This repository is currently being migrated. It's locked while the migration is in progress.
Merge pull request #5 from synccomputingcode/singhals/fix-iam-policy-… #22
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy | |
| on: | |
| push: | |
| branches: | |
| - main | |
| permissions: | |
| id-token: write # This is required for requesting tghe JWT | |
| contents: read # This is required for actions/checkout | |
| jobs: | |
| deploy-cube: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repo | |
| uses: actions/checkout@v4 | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: arn:aws:iam::471881062455:role/system/github_actions_role | |
| role-session-name: GitHub_to_AWS_sync_svc_cube | |
| aws-region: us-east-1 | |
| - name: Login to Amazon ECR | |
| id: login-ecr | |
| uses: aws-actions/[email protected] | |
| with: | |
| mask-password: "false" | |
| - name: Build, tag, and push cube api docker image to Amazon ECR | |
| env: | |
| REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
| REPOSITORY: prod-sync-cube-ecr | |
| IMAGE_TAG: "${{ github.sha }}" | |
| run: | | |
| docker build -t $REGISTRY/$REPOSITORY:$IMAGE_TAG -f docker/cube/Dockerfile . | |
| docker push $REGISTRY/$REPOSITORY:$IMAGE_TAG | |
| - name: Update cube-api Task Definition with latest image | |
| id: cube-api-task-def | |
| uses: aws-actions/[email protected] | |
| with: | |
| task-definition-family: cube_api | |
| container-name: cube-api | |
| image: ${{ steps.login-ecr.outputs.registry }}/prod-sync-cube-ecr:${{ github.sha }} | |
| - name: Update cube-refresh-worker Task Definition with latest image | |
| id: cube-refresh-worker-task-def | |
| uses: aws-actions/[email protected] | |
| with: | |
| task-definition-family: cube_refresh_worker | |
| container-name: cube-refresh-worker | |
| image: ${{ steps.login-ecr.outputs.registry }}/prod-sync-cube-ecr:${{ github.sha }} | |
| - name: Deploy cube-api task definition | |
| uses: aws-actions/[email protected] | |
| with: | |
| task-definition: ${{ steps.cube-api-task-def.outputs.task-definition }} | |
| service: cube_api | |
| cluster: prod-sync-cluster | |
| wait-for-service-stability: true | |
| - name: Deploy cube-refresh-worker task definition | |
| uses: aws-actions/[email protected] | |
| with: | |
| task-definition: ${{ steps.cube-refresh-worker-task-def.outputs.task-definition }} | |
| service: cube_refresh_worker | |
| cluster: prod-sync-cluster | |
| wait-for-service-stability: true |