Skip to content

Merge pull request #2692 from carpentries/dependabot/pip/cryptography… #618

Merge pull request #2692 from carpentries/dependabot/pip/cryptography…

Merge pull request #2692 from carpentries/dependabot/pip/cryptography… #618

Workflow file for this run

# CI/CD for develop branch
name: CI/CD (develop)
on:
push:
branches: [ develop ]
pull_request:
branches: [ develop ]
jobs:
test:
uses: ./.github/workflows/test.yml
build:
name: Build Docker image and push to ECR
needs: test
environment: staging
if: github.event_name == 'push'
runs-on: ubuntu-latest
outputs:
image: ${{ steps.build-image.outputs.image }}
permissions:
id-token: write
steps:
- name: Check out code
uses: actions/checkout@v3
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v1-node16
with:
role-to-assume: ${{ vars.AWS_ECR_ROLE_TO_ASSUME }}
aws-region: ${{ vars.AWS_REGION }}
mask-aws-account-id: false
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1
- name: Build, tag, and push image to Amazon ECR
id: build-image
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
ECR_REPOSITORY: ${{ vars.AMY_ECR_REPO_NAME }}
run: |
docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$GITHUB_SHA -f docker/Dockerfile .
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$GITHUB_SHA
echo "image=$ECR_REGISTRY/$ECR_REPOSITORY:$GITHUB_SHA" >> $GITHUB_OUTPUT
deploy:
name: Deploy to ECS
needs: build
environment: staging
if: github.event_name == 'push'
runs-on: ubuntu-latest
permissions:
id-token: write
steps:
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v1-node16
with:
role-to-assume: ${{ vars.AWS_ECS_ROLE_TO_ASSUME }}
aws-region: ${{ vars.AWS_REGION }}
mask-aws-account-id: false
- name: Download task definition
env:
TASK_DEFINITION_FAMILY: ${{ vars.AMY_ECS_TASK_DEFINITION_FAMILY }}
run: |
aws ecs describe-task-definition --task-definition $TASK_DEFINITION_FAMILY --query taskDefinition > task-definition.json
- name: Fill in the new image ID in the Amazon ECS task definition
id: task-def
uses: aws-actions/amazon-ecs-render-task-definition@v1
with:
task-definition: task-definition.json
container-name: ${{ vars.AMY_ECS_TASK_DEFINITION_CONTAINER_NAME }}
image: ${{ needs.build.outputs.image }}
- name: Deploy Amazon ECS task definition
uses: aws-actions/amazon-ecs-deploy-task-definition@v1
with:
task-definition: ${{ steps.task-def.outputs.task-definition }}
service: ${{ vars.AMY_ECS_SERVICE_NAME }}
cluster: ${{ vars.AMY_ECS_CLUSTER_NAME }}
force-new-deployment: true