From 8adc8ed8483683f2b5c350080cea47af010f0d86 Mon Sep 17 00:00:00 2001 From: SamSeed-Softwire <63662292+SamSeed-Softwire@users.noreply.github.com> Date: Wed, 11 Oct 2023 10:09:56 +0100 Subject: [PATCH] CLDC-2563: Update prod deployment pipeline (#1960) * CLDC-2563: Update prod deployment pipeline * CLDC-2563: remove redundant REPO_URL assignment * CLDC-2563: use GITHUB_OUTPUT only where necessary * CLDC-2563: don't push image if tag already exists * CLDC-2563: actually use github.sha for production as well * CLDC-2563: remove obsolete env check in push docker image job * CLDC-2563: remove redundant main branch check --- .github/workflows/aws_deploy.yml | 15 ++++++++++++++- .github/workflows/production_pipeline.yml | 16 +++++++++++++++- 2 files changed, 29 insertions(+), 2 deletions(-) diff --git a/.github/workflows/aws_deploy.yml b/.github/workflows/aws_deploy.yml index 247efbfab..8fa267a69 100644 --- a/.github/workflows/aws_deploy.yml +++ b/.github/workflows/aws_deploy.yml @@ -12,6 +12,9 @@ on: environment: required: true type: string + release_tag: + required: false + type: string concurrency: group: deploy-${{ inputs.environment }} @@ -45,8 +48,13 @@ jobs: with: mask-password: 'true' + - name: Check if image with tag already exists + run: | + echo "image-exists=$(if aws ecr list-images --repository-name=$repository --query "imageIds[*].imageTag" | grep -q ${{ github.sha }}; then echo true; else echo false; fi)" >> $GITHUB_ENV + - name: Build, tag, and push docker image to ECR id: build-image + if: ${{ env.image-exists == 'false' }} env: registry: ${{ steps.ecr-login.outputs.registry }} commit_tag: ${{ github.sha }} @@ -77,11 +85,16 @@ jobs: id: timestamp run: echo "timestamp=$(date +%Y%m%d%H%M%S)" >> $GITHUB_ENV + - name: Get additional tag + run: | + echo "additional-tag=$(if [[ ${{ inputs.environment }} == 'production' ]]; then echo ${{ inputs.release_tag }}-${{ env.timestamp }}; else echo ${{ env.timestamp }}; fi)" >> $GITHUB_ENV + - name: Add environment tag to existing image + id: update-image-tags env: registry: ${{ steps.ecr-login.outputs.registry }} commit_tag: ${{ github.sha }} - readable_tag: ${{ inputs.environment }}-${{ env.timestamp }} + readable_tag: ${{ inputs.environment }}-${{ env.additional-tag }} run: | manifest=$(aws ecr batch-get-image --repository-name $repository --image-ids imageTag=$commit_tag --output text --query images[].imageManifest) aws ecr put-image --repository-name $repository --image-tag $readable_tag --image-manifest "$manifest" diff --git a/.github/workflows/production_pipeline.yml b/.github/workflows/production_pipeline.yml index fd0a73b9d..76a85eca8 100644 --- a/.github/workflows/production_pipeline.yml +++ b/.github/workflows/production_pipeline.yml @@ -16,6 +16,8 @@ jobs: test: name: Test runs-on: ubuntu-latest + outputs: + releasetag: ${{ steps.latestrelease.outputs.releasetag }} services: postgres: @@ -48,7 +50,7 @@ jobs: - name: Get latest release with tag id: latestrelease run: | - echo "::set-output name=releasetag::$(curl -s https://api.github.com/repos/${REPO_URL}/releases/latest | jq '.tag_name' | sed 's/\"//g')" + echo "releasetag=$(curl -s https://api.github.com/repos/${REPO_URL}/releases/latest | jq '.tag_name' | sed 's/\"//g')" >> $GITHUB_OUTPUT - name: Confirm release tag run: | @@ -257,3 +259,15 @@ jobs: cf set-env $APP_NAME CSV_DOWNLOAD_PAAS_INSTANCE $CSV_DOWNLOAD_PAAS_INSTANCE cf set-env $APP_NAME SENTRY_DSN $SENTRY_DSN cf push $APP_NAME --strategy rolling + + aws_deploy: + name: AWS Deploy + needs: [lint, test, feature_test, audit] + uses: ./.github/workflows/aws_deploy.yml + with: + aws_account_id: 977287343304 + aws_resource_prefix: core-prod + environment: production + release_tag: ${{ needs.test.outputs.releasetag }} + permissions: + id-token: write