Merge pull request #2692 from carpentries/dependabot/pip/cryptography… #618
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# CI/CD for develop branch | |
name: CI/CD (develop) | |
on: | |
push: | |
branches: [ develop ] | |
pull_request: | |
branches: [ develop ] | |
jobs: | |
test: | |
uses: ./.github/workflows/test.yml | |
build: | |
name: Build Docker image and push to ECR | |
needs: test | |
environment: staging | |
if: github.event_name == 'push' | |
runs-on: ubuntu-latest | |
outputs: | |
image: ${{ steps.build-image.outputs.image }} | |
permissions: | |
id-token: write | |
steps: | |
- name: Check out code | |
uses: actions/checkout@v3 | |
- name: Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@v1-node16 | |
with: | |
role-to-assume: ${{ vars.AWS_ECR_ROLE_TO_ASSUME }} | |
aws-region: ${{ vars.AWS_REGION }} | |
mask-aws-account-id: false | |
- name: Login to Amazon ECR | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v1 | |
- name: Build, tag, and push image to Amazon ECR | |
id: build-image | |
env: | |
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
ECR_REPOSITORY: ${{ vars.AMY_ECR_REPO_NAME }} | |
run: | | |
docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$GITHUB_SHA -f docker/Dockerfile . | |
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$GITHUB_SHA | |
echo "image=$ECR_REGISTRY/$ECR_REPOSITORY:$GITHUB_SHA" >> $GITHUB_OUTPUT | |
deploy: | |
name: Deploy to ECS | |
needs: build | |
environment: staging | |
if: github.event_name == 'push' | |
runs-on: ubuntu-latest | |
permissions: | |
id-token: write | |
steps: | |
- name: Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@v1-node16 | |
with: | |
role-to-assume: ${{ vars.AWS_ECS_ROLE_TO_ASSUME }} | |
aws-region: ${{ vars.AWS_REGION }} | |
mask-aws-account-id: false | |
- name: Download task definition | |
env: | |
TASK_DEFINITION_FAMILY: ${{ vars.AMY_ECS_TASK_DEFINITION_FAMILY }} | |
run: | | |
aws ecs describe-task-definition --task-definition $TASK_DEFINITION_FAMILY --query taskDefinition > task-definition.json | |
- name: Fill in the new image ID in the Amazon ECS task definition | |
id: task-def | |
uses: aws-actions/amazon-ecs-render-task-definition@v1 | |
with: | |
task-definition: task-definition.json | |
container-name: ${{ vars.AMY_ECS_TASK_DEFINITION_CONTAINER_NAME }} | |
image: ${{ needs.build.outputs.image }} | |
- name: Deploy Amazon ECS task definition | |
uses: aws-actions/amazon-ecs-deploy-task-definition@v1 | |
with: | |
task-definition: ${{ steps.task-def.outputs.task-definition }} | |
service: ${{ vars.AMY_ECS_SERVICE_NAME }} | |
cluster: ${{ vars.AMY_ECS_CLUSTER_NAME }} | |
force-new-deployment: true |