This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Web API Deploy Pipeline | |
| on: | |
| push: | |
| paths: | |
| - '.github/workflows/**' | |
| - 'cicd-section/api/**' | |
| workflow_dispatch: | |
| env: | |
| AWS_REGION: ap-northeast-1 | |
| ECS_CLUSTER: cluster-test1 | |
| ECS_SERVICE: my-app-api | |
| ECS_TASK_DEFINITION_API: cicd-section/.aws/task-def-api.json | |
| ECR_REPOSITORY: my-app-api | |
| permissions: | |
| id-token: write | |
| contents: read | |
| jobs: | |
| # Test/Build | |
| test-and-build: | |
| runs-on: ubuntu-latest | |
| defaults: | |
| run: | |
| working-directory: cicd-section/api | |
| steps: | |
| - name: Checkout Code | |
| uses: actions/checkout@v4 | |
| - name: Run Test execution | |
| run: | | |
| docker image build -t temp_api_image:latest . | |
| - name: Configure AWS Credentials OIDC | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-region: ${{ env.AWS_REGION }} | |
| role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }} | |
| - name: Login to Amazon ECR | |
| id: login-ecr | |
| uses: aws-actions/amazon-ecr-login@v2 | |
| - name: Push the image to Amazon ECR | |
| env: | |
| ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} # Login to ECRの結果の中の'repository'の値を参照する | |
| run: | | |
| docker image tag temp_api_image:latest $ECR_REGISTRY/$ECR_REPOSITORY:${{ github.sha }} | |
| docker image push $ECR_REGISTRY/$ECR_REPOSITORY:${{ github.sha }} | |
| echo $ECR_REGISTRY/$ECR_REPOSITORY:${{ github.sha }} > api-image-uri.txt | |
| - name: upload the Artifact | |
| uses: actions/upload-artifact@v2 | |
| with: | |
| name: api-image-uri | |
| path: cicd-section/api/api-image-uri.txt | |
| # docker image tag temp_api_image:latest アカウントID.dkr.ecr.ap-northeast-1.amazonaws.com/my-app-api:sha | |
| # Deploy | |
| deploy: | |
| runs-on: ubuntu-latest | |
| needs: [test-and-build] | |
| steps: | |
| - name: checkout | |
| uses: actions/checkout@v4 | |
| - name: Configure AWS Credentials OIDC | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-region: ${{ env.AWS_REGION }} | |
| role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }} | |
| - name: Download the Artifact | |
| uses: actions/download-artifact@v2 | |
| with: | |
| name: api-image-uri | |
| path: artifacts | |
| - name: Define the image URI | |
| run: | | |
| echo "API_IMAGE_URI=$(cat artifacts/api-image-uri.txt)" >> $GITHUB_ENV | |
| - name: Fill in the new image URI in the amazon ECS task definition | |
| id: render-task-def | |
| uses: aws-actions/amazon-ecs-render-task-definition@v1 | |
| with: | |
| task-definition: ${{ env.ECS_TASK_DEFINITION_API }} | |
| container-name: api | |
| image: ${{ env.API_IMAGE_URI }} | |
| - name: Deploy ECS task | |
| uses: aws-actions/amazon-ecs-deploy-task-definition@v1 | |
| with: | |
| task-definition: ${{ steps.render-task-def.outputs.task-definition }} | |
| service: ${{ env.ECS_SERVICE }} | |
| cluster: ${{ env.ECS_CLUSTER }} | |
| wait-for-servce-stability: true |