/api

permissions:
  id-token: write
  contents: read

jobs:
  deploy-forms-api-service:
    if: ${{ github.event.workflow_run.conclusion == 'success' }}
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1

      - name: Configure AWS credentials using OIDC
        uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1
        with:
          role-to-assume: arn:aws:iam::${{ env.AWS_ACCOUNT_ID }}:role/forms-api-apply
          role-session-name: ECSDeploy
          aws-region: ${{ env.AWS_REGION }}

      - name: Download ECS task definition
        run: |
          aws ecs describe-task-definition \
            --task-definition ${{ env.SERVICE_NAME }} \
            --query taskDefinition > task-definition.json

      - name: Update ECS task image
        id: task-def
        uses: aws-actions/amazon-ecs-render-task-definition@77954e213ba1f9f9cb016b86a1d4f6fcdea0d57e # v1.8.4
        with:
          task-definition: task-definition.json
          container-name: ${{ env.SERVICE_NAME }}
          image: "${{ env.REGISTRY }}:${{ github.event.workflow_run.head_branch }}"

      - name: Create the new ECS task definition
        uses: aws-actions/amazon-ecs-deploy-task-definition@cbf54ec46642b86ff78c2f5793da6746954cf8ff # v2.6.0
        with:
          task-definition: ${{ steps.task-def.outputs.task-definition }}
          cluster: ${{ env.CLUSTER_NAME }}

      - name: Deploy the new ECS task definition
        run: |
          aws ecs update-service \
            --cluster ${{ env.CLUSTER_NAME }} \
            --service ${{ env.SERVICE_NAME }} \
            --task-definition ${{ env.TASK_DEFINITION_NAME }} \
            --force-new-deployment > /dev/null 2>&1
          aws ecs wait services-stable \
            --cluster ${{ env.CLUSTER_NAME }} \
            --services ${{ env.SERVICE_NAME }}

      - name: Report deployment to Sentinel
        if: always()
        uses: cds-snc/sentinel-forward-data-action@0c349852373284a1130f87f8b91896132b0fc138 # main
        with:
          input_data: '{"product": "forms", "sha": "${{ github.event.workflow_run.head_branch }}", "version": "${{ github.event.workflow_run.head_branch }}", "repository": "${{ github.repository }}", "environment": "production", "status": "${{ job.status }}"}'
          log_type: CDS_Product_Deployment_Data
          log_analytics_workspace_id: ${{ secrets.LOG_ANALYTICS_WORKSPACE_ID }}
          log_analytics_workspace_key: ${{ secrets.LOG_ANALYTICS_WORKSPACE_KEY }}