Deploy #2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| env: | |
| description: select the environment | |
| type: environment | |
| required: true | |
| env: | |
| IMAGE_ID: ${{ vars.AWS_ECR_URI }} | |
| TF_VERSION: 1.5.7 | |
| permissions: | |
| id-token: write # This is required for GitHub OIDC auth with AWS | |
| contents: read # This is required for actions/checkout | |
| jobs: | |
| terraform_apply_ecr: | |
| name: terraform apply ecr | |
| environment: tools | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - name: Check out the repo | |
| uses: actions/checkout@v3 | |
| with: | |
| ref: ${{ github.event.workflow_run.head_branch }} | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v2 | |
| with: | |
| role-to-assume: ${{ vars.TERRAFORM_DEPLOY_ROLE_ARN }} | |
| aws-region: ${{ vars.AWS_REGION }} | |
| - name: terraform plan ecr | |
| env: | |
| TF_VAR_read_principals: ${{ vars.AWS_ACCOUNTS_ECR_READ_ACCESS }} | |
| working-directory: src/terraform/ecr | |
| run: | | |
| cat <<EOF > backend.hcl | |
| bucket = "${{ vars.S3_BACKEND_NAME }}" | |
| key = "startup-sample-app-aws-containers-ecr.tfstate" | |
| dynamodb_table = "${{ vars.DYNAMO_DB_TABLE_NAME }}" | |
| EOF | |
| terraform init -backend-config=backend.hcl | |
| terraform apply -auto-approve | |
| docker_push: | |
| name: docker build and push | |
| environment: tools | |
| runs-on: ubuntu-22.04 | |
| needs: terraform_apply_ecr | |
| steps: | |
| - name: Check out the repo | |
| uses: actions/checkout@v3 | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v2 | |
| with: | |
| role-to-assume: ${{ vars.TERRAFORM_DEPLOY_ROLE_ARN }} | |
| aws-region: ${{ vars.AWS_REGION }} | |
| - name: Login to Amazon ECR | |
| id: login-ecr | |
| uses: aws-actions/amazon-ecr-login@v1 | |
| - name: Build and push | |
| id: docker_build | |
| uses: docker/build-push-action@v4 | |
| with: | |
| builder: ${{ steps.buildx.outputs.name }} | |
| context: ./src/api | |
| file: ./src/api/Dockerfile | |
| push: true | |
| tags: ${{ env.IMAGE_ID }}:${{ github.sha }} | |
| terraform_apply_app: | |
| name: terraform apply app | |
| environment: ${{ inputs.env }} | |
| runs-on: ubuntu-22.04 | |
| needs: docker_push | |
| steps: | |
| - name: Check out the repo | |
| uses: actions/checkout@v3 | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v2 | |
| with: | |
| role-to-assume: ${{ vars.TERRAFORM_DEPLOY_ROLE_ARN }} | |
| aws-region: ${{ vars.AWS_REGION }} | |
| - name: terraform apply app | |
| env: | |
| TF_VAR_target_env: ${{ inputs.env }}} | |
| TF_VAR_app_image: ${{ env.IMAGE_ID }}:${{ github.sha }} | |
| working-directory: src/terraform/app | |
| run: | | |
| cat <<EOF > backend.hcl | |
| bucket = "${{ vars.S3_BACKEND_NAME }}" | |
| key = "startup-sample-app-aws-containers.tfstate" | |
| dynamodb_table = "${{ vars.DYNAMO_DB_TABLE_NAME }}" | |
| EOF | |
| terraform init -backend-config=backend.hcl | |
| terraform apply -auto-approve | |
| - name: Extract outputs from Terraform | |
| id: tf-outputs | |
| working-directory: src/terraform/app | |
| run: | | |
| terraform output -json > outputs.json | |
| echo "S3_BUCKET_ARN=$(jq -r .s3_bucket_arn.value outputs.json)" >> $GITHUB_ENV | |
| echo "CF_DOMAIN=$(jq -r .cloudfront.value.domain_name outputs.json)" >> $GITHUB_ENV | |
| echo "CF_DISTRIBUTION_ID=$(jq -r .cloudfront.value.distribution_id outputs.json)" >> $GITHUB_ENV | |
| echo "API_GW_URL=$(jq -r .apigw_url.value outputs.json)" >> $GITHUB_ENV | |
| - name: Build and deploy the front-end | |
| run: | | |
| cd src/web | |
| echo "REACT_APP_API_BASE_URL=$API_GW_URL" > .env | |
| npm install | |
| npm run build | |
| aws s3 sync --delete ./build s3://$(echo "$S3_BUCKET_ARN" | cut -d: -f6) | |
| aws cloudfront create-invalidation --distribution-id $CF_DISTRIBUTION_ID --paths "/*" |