Add makefile updates and github action for ECR push

# Subject Add the makefile changes for building and pushing the container to stage, and promoting to prod Add the github action for building and publishing the container to stage. # Why these changes are being introduced: These changes are needed to go to production, first we test in stage. # How this addresses that need: These changes add some CI to the repository, by automatically building the image and saving it to the stage ECR when pushes to main happen. I also set up the makefile commands for dist, publish, promote, and check-permissions-stage # Side effects of this change: I also added github secrets for the needed aws credentials to the repo. # Relevant ticket(s): * https://mitlibraries.atlassian.net/browse/DLSPP-138
MITLibraries · Jan 19, 2022 · 84b728b · 84b728b
1 parent 33659d7
commit 84b728b
Show file tree

Hide file tree

Showing 2 changed files with 45 additions and 0 deletions.
diff --git a/.github/workflows/stage_ecr_push.yml b/.github/workflows/stage_ecr_push.yml
@@ -0,0 +1,20 @@
+# Borrowed heavily from DSS/mario
+name: Stage
+on:
+  push:
+    branches:
+      - main
+jobs:
+  deploy:
+    name: Deploy staging build
+    runs-on: ubuntu-latest
+    env:
+      AWS_DEFAULT_REGION: us-east-1
+      AWS_ACCESS_KEY_ID: ${{ secrets.WILEY_DEPLOY_ACCESS_KEY_ID }}
+      AWS_SECRET_ACCESS_KEY: ${{ secrets.WILEY_DEPLOY_SECRET_ACCESS_KEY }}
+    steps:
+      - uses: actions/checkout@v2
+      - name: Build image
+        run: make dist
+      - name: Push image
+        run: make publish
diff --git a/Makefile b/Makefile
@@ -1,3 +1,28 @@
+SHELL=/bin/bash
+DATETIME:=$(shell date -u +%Y%m%dT%H%M%SZ)
+ECR_REGISTRY=672626379771.dkr.ecr.us-east-1.amazonaws.com
+
+dist: ## Build docker container
+	docker build -t $(ECR_REGISTRY)/wiley-deposits-stage:latest \
+		-t $(ECR_REGISTRY)/wiley-deposits-stage:`git describe --always` \
+		-t submitter:latest .	
+
+publish: dist ## Build, tag and push
+	docker login -u AWS -p $$(aws ecr get-login-password --region us-east-1) $(ECR_REGISTRY)
+	docker push $(ECR_REGISTRY)/wiley-deposits-stage:latest
+	docker push $(ECR_REGISTRY)/wiley-deposits-stage:`git describe --always`
+
+promote: ## Promote the current staging build to production
+	docker login -u AWS -p $$(aws ecr get-login-password --region us-east-1) $(ECR_REGISTRY)
+	docker pull $(ECR_REGISTRY)/wiley-deposits-stage:latest
+	docker tag $(ECR_REGISTRY)/wiley-deposits-stage:latest $(ECR_REGISTRY)/wiley-deposits-prod:latest
+	docker tag $(ECR_REGISTRY)/wiley-deposits-stage:latest $(ECR_REGISTRY)/wiley-deposits-prod:$(DATETIME)
+	docker push $(ECR_REGISTRY)/wiley-deposits-prod:latest
+	docker push $(ECR_REGISTRY)/wiley-deposits-prod:$(DATETIME)
+
+check-permissions-stage: ## Check infrastructure permissions on the staging deplpyment
+	aws ecs run-task --cluster wiley-stage --task-definition wiley-stage --network-configuration "awsvpcConfiguration={subnets=[subnet-0b860205e2831b8d0,subnet-039b5e11cd30385c3],securityGroups=[sg-0dbcd7c12a35e44a0],assignPublicIp=DISABLED}" --launch-type FARGATE --region us-east-1 --overrides '{"containerOverrides": [{"name": "wiley","command": ["check-permissions"]}]}'
+
 lint: bandit black flake8 isort
 
 bandit: