Merge pull request #56 from openfido/develop

Develop

.github/workflows/docker-deploy-prod.yml

@@ -1,15 +1,14 @@
 name: Deploy Production
-on: 
-  push:
-    tags:
-      - v*.*.*
+on:
+  release:
+    types: [published]
 jobs:
     build:
         runs-on: ubuntu-latest
         environment: Build
         steps:
           - name: Checkout Repository
-            uses: actions/checkout@v3
+            uses: actions/checkout@v4
 
           - name: Install SSH key
             uses: shimataro/ssh-key-action@v2
@@ -20,7 +19,7 @@ jobs:
               if_key_exists: fail # replace / ignore / fail; optional (defaults to fail)
 
           - name: Install Python
-            uses: actions/setup-python@v3
+            uses: actions/setup-python@v4
             with:
               python-version: 3.8
 
@@ -38,7 +37,7 @@ jobs:
               python3 -m invoke test --junit --enforce-percent 99
 
           - name: Store test results as artifacts
-            uses: actions/upload-artifact@v2
+            uses: actions/upload-artifact@v4
             with:
               name: store test results
               path: test-results
@@ -57,24 +56,24 @@ jobs:
           DOCKER_BUILDKIT: "1"
         steps:
           - name: Checkout Repository
-            uses: actions/checkout@v3
+            uses: actions/checkout@v4
 
           - name: Install SSH key
             uses: shimataro/ssh-key-action@v2
             with:
               key: ${{ secrets.SSH_READ_KEY_UTIL }}
-              name: id_rsa # optional
+              name: id_ed25519 # optional
               known_hosts: ${{ secrets.KNOWN_HOSTS }}
               if_key_exists: fail # replace / ignore / fail; optional (defaults to fail)
 
           - name: copy ssh to root
             run: |
               sudo cp -r ~/.ssh /root
-              sudo chmod 600 /root/.ssh/id_rsa
+              sudo chmod 600 /root/.ssh/id_ed25519
               sudo chmod o+x /root/
 
           - name: Install Python
-            uses: actions/setup-python@v3
+            uses: actions/setup-python@v4
             with:
               python-version: 3.8
 
@@ -83,15 +82,15 @@ jobs:
               python -m pip install --upgrade pip
 
           - name: Configure AWS Credentials
-            uses: aws-actions/configure-aws-credentials@v1
+            uses: aws-actions/configure-aws-credentials@v4
             with:
               aws-access-key-id: ${{ secrets.PROD_ACCESS_KEY_ID }}
               aws-secret-access-key: ${{ secrets.PROD_SECRET_ACCESS_KEY }}
               aws-region: ${{ secrets.AWS_REGION }}
 
           - name: Login to Amazon ECR
             id: login-ecr
-            uses: aws-actions/amazon-ecr-login@v1
+            uses: aws-actions/amazon-ecr-login@v2
 
           # uses repository in your authorized registry to push to.
           # sign in to your ecr page for a list of all your repositories.
@@ -103,11 +102,11 @@ jobs:
               IMAGE_TAG: master
             run: |
               eval $(ssh-agent)
-              ssh-add ~/.ssh/id_rsa
+              ssh-add ~/.ssh/id_ed25519
               export DOCKER_BUILDKIT=1
-              docker build --build-arg SSH_PRIVATE_KEY="$(cat ~/.ssh/id_rsa)" -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG -f Dockerfile .
+              docker build --build-arg SSH_PRIVATE_KEY="$(cat ~/.ssh/id_ed25519)" -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG -f Dockerfile .
               docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
-              echo "::set-output name=image::$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG"
+              echo "IMAGE=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_ENV
 
           # needed for the task-definition.json file, update task family here
           # can also use the CLI to manually generate the task 
@@ -121,7 +120,7 @@ jobs:
             with:
               task-definition: task-definition.json
               container-name: 'openfido-prod-workflow-task'
-              image: ${{ steps.build-image.outputs.image }}
+              image: ${{ env.IMAGE }}
 
           - name: Deploy Amazon ECS task definition
             uses: aws-actions/amazon-ecs-deploy-task-definition@v1
@@ -139,24 +138,24 @@ jobs:
           DOCKER_BUILDKIT: "1"
         steps:
           - name: Checkout Repository
-            uses: actions/checkout@v3
+            uses: actions/checkout@v4
 
           - name: Install SSH key
             uses: shimataro/ssh-key-action@v2
             with:
               key: ${{ secrets.SSH_READ_KEY_UTIL }}
-              name: id_rsa # optional
+              name: id_ed25519 # optional
               known_hosts: ${{ secrets.KNOWN_HOSTS }}
               if_key_exists: fail # replace / ignore / fail; optional (defaults to fail)
 
           - name: copy ssh to root
             run: |
               sudo cp -r ~/.ssh /root
-              sudo chmod 600 /root/.ssh/id_rsa
+              sudo chmod 600 /root/.ssh/id_ed25519
               sudo chmod o+x /root/
 
           - name: Install Python
-            uses: actions/setup-python@v3
+            uses: actions/setup-python@v4
             with:
               python-version: 3.8
 
@@ -165,15 +164,15 @@ jobs:
               python -m pip install --upgrade pip
 
           - name: Configure AWS Credentials
-            uses: aws-actions/configure-aws-credentials@v1
+            uses: aws-actions/configure-aws-credentials@v4
             with:
               aws-access-key-id: ${{ secrets.PROD_ACCESS_KEY_ID }}
               aws-secret-access-key: ${{ secrets.PROD_SECRET_ACCESS_KEY }}
               aws-region: ${{ secrets.AWS_REGION }}
 
           - name: Login to Amazon ECR
             id: login-ecr
-            uses: aws-actions/amazon-ecr-login@v1
+            uses: aws-actions/amazon-ecr-login@v2
 
           # uses repository in your authorized registry to push to.
           # sign in to your ecr page for a list of all your repositories.
@@ -185,11 +184,11 @@ jobs:
               IMAGE_TAG: master
             run: |
               eval $(ssh-agent)
-              ssh-add ~/.ssh/id_rsa
+              ssh-add ~/.ssh/id_ed25519
               export DOCKER_BUILDKIT=1
-              docker build --build-arg SSH_PRIVATE_KEY="$(cat ~/.ssh/id_rsa)" -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG -f Dockerfile.worker .
+              docker build --build-arg SSH_PRIVATE_KEY="$(cat ~/.ssh/id_ed25519)" -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG -f Dockerfile.worker .
               docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
-              echo "::set-output name=image::$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG"
+              echo "IMAGE=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_ENV
 
           # needed for the task-definition.json file, update task family here
           # can also use the CLI to manually generate the task 
@@ -203,7 +202,7 @@ jobs:
             with:
               task-definition: task-definition.json
               container-name: 'openfido-prod-workflow-worker-task'
-              image: ${{ steps.build-image.outputs.image }}
+              image: ${{ env.IMAGE }}
 
           - name: Deploy Amazon ECS task definition
             uses: aws-actions/amazon-ecs-deploy-task-definition@v1
@@ -221,24 +220,24 @@ jobs:
           DOCKER_BUILDKIT: "1"
         steps:
           - name: Checkout Repository
-            uses: actions/checkout@v3
+            uses: actions/checkout@v4
 
           - name: Install SSH key
             uses: shimataro/ssh-key-action@v2
             with:
               key: ${{ secrets.SSH_READ_KEY_UTIL }}
-              name: id_rsa # optional
+              name: id_ed25519 # optional
               known_hosts: ${{ secrets.KNOWN_HOSTS }}
               if_key_exists: fail # replace / ignore / fail; optional (defaults to fail)
 
           - name: copy ssh to root
             run: |
               sudo cp -r ~/.ssh /root
-              sudo chmod 600 /root/.ssh/id_rsa
+              sudo chmod 600 /root/.ssh/id_ed25519
               sudo chmod o+x /root/
 
           - name: Install Python
-            uses: actions/setup-python@v3
+            uses: actions/setup-python@v4
             with:
               python-version: 3.8
 
@@ -247,15 +246,15 @@ jobs:
               python -m pip install --upgrade pip
 
           - name: Configure AWS Credentials
-            uses: aws-actions/configure-aws-credentials@v1
+            uses: aws-actions/configure-aws-credentials@v4
             with:
               aws-access-key-id: ${{ secrets.PROD_ACCESS_KEY_ID }}
               aws-secret-access-key: ${{ secrets.PROD_SECRET_ACCESS_KEY }}
               aws-region: ${{ secrets.AWS_REGION }}
 
           - name: Login to Amazon ECR
             id: login-ecr
-            uses: aws-actions/amazon-ecr-login@v1
+            uses: aws-actions/amazon-ecr-login@v2
 
           # uses repository in your authorized registry to push to.
           # sign in to your ecr page for a list of all your repositories.
@@ -267,11 +266,11 @@ jobs:
               IMAGE_TAG: master
             run: |
               eval $(ssh-agent)
-              ssh-add ~/.ssh/id_rsa
+              ssh-add ~/.ssh/id_ed25519
               export DOCKER_BUILDKIT=1
-              docker build --build-arg SSH_PRIVATE_KEY="$(cat ~/.ssh/id_rsa)" -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG -f Dockerfile.rabbitmq .
+              docker build --build-arg SSH_PRIVATE_KEY="$(cat ~/.ssh/id_ed25519)" -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG -f Dockerfile.rabbitmq .
               docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
-              echo "::set-output name=image::$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG"
+              echo "IMAGE=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_ENV
 
           # needed for the task-definition.json file, update task family here
           # can also use the CLI to manually generate the task 
@@ -285,7 +284,7 @@ jobs:
             with:
               task-definition: task-definition.json
               container-name: 'openfido-prod-rabbitmq-task'
-              image: ${{ steps.build-image.outputs.image }}
+              image: ${{ env.IMAGE }}
 
           - name: Deploy Amazon ECS task definition
             uses: aws-actions/amazon-ecs-deploy-task-definition@v1