Update docker-deploy-prod.yml #19
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy Staging | |
| on: | |
| push: | |
| branches: | |
| - develop | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| environment: Build | |
| steps: | |
| - name: Checkout Repository | |
| uses: actions/checkout@v4 | |
| - name: Install SSH key | |
| uses: shimataro/ssh-key-action@v2 | |
| with: | |
| key: ${{ secrets.SSH_READ_KEY_UTIL }} | |
| name: id_ed25519 # optional | |
| known_hosts: ${{ secrets.KNOWN_HOSTS }} | |
| if_key_exists: fail # replace / ignore / fail; optional (defaults to fail) | |
| - name: Install Python | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: 3.8 | |
| - name: install/upgrade pip | |
| run: | | |
| python -m pip install --upgrade pip | |
| - name: Install Dependencies | |
| run: python -m pip install -r requirements.txt | |
| - name: Build | |
| run: | | |
| mkdir test-results | |
| python3 -m invoke test --junit --enforce-percent 99 | |
| - name: Store test results as artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: store test results | |
| path: test-results | |
| - name: Style | |
| run: python3 -m invoke style | |
| - name: Lint | |
| run: python3 -m invoke lint --fail-under=9 | |
| deploy-staging-flow: | |
| needs: build | |
| runs-on: ubuntu-latest | |
| environment: staging | |
| env: | |
| DOCKER_BUILDKIT: "1" | |
| steps: | |
| - name: Checkout Repository | |
| uses: actions/checkout@v4 | |
| - name: Install SSH key | |
| uses: shimataro/ssh-key-action@v2 | |
| with: | |
| key: ${{ secrets.SSH_READ_KEY_UTIL }} | |
| name: id_rsa # optional | |
| known_hosts: ${{ secrets.KNOWN_HOSTS }} | |
| if_key_exists: fail # replace / ignore / fail; optional (defaults to fail) | |
| - name: copy ssh to root | |
| run: | | |
| sudo cp -r ~/.ssh /root | |
| sudo chmod 600 /root/.ssh/id_rsa | |
| sudo chmod o+x /root/ | |
| - name: Install Python | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: 3.8 | |
| - name: install/upgrade pip | |
| run: | | |
| python -m pip install --upgrade pip | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-access-key-id: ${{ secrets.STAGE_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.STAGE_SECRET_ACCESS_KEY }} | |
| aws-region: ${{ secrets.AWS_REGION }} | |
| - name: Login to Amazon ECR | |
| id: login-ecr | |
| uses: aws-actions/amazon-ecr-login@v2 | |
| # uses repository in your authorized registry to push to. | |
| # sign in to your ecr page for a list of all your repositories. | |
| - name: Build, tag, and push image to Amazon ECR | |
| id: build-image | |
| env: | |
| ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
| ECR_REPOSITORY: openfido/stage-workflow | |
| IMAGE_TAG: master | |
| run: | | |
| eval $(ssh-agent) | |
| ssh-add ~/.ssh/id_rsa | |
| export DOCKER_BUILDKIT=1 | |
| docker build --build-arg SSH_PRIVATE_KEY="$(cat ~/.ssh/id_rsa)" -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG -f Dockerfile . | |
| docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG | |
| echo "IMAGE=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_ENV | |
| # needed for the task-definition.json file, update task family here | |
| # can also use the CLI to manually generate the task | |
| - name: Download task definition | |
| run: | | |
| aws ecs describe-task-definition --task-definition openfido-stage-workflow-task --query taskDefinition > task-definition.json | |
| - name: Fill in the new image ID in the Amazon ECS task definition | |
| id: task-def | |
| uses: aws-actions/amazon-ecs-render-task-definition@v1 | |
| with: | |
| task-definition: task-definition.json | |
| container-name: 'openfido-stage-workflow-task' | |
| image: ${{ env.IMAGE }} | |
| - name: Deploy Amazon ECS task definition | |
| uses: aws-actions/amazon-ecs-deploy-task-definition@v1 | |
| with: | |
| task-definition: ${{ steps.task-def.outputs.task-definition }} | |
| service: 'openfido-stage-workflow-service' | |
| cluster: 'openfido-stage-ecs-cluster' | |
| wait-for-service-stability: true | |
| deploy-staging-worker: | |
| needs: build | |
| runs-on: ubuntu-latest | |
| environment: staging | |
| env: | |
| DOCKER_BUILDKIT: "1" | |
| steps: | |
| - name: Checkout Repository | |
| uses: actions/checkout@v4 | |
| - name: Install SSH key | |
| uses: shimataro/ssh-key-action@v2 | |
| with: | |
| key: ${{ secrets.SSH_READ_KEY_UTIL }} | |
| name: id_rsa # optional | |
| known_hosts: ${{ secrets.KNOWN_HOSTS }} | |
| if_key_exists: fail # replace / ignore / fail; optional (defaults to fail) | |
| - name: copy ssh to root | |
| run: | | |
| sudo cp -r ~/.ssh /root | |
| sudo chmod 600 /root/.ssh/id_rsa | |
| sudo chmod o+x /root/ | |
| - name: Install Python | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: 3.8 | |
| - name: install/upgrade pip | |
| run: | | |
| python -m pip install --upgrade pip | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-access-key-id: ${{ secrets.STAGE_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.STAGE_SECRET_ACCESS_KEY }} | |
| aws-region: ${{ secrets.AWS_REGION }} | |
| - name: Login to Amazon ECR | |
| id: login-ecr | |
| uses: aws-actions/amazon-ecr-login@v2 | |
| # uses repository in your authorized registry to push to. | |
| # sign in to your ecr page for a list of all your repositories. | |
| - name: Build, tag, and push image to Amazon ECR | |
| id: build-image | |
| env: | |
| ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
| ECR_REPOSITORY: openfido/stage-workflow-worker | |
| IMAGE_TAG: master | |
| run: | | |
| eval $(ssh-agent) | |
| ssh-add ~/.ssh/id_rsa | |
| export DOCKER_BUILDKIT=1 | |
| docker build --build-arg SSH_PRIVATE_KEY="$(cat ~/.ssh/id_rsa)" -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG -f Dockerfile.worker . | |
| docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG | |
| echo "IMAGE=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_ENV | |
| # needed for the task-definition.json file, update task family here | |
| # can also use the CLI to manually generate the task | |
| - name: Download task definition | |
| run: | | |
| aws ecs describe-task-definition --task-definition openfido-stage-workflow-worker-task --query taskDefinition > task-definition.json | |
| - name: Fill in the new image ID in the Amazon ECS task definition | |
| id: task-def | |
| uses: aws-actions/amazon-ecs-render-task-definition@v1 | |
| with: | |
| task-definition: task-definition.json | |
| container-name: 'openfido-stage-workflow-worker-task' | |
| image: ${{ env.IMAGE }} | |
| - name: Deploy Amazon ECS task definition | |
| uses: aws-actions/amazon-ecs-deploy-task-definition@v1 | |
| with: | |
| task-definition: ${{ steps.task-def.outputs.task-definition }} | |
| service: 'openfido-stage-workflow-worker-service' | |
| cluster: 'openfido-stage-ecs-cluster' | |
| wait-for-service-stability: true | |
| deploy-staging-rabbit: | |
| needs: build | |
| runs-on: ubuntu-latest | |
| environment: staging | |
| env: | |
| DOCKER_BUILDKIT: "1" | |
| steps: | |
| - name: Checkout Repository | |
| uses: actions/checkout@v4 | |
| - name: Install SSH key | |
| uses: shimataro/ssh-key-action@v2 | |
| with: | |
| key: ${{ secrets.SSH_READ_KEY_UTIL }} | |
| name: id_rsa # optional | |
| known_hosts: ${{ secrets.KNOWN_HOSTS }} | |
| if_key_exists: fail # replace / ignore / fail; optional (defaults to fail) | |
| - name: copy ssh to root | |
| run: | | |
| sudo cp -r ~/.ssh /root | |
| sudo chmod 600 /root/.ssh/id_rsa | |
| sudo chmod o+x /root/ | |
| - name: Install Python | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: 3.8 | |
| - name: install/upgrade pip | |
| run: | | |
| python -m pip install --upgrade pip | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-access-key-id: ${{ secrets.STAGE_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.STAGE_SECRET_ACCESS_KEY }} | |
| aws-region: ${{ secrets.AWS_REGION }} | |
| - name: Login to Amazon ECR | |
| id: login-ecr | |
| uses: aws-actions/amazon-ecr-login@v2 | |
| # uses repository in your authorized registry to push to. | |
| # sign in to your ecr page for a list of all your repositories. | |
| - name: Build, tag, and push image to Amazon ECR | |
| id: build-image | |
| env: | |
| ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
| ECR_REPOSITORY: openfido/stage-rabbitmq | |
| IMAGE_TAG: master | |
| run: | | |
| eval $(ssh-agent) | |
| ssh-add ~/.ssh/id_rsa | |
| export DOCKER_BUILDKIT=1 | |
| docker build --build-arg SSH_PRIVATE_KEY="$(cat ~/.ssh/id_rsa)" -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG -f Dockerfile.rabbitmq . | |
| docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG | |
| echo "IMAGE=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_ENV | |
| # needed for the task-definition.json file, update task family here | |
| # can also use the CLI to manually generate the task | |
| - name: Download task definition | |
| run: | | |
| aws ecs describe-task-definition --task-definition openfido-stage-rabbitmq-task --query taskDefinition > task-definition.json | |
| - name: Fill in the new image ID in the Amazon ECS task definition | |
| id: task-def | |
| uses: aws-actions/amazon-ecs-render-task-definition@v1 | |
| with: | |
| task-definition: task-definition.json | |
| container-name: 'openfido-stage-rabbitmq-task' | |
| image: ${{ env.IMAGE }} | |
| - name: Deploy Amazon ECS task definition | |
| uses: aws-actions/amazon-ecs-deploy-task-definition@v1 | |
| with: | |
| task-definition: ${{ steps.task-def.outputs.task-definition }} | |
| service: 'openfido-stage-rabbitmq-service' | |
| cluster: 'openfido-stage-ecs-cluster' | |
| wait-for-service-stability: true |