Fixing CI-CD pipeline. Adding ECS deployment

sturoscy-personal · sturoscy-personal · commit 4f5443dfc91d · 2026-02-02T11:42:24.000-05:00
diff --git a/.github/workflows/build-and-deploy.yml b/.github/workflows/build-and-deploy.yml
@@ -0,0 +1,186 @@
+name: west-discovery CI/CD
+
+on:
+  push:
+    branches:
+      - add-ci-cd
+      - integration
+      - main
+  pull_request:
+    branches:
+      - main
+
+env:
+  AWS_REGION: us-east-1
+  ECR_REPOSITORY: west-discovery
+  CONTAINER_NAME: app
+  ECS_TASK_DEFINITION: ecs/task-definition.json
+
+permissions:
+  id-token: write
+  contents: read
+
+jobs:
+  # =========================
+  # BUILD (always safe)
+  # =========================
+  build:
+    runs-on: ubuntu-latest
+
+    outputs:
+      image-uri: ${{ steps.export.outputs.image-uri }}
+
+    if: |
+      github.event_name == 'push' &&
+      (
+        github.ref == 'refs/heads/add-ci-cd' ||
+        github.ref == 'refs/heads/integration' ||
+        github.ref == 'refs/heads/main'
+      )
+
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Configure AWS credentials (OIDC)
+      uses: aws-actions/configure-aws-credentials@v4
+      with:
+        aws-region: ${{ env.AWS_REGION }}
+        role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
+
+    - name: Login to Amazon ECR
+      id: ecr
+      uses: aws-actions/amazon-ecr-login@v2
+
+    - name: Docker metadata
+      id: meta
+      uses: docker/metadata-action@v5
+      with:
+        images: |
+          ${{ steps.ecr.outputs.registry }}/${{ env.ECR_REPOSITORY }}
+        tags: |
+          type=ref,event=branch
+          type=ref,event=pr
+          type=sha,prefix={{branch}}-
+
+    - name: Build & push image
+      uses: docker/build-push-action@v6
+      with:
+        context: .
+        file: ./Dockerfile
+        platforms: linux/x86_64
+        push: true
+        tags: ${{ steps.meta.outputs.tags }}
+        labels: ${{ steps.meta.outputs.labels }}
+        cache-from: type=gha
+        cache-to: type=gha,mode=max
+
+    - name: Export image URI
+      id: export
+      run: |
+        IMAGE_URI=$(echo "${{ steps.meta.outputs.tags }}" | head -n 1)
+        echo "image-uri=$IMAGE_URI" >> $GITHUB_OUTPUT
+        echo "$IMAGE_URI" > image-uri.txt
+
+    - name: Upload image artifact
+      uses: actions/upload-artifact@v4
+      with:
+        name: image-uri
+        path: image-uri.txt
+
+  # =========================
+  # DEPLOY → INTEGRATION
+  # =========================
+  deploy-integration:
+    runs-on: ubuntu-latest
+    needs: build
+    environment: integration
+
+    if: |
+      (
+        github.ref == 'refs/heads/add-ci-cd' ||
+        github.ref == 'refs/heads/integration'
+      )
+
+    env:
+      ECS_CLUSTER: west-discovery-integration
+      ECS_SERVICE: west-discovery
+
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Configure AWS credentials (OIDC)
+      uses: aws-actions/configure-aws-credentials@v4
+      with:
+        aws-region: ${{ env.AWS_REGION }}
+        role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
+
+    - uses: actions/download-artifact@v4
+      with:
+        name: image-uri
+
+    - run: echo "IMAGE_URI=$(cat image-uri.txt)" >> $GITHUB_ENV
+
+    - name: Render task definition
+      id: render
+      uses: aws-actions/amazon-ecs-render-task-definition@v1
+      with:
+        task-definition: ${{ env.ECS_TASK_DEFINITION }}
+        container-name: ${{ env.CONTAINER_NAME }}
+        image: ${{ env.IMAGE_URI }}
+
+    - name: Deploy to Integration
+      uses: aws-actions/amazon-ecs-deploy-task-definition@v2
+      with:
+        cluster: ${{ env.ECS_CLUSTER }}
+        service: ${{ env.ECS_SERVICE }}
+        task-definition: ${{ steps.render.outputs.task-definition }}
+        wait-for-service-stability: true
+
+  # =========================
+  # DEPLOY → PRODUCTION
+  # =========================
+  deploy-production:
+    runs-on: ubuntu-latest
+    needs: build
+    environment: production
+
+    # Only after PR is merged into main
+    if: |
+      github.event_name == 'push' &&
+      github.event.pull_request.merged == true &&
+      github.ref == 'refs/heads/main'
+
+    env:
+      ECS_CLUSTER: west-discovery-production
+      ECS_SERVICE: west-discovery
+
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Configure AWS credentials (OIDC)
+      uses: aws-actions/configure-aws-credentials@v4
+      with:
+        aws-region: ${{ env.AWS_REGION }}
+        role-to-assume: ${{ secrets.AWS_PROD_ROLE_TO_ASSUME }}
+
+    - uses: actions/download-artifact@v4
+      with:
+        name: image-uri
+
+    - run: echo "IMAGE_URI=$(cat image-uri.txt)" >> $GITHUB_ENV
+
+    - name: Render task definition
+      id: render
+      uses: aws-actions/amazon-ecs-render-task-definition@v1
+      with:
+        task-definition: ${{ env.ECS_TASK_DEFINITION }}
+        container-name: ${{ env.CONTAINER_NAME }}
+        image: ${{ env.IMAGE_URI }}
+
+    - name: Deploy to Production
+      uses: aws-actions/amazon-ecs-deploy-task-definition@v2
+      with:
+        cluster: ${{ env.ECS_CLUSTER }}
+        service: ${{ env.ECS_SERVICE }}
+        task-definition: ${{ steps.render.outputs.task-definition }}
+        wait-for-service-stability: true
diff --git a/.github/workflows/build-and-push.yml b/.github/workflows/build-and-push.yml
diff --git a/ecs/task-definition.json b/ecs/task-definition.json
@@ -0,0 +1,49 @@
+{
+  "family": "west-discovery",
+  "networkMode": "awsvpc",
+  "requiresCompatibilities": ["FARGATE"],
+  "cpu": "512",
+  "memory": "1024",
+  "runtimePlatform": {
+    "cpuArchitecture": "X86_64",
+    "operatingSystemFamily": "LINUX"
+  },
+  "taskRoleArn": "arn:aws:iam::730335463484:role/ecsTaskExecutionRole",
+  "executionRoleArn": "arn:aws:iam::730335463484:role/ecsTaskExecutionRole",
+  "containerDefinitions": [
+    {
+      "name": "app",
+      "image": "REPLACED_BY_CI",
+      "essential": true,
+      "portMappings": [
+        {
+          "containerPort": 8000,
+          "protocol": "tcp",
+          "appProtocol": "http"
+        }
+      ],
+      "environment": [
+        { "name": "APP_ENV", "value": "integration" },
+        { "name": "LOG_LEVEL", "value": "info" }
+      ],
+      "logConfiguration": {
+        "logDriver": "awslogs",
+        "options": {
+          "awslogs-group": "/ecs/west-discovery",
+          "awslogs-region": "us-east-1",
+          "awslogs-stream-prefix": "ecs"
+        }
+      },
+      "healthCheck": {
+        "command": [
+          "CMD-SHELL",
+          "curl -f http://localhost:8000/health || exit 1"
+        ],
+        "interval": 30,
+        "timeout": 5,
+        "retries": 3,
+        "startPeriod": 15
+      }
+    }
+  ]
+}
