-
Notifications
You must be signed in to change notification settings - Fork 60
162 lines (143 loc) · 6.01 KB
/
build-test-push-aws-ecr.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
# This workflow will build and push a new container image to Amazon ECR,
# and then will deploy a new task definition to Amazon ECS, when a release is created
#
# To use this workflow, you will need to complete the following set-up steps:
#
# 1. Create an ECR repository to store your images.
# For example: `aws ecr create-repository --repository-name ibmstocktrader/portfolio --region us-east-2`.
# Replace the value of `ECR_REPOSITORY` in the workflow below with your repository's name.
# Replace the value of `aws-region` in the workflow below with your repository's region.
#
# 2. Create an ECS task definition, an ECS cluster, and an ECS service.
# For example, follow the Getting Started guide on the ECS console:
# https://us-east-2.console.aws.amazon.com/ecs/home?region=us-east-2#/firstRun
# Replace the values for `service` and `cluster` in the workflow below with your service and cluster names.
#
# 3. Store your ECS task definition as a JSON file in your repository.
# The format should follow the output of `aws ecs register-task-definition --generate-cli-skeleton`.
# Replace the value of `task-definition` in the workflow below with your JSON file's name.
# Replace the value of `container-name` in the workflow below with the name of the container
# in the `containerDefinitions` section of the task definition.
#
# 4. Store an IAM user access key in GitHub Actions secrets named `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY`.
# See the documentation for each action used below for the recommended IAM policies for this IAM user,
# and best practices on handling the access key credentials.
name: Build, Push to Amazon ECR, Gitops
on:
push:
branches:
- master
paths-ignore:
- '.github/**'
release:
types: [created]
# Environment variables available to all jobs and steps in this workflow
env:
# EDIT secrets with with your registry path, and apikey
# REGISTRY_NAMESPACE: ${{ secrets.REGISTRY_NAMESPACE }}
# EDIT with your registry username.
# IMAGE_NAME: portfolio
GITHUB_SHA: ${{ github.sha }}
# GITOPS_REPO: IBMStockTrader/stocktrader-gitops
# GITOPS_DIR: application
# GITOPS_USERNAME: ${{ secrets.GITOPS_USERNAME }}
# GITOPS_TOKEN: ${{ secrets.GITOPS_TOKEN }}
jobs:
setup-build-publish-deploy:
name: Setup, Build, Publish Deploy
runs-on: ubuntu-latest
environment: production
steps:
- name: Checkout
uses: actions/checkout@v2
# Setup java
- name: Setup Java
uses: actions/setup-java@v1
with:
java-version: 17
# Build and package app
- name: Build and package app
id: unit-test
run: |
mvn clean package
# verify
# cat target/failsafe-reports/failsafe-summary.xml
# grep -q "<failures>0</failures>" target/failsafe-reports/failsafe-summary.xml
# code=$?
# echo "ret: $code"
# if [[ $code -eq 0 ]]; then
# echo "success"
# echo '::set-output name=unit-test-result::success'
# else
# echo "failed"
# echo '::set-output name=unit-test-result::failed'
# fi
echo '::set-output name=unit-test-result::success'
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-2
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1
- name: Build, tag, and push image to Amazon ECR
id: build-image
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
ECR_REPOSITORY: ibmstocktrader/portfolio
IMAGE_TAG: ${{ github.sha }}
run: |
# Build a docker container and
# push it to ECR so that it can
# be deployed to ECS.
docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG \
--build-arg GITHUB_SHA="$GITHUB_SHA" \
--build-arg GITHUB_REF="$GITHUB_REF" .
# Do an image scan
# push the image to ECR
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
echo "::set-output name=image::$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG"
update-gitops-repo:
name: Publish image updates to gitops repo
runs-on: ubuntu-latest
needs: [setup-build-publish-deploy]
steps:
# Checkout gitops repo
- name: Checkout gitops repo
uses: actions/checkout@v2
with:
repository: ${{env.GITOPS_REPO}}
path: gitops
token: ${{secrets.GITOPS_TOKEN}}
# Update application
- name: Upate application
run: |
set -x
set +e
ls -la
ls -la gitops
cd gitops
## update manifests to new image and tag
APP_IMAGE="$ECR_REGISTRY/$ECR_REPOSITORY"
VERSION="$GITHUB_SHA"
echo "image-registry-path: ${{needs.setup-build-publish-deploy.image-registry-path}}"
echo "${APP_IMAGE}"
echo "${VERSION}"
echo "print yq version"
yq --version
# yq w -i "${GITOPS_DIR}/stocktrader-aws-eks-cr.yml" spec.portfolio.image.repository "${APP_IMAGE}"
yq e ".spec.portfolio.image.repository = \"$APP_IMAGE\"" -i "${GITOPS_DIR}/stocktrader-aws-eks-cr.yml"
# yq w -i "${GITOPS_DIR}/stocktrader-aws-eks-cr.yml" spec.portfolio.image.tag "${VERSION}"
yq e ".spec.portfolio.image.tag = \"$VERSION\"" -i "${GITOPS_DIR}/stocktrader-aws-eks-cr.yml"
cat "${GITOPS_DIR}/stocktrader-aws-eks-cr.yml"
if [[ $(git status -s | wc -l) -eq 0 ]]; then
echo "No changes"
exit 0
fi
git add "${GITOPS_DIR}/"
git config --global user.name 'GH Actions'
git config --global user.email 'github-actions@users.noreply.github.com'
git commit -am "Updates ${APP_NAME} to ${VERSION}"
git push https://$GITOPS_USERNAME:$GITOPS_TOKEN@github.com/$GITOPS_REPO