From 089b0fb17817adc92f311d6911203683bdf2fdd3 Mon Sep 17 00:00:00 2001 From: digorgonzola <29941279+digorgonzola@users.noreply.github.com> Date: Wed, 24 Jan 2024 00:00:34 +1100 Subject: [PATCH 1/5] separate out the test workflow --- .github/workflows/test.yml | 46 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) create mode 100644 .github/workflows/test.yml diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml new file mode 100644 index 0000000..259cc55 --- /dev/null +++ b/.github/workflows/test.yml @@ -0,0 +1,46 @@ +name: Test + +on: + pull_request: + branches: + - master + - main + +concurrency: + group: ${{ github.ref }} + cancel-in-progress: true + +permissions: + id-token: write + contents: read + +jobs: + build_test_push: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Setup Docker Structure Test + run: > + curl -LO + https://storage.googleapis.com/container-structure-test/latest/container-structure-test-linux-amd64 + && chmod +x container-structure-test-linux-amd64 && sudo mv container-structure-test-linux-amd64 + /usr/local/bin/container-structure-test + + - name: Build Docker Image + uses: docker/build-push-action@v5 + with: + context: . + load: true + tags: ${{ vars.ECR_REPOSITORY }}:${{ steps.set_image_tag.outputs.image_tag }} + + - name: Test Docker Image + run: | + container-structure-test test --image ${{ vars.ECR_REPOSITORY }}:${{ steps.set_image_tag.outputs.image_tag }} --config tests/config.yaml From acb34945a56fbd3c7a431d9140e6a5ae5ef904a0 Mon Sep 17 00:00:00 2001 From: digorgonzola <29941279+digorgonzola@users.noreply.github.com> Date: Wed, 24 Jan 2024 00:00:55 +1100 Subject: [PATCH 2/5] rename pre-commit.yml workflow name --- .github/workflows/pre-commit.yml | 14 +------------- 1 file changed, 1 insertion(+), 13 deletions(-) diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index 37920ad..75d3fa4 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -1,4 +1,4 @@ -name: Run Pre-commit Checks +name: Pre-commit on: pull_request: @@ -17,16 +17,4 @@ jobs: - uses: actions/setup-python@v5 with: python-version: '3.10' - - uses: hashicorp/setup-terraform@v3 - with: - terraform_version: "1.5.7" - - name: Setup Terragrunt - id: setup_terragrunt - run: | - wget https://github.com/gruntwork-io/terragrunt/releases/download/v${tg_version}/terragrunt_linux_amd64 \ - && mv terragrunt_linux_amd64 terragrunt \ - && chmod +x terragrunt \ - && mv terragrunt /usr/local/bin/terragrunt - env: - tg_version: '0.51.0' - uses: pre-commit/action@v3.0.0 From 7ac2542dac25617f16df17db253868fba847ab8f Mon Sep 17 00:00:00 2001 From: digorgonzola <29941279+digorgonzola@users.noreply.github.com> Date: Wed, 24 Jan 2024 00:01:05 +1100 Subject: [PATCH 3/5] remove build-development.yml --- .github/workflows/build-development.yml | 112 ------------------------ 1 file changed, 112 deletions(-) delete mode 100644 .github/workflows/build-development.yml diff --git a/.github/workflows/build-development.yml b/.github/workflows/build-development.yml deleted file mode 100644 index c2720e1..0000000 --- a/.github/workflows/build-development.yml +++ /dev/null @@ -1,112 +0,0 @@ -name: Build, Test and Push - Development - -on: - pull_request: - branches: - - master - -concurrency: - group: ${{ github.ref }} - cancel-in-progress: true - -permissions: - id-token: write - contents: read - -jobs: - build_test_push: - runs-on: ubuntu-latest - environment: development - outputs: - image_digest: ${{ steps.build_and_push.outputs.digest }} - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - - name: Setup Docker Structure Test - run: > - curl -LO - https://storage.googleapis.com/container-structure-test/latest/container-structure-test-linux-amd64 - && chmod +x container-structure-test-linux-amd64 && sudo mv container-structure-test-linux-amd64 - /usr/local/bin/container-structure-test - - - name: Set Image Tag - id: set_image_tag - run: | - branch_name=${{ github.head_ref || github.ref_name }} - tag=${{ env.TAG_PREFIX}}-${branch_name//\//-} - echo "$tag" - echo "image_tag=$tag" >> $GITHUB_OUTPUT - env: - TAG_PREFIX: dev - - - name: Build Docker Image - uses: docker/build-push-action@v5 - with: - context: . - load: true - tags: ${{ vars.ECR_REPOSITORY }}:${{ steps.set_image_tag.outputs.image_tag }} - - - name: Test Docker Image - run: | - container-structure-test test --image ${{ vars.ECR_REPOSITORY }}:${{ steps.set_image_tag.outputs.image_tag }} --config tests/config.yaml - - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - audience: sts.amazonaws.com - aws-region: ${{ vars.AWS_REGION }} - role-to-assume: ${{ secrets.AWS_ROLE_ARN }} - - - name: Login to ECR - uses: docker/login-action@v3 - with: - registry: ${{ vars.ECR_REGISTRY }} - - - name: Build and Push Docker Image - id: build_and_push - uses: docker/build-push-action@v5 - with: - context: . -# Only building for AMD64 for now -# platforms: linux/amd64,linux/arm64 - push: true - tags: ${{ vars.ECR_REGISTRY }}/${{ vars.ECR_REPOSITORY }}:${{ steps.set_image_tag.outputs.image_tag }} - - trigger_deploy: - runs-on: ubuntu-latest - needs: [build_test_push] - steps: - - name: Generate App Token - uses: actions/create-github-app-token@v1 - id: app-token - with: - app-id: ${{ vars.DEPLOY_APP_ID }} - private-key: ${{ secrets.DEPLOY_APP_PRIVATE_KEY }} - owner: ${{ github.repository_owner }} - repositories: "appdeploy" - - - name: Trigger Deploy Workflow - uses: actions/github-script@v7 - with: - github-token: ${{ steps.app-token.outputs.token }} - retries: 3 - retry-exempt-status-codes: 204 - script: | - github.rest.actions.createWorkflowDispatch({ - owner: 'aodn', - repo: 'appdeploy', - workflow_id: 'deploy.yml', - ref: 'main', - inputs: { - app_name: 'sample-django-app', - environment: 'development', - image_tag: '${{ needs.build_test_push.outputs.image_digest }}', - } - }) From 361324655909b9a2ad2851b493ded3d13873b6c3 Mon Sep 17 00:00:00 2001 From: digorgonzola <29941279+digorgonzola@users.noreply.github.com> Date: Wed, 24 Jan 2024 00:01:41 +1100 Subject: [PATCH 4/5] update deployment workflows --- .github/workflows/build-production.yml | 105 ------------------------ .github/workflows/build-staging.yml | 98 ---------------------- .github/workflows/deploy-production.yml | 98 ++++++++++++++++++++++ .github/workflows/deploy-staging.yml | 99 ++++++++++++++++++++++ 4 files changed, 197 insertions(+), 203 deletions(-) delete mode 100644 .github/workflows/build-production.yml delete mode 100644 .github/workflows/build-staging.yml create mode 100644 .github/workflows/deploy-production.yml create mode 100644 .github/workflows/deploy-staging.yml diff --git a/.github/workflows/build-production.yml b/.github/workflows/build-production.yml deleted file mode 100644 index 6b5bfa0..0000000 --- a/.github/workflows/build-production.yml +++ /dev/null @@ -1,105 +0,0 @@ -name: Build, Test and Push - Production - -on: - push: - tags: - - prod - -permissions: - id-token: write - contents: read - -jobs: - build_test_push: - runs-on: ubuntu-latest - environment: production - outputs: - image_digest: ${{ steps.build_and_push.outputs.digest }} - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - - name: Setup Docker Structure Test - run: > - curl -LO - https://storage.googleapis.com/container-structure-test/latest/container-structure-test-linux-amd64 - && chmod +x container-structure-test-linux-amd64 && sudo mv container-structure-test-linux-amd64 - /usr/local/bin/container-structure-test - - - name: Set Image Tag - id: set_image_tag - run: | - tag=${{ github.ref_name }} - echo "image_tag=${tag//\v/}" >> $GITHUB_OUTPUT - - - name: Build Docker Image - uses: docker/build-push-action@v5 - with: - context: . - load: true - tags: ${{ vars.ECR_REPOSITORY }}:${{ steps.set_image_tag.outputs.image_tag }} - - - name: Test Docker Image - run: | - container-structure-test test --image ${{ vars.ECR_REPOSITORY }}:${{ steps.set_image_tag.outputs.image_tag }} --config tests/config.yaml - - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - audience: sts.amazonaws.com - aws-region: ${{ vars.AWS_REGION }} - role-to-assume: ${{ secrets.AWS_ROLE_ARN }} - - - name: Login to ECR - uses: docker/login-action@v3 - with: - registry: ${{ vars.ECR_REGISTRY }} - - - name: Build and Push Docker Image - if: ${{ github.event_name != 'workflow_dispatch' }} - id: build_and_push - uses: docker/build-push-action@v5 - with: - context: . -# Only building for AMD64 for now -# platforms: linux/amd64,linux/arm64 - push: true - tags: ${{ vars.ECR_REGISTRY }}/${{ vars.ECR_REPOSITORY }}:${{ steps.set_image_tag.outputs.image_tag }} - - trigger_deploy: - runs-on: ubuntu-latest - needs: [build_test_push] - steps: - - name: Generate App Token - uses: actions/create-github-app-token@v1 - id: app-token - with: - app-id: ${{ vars.DEPLOY_APP_ID }} - private-key: ${{ secrets.DEPLOY_APP_PRIVATE_KEY }} - owner: ${{ github.repository_owner }} - repositories: "appdeploy" - - - name: Trigger Deploy Workflow - uses: actions/github-script@v7 - with: - github-token: ${{ steps.app-token.outputs.token }} - retries: 3 - retry-exempt-status-codes: 204 - script: | - github.rest.actions.createWorkflowDispatch({ - owner: 'aodn', - repo: 'appdeploy', - workflow_id: 'deploy.yml', - ref: 'main', - inputs: { - app_name: 'sample-django-app', - environment: 'production', - image_tag: '${{ needs.build_test_push.outputs.image_digest }}', - } - }) diff --git a/.github/workflows/build-staging.yml b/.github/workflows/build-staging.yml deleted file mode 100644 index b11e094..0000000 --- a/.github/workflows/build-staging.yml +++ /dev/null @@ -1,98 +0,0 @@ -name: Build, Test and Push - Staging - -on: - push: - branches: - - master - -permissions: - id-token: write - contents: read - -jobs: - build_test_push: - runs-on: ubuntu-latest - environment: staging - outputs: - image_digest: ${{ steps.build_and_push.outputs.digest }} - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - - name: Setup Docker Structure Test - run: > - curl -LO - https://storage.googleapis.com/container-structure-test/latest/container-structure-test-linux-amd64 - && chmod +x container-structure-test-linux-amd64 && sudo mv container-structure-test-linux-amd64 - /usr/local/bin/container-structure-test - - - name: Build Docker Image - uses: docker/build-push-action@v5 - with: - context: . - load: true - tags: ${{ vars.ECR_REPOSITORY }}:latest - - - name: Test Docker Image - run: | - container-structure-test test --image ${{ vars.ECR_REPOSITORY }}:latest --config tests/config.yaml - - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - audience: sts.amazonaws.com - aws-region: ${{ vars.AWS_REGION }} - role-to-assume: ${{ secrets.AWS_ROLE_ARN }} - - - name: Login to ECR - uses: docker/login-action@v3 - with: - registry: ${{ vars.ECR_REGISTRY }} - - - name: Build and Push Docker Image - id: build_and_push - uses: docker/build-push-action@v5 - with: - context: . -# Only building for AMD64 for now -# platforms: linux/amd64,linux/arm64 - push: true - tags: ${{ vars.ECR_REGISTRY }}/${{ vars.ECR_REPOSITORY }}:latest - - trigger_deploy: - runs-on: ubuntu-latest - needs: [build_test_push] - steps: - - name: Generate App Token - uses: actions/create-github-app-token@v1 - id: app-token - with: - app-id: ${{ vars.DEPLOY_APP_ID }} - private-key: ${{ secrets.DEPLOY_APP_PRIVATE_KEY }} - owner: ${{ github.repository_owner }} - repositories: "appdeploy" - - - name: Trigger Deploy Workflow - uses: actions/github-script@v7 - with: - github-token: ${{ steps.app-token.outputs.token }} - retries: 3 - retry-exempt-status-codes: 204 - script: | - github.rest.actions.createWorkflowDispatch({ - owner: 'aodn', - repo: 'appdeploy', - workflow_id: 'deploy.yml', - ref: 'main', - inputs: { - app_name: 'sample-django-app', - environment: 'staging', - image_tag: '${{ needs.build_test_push.outputs.image_digest }}', - } - }) diff --git a/.github/workflows/deploy-production.yml b/.github/workflows/deploy-production.yml new file mode 100644 index 0000000..d810ea3 --- /dev/null +++ b/.github/workflows/deploy-production.yml @@ -0,0 +1,98 @@ +name: Deploy Production + +on: + push: + tags: + - v*.*.* + +permissions: + id-token: write + contents: read + +jobs: + build_push: + runs-on: ubuntu-latest + environment: production + outputs: + image_digest: ${{ steps.build_and_push.outputs.digest }} + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Build Docker Image + uses: docker/build-push-action@v5 + with: + context: . + load: true + tags: ${{ vars.ECR_REPOSITORY }}:${{ github.ref_name }} + + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + audience: sts.amazonaws.com + aws-region: ${{ vars.AWS_REGION }} + role-to-assume: ${{ secrets.AWS_ROLE_ARN }} + + - name: Login to ECR + uses: docker/login-action@v3 + with: + registry: ${{ vars.ECR_REGISTRY }} + + - name: Build and Push Docker Image + id: build_and_push + uses: docker/build-push-action@v5 + with: + context: . +# Only building for AMD64 for now +# platforms: linux/amd64,linux/arm64 + push: true + tags: ${{ vars.ECR_REGISTRY }}/${{ vars.ECR_REPOSITORY }}:${{ github.ref_name }} + + - name: Push Image Digest to SSM + run: | + aws ssm put-parameter \ + --name "/apps/sample-django-app/production/image_digest" \ + --type "String" \ + --value "$digest" \ + --overwrite + env: + digest: ${{ steps.build_and_push.outputs.digest }} + + deploy: + runs-on: ubuntu-latest + environment: production + needs: [build_push] + steps: + - name: Get Currently Running Task Definition + id: get-current-task-definition + run: | + aws ecs describe-task-definition + --task-definition ${{ vars.FAMILY }} + --query taskDefinition > task-definition.json + + - name: Update Image Tag + id: update-api-image-tag + uses: aws-actions/amazon-ecs-render-task-definition@v1 + with: + task-definition: task-definition.json + container-name: app + image: ${{ vars.ECR_REGISTRY }}/${{ vars.ECR_REPOSITORY }}:${{ needs.build_push.outputs.image_digest }} + + - name: Display Rendered Template + id: display-rendered-template + run: cat ${{ steps.update-api-image-tag.outputs.task-definition }} | jq -r + + - name: Deploy to Amazon ECS service + uses: aws-actions/amazon-ecs-deploy-task-definition@v1 + with: + task-definition: ${{ steps.update-api-image-tag.outputs.task-definition }} + service: ${{ vars.FAMILY }} + cluster: ${{ vars.CLUSTER }} + force-new-deployment: true + wait-for-service-stability: true diff --git a/.github/workflows/deploy-staging.yml b/.github/workflows/deploy-staging.yml new file mode 100644 index 0000000..faf4cdd --- /dev/null +++ b/.github/workflows/deploy-staging.yml @@ -0,0 +1,99 @@ +name: Deploy Staging + +on: + push: + branches: + - master + - main + +permissions: + id-token: write + contents: read + +jobs: + build_push: + runs-on: ubuntu-latest + environment: staging + outputs: + image_digest: ${{ steps.build_and_push.outputs.digest }} + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Build Docker Image + uses: docker/build-push-action@v5 + with: + context: . + load: true + tags: ${{ vars.ECR_REPOSITORY }}:latest + + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + audience: sts.amazonaws.com + aws-region: ${{ vars.AWS_REGION }} + role-to-assume: ${{ secrets.AWS_ROLE_ARN }} + + - name: Login to ECR + uses: docker/login-action@v3 + with: + registry: ${{ vars.ECR_REGISTRY }} + + - name: Build and Push Docker Image + id: build_and_push + uses: docker/build-push-action@v5 + with: + context: . +# Only building for AMD64 for now +# platforms: linux/amd64,linux/arm64 + push: true + tags: ${{ vars.ECR_REGISTRY }}/${{ vars.ECR_REPOSITORY }}:latest + + - name: Push Image Digest to SSM + run: | + aws ssm put-parameter \ + --name "/apps/sample-django-app/staging/image_digest" \ + --type "String" \ + --value "$digest" \ + --overwrite + env: + digest: ${{ steps.build_and_push.outputs.digest }} + + deploy: + runs-on: ubuntu-latest + environment: staging + needs: [build_push] + steps: + - name: Get Currently Running Task Definition + id: get-current-task-definition + run: | + aws ecs describe-task-definition + --task-definition ${{ vars.FAMILY }} + --query taskDefinition > task-definition.json + + - name: Update Image Tag + id: update-api-image-tag + uses: aws-actions/amazon-ecs-render-task-definition@v1 + with: + task-definition: task-definition.json + container-name: app + image: ${{ vars.ECR_REGISTRY }}/${{ vars.ECR_REPOSITORY }}:${{ needs.build_push.outputs.image_digest }} + + - name: Display Rendered Template + id: display-rendered-template + run: cat ${{ steps.update-api-image-tag.outputs.task-definition }} | jq -r + + - name: Deploy to Amazon ECS service + uses: aws-actions/amazon-ecs-deploy-task-definition@v1 + with: + task-definition: ${{ steps.update-api-image-tag.outputs.task-definition }} + service: ${{ vars.FAMILY }} + cluster: ${{ vars.CLUSTER }} + force-new-deployment: true + wait-for-service-stability: true From f7a1b9a53cadda0ef21a00b1a21c9c932495ae6d Mon Sep 17 00:00:00 2001 From: digorgonzola <29941279+digorgonzola@users.noreply.github.com> Date: Wed, 24 Jan 2024 00:05:47 +1100 Subject: [PATCH 5/5] fix test workflow image tag --- .github/workflows/test.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 259cc55..68f2f12 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -34,6 +34,16 @@ jobs: && chmod +x container-structure-test-linux-amd64 && sudo mv container-structure-test-linux-amd64 /usr/local/bin/container-structure-test + - name: Set Image Tag + id: set_image_tag + run: | + branch_name=${{ github.head_ref || github.ref_name }} + tag=${{ env.TAG_PREFIX}}-${branch_name//\//-} + echo "$tag" + echo "image_tag=$tag" >> $GITHUB_OUTPUT + env: + TAG_PREFIX: test + - name: Build Docker Image uses: docker/build-push-action@v5 with: