Merge pull request #1359 from CMSgov/feature/QPPSE-708_sanitize-api-i… #414
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy to Amazon ECS | |
| on: | |
| push: | |
| branches: | |
| - ecr-deploy | |
| - develop | |
| - release/* | |
| - master | |
| env: | |
| SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} | |
| jobs: | |
| deploy: | |
| name: Build Docker image and deploy to AWS ECR | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@v2 | |
| with: | |
| fetch-depth: 2 | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v1 | |
| with: | |
| role-to-assume: arn:aws:iam::${{ secrets.ACCOUNT_ID }}:role/delegatedadmin/developer/qppsf-dev-githubactions-conversiontool-role | |
| aws-region: ${{ secrets.AWS_REGION }} | |
| - name: Login to Amazon ECR | |
| id: login-ecr | |
| uses: aws-actions/amazon-ecr-login@v1 | |
| - name: Get certificates for Dev | |
| env: | |
| ENV_CT: dev | |
| if: github.ref == 'refs/heads/develop' | |
| run: bash ./qppsfct-copy-certs.sh ${{ env.ENV_CT }} ${{ secrets.AWS_REGION }} | |
| - name: Dev - Build and deploy to Amazon ECR | |
| id: build-image-dev | |
| if: github.ref == 'refs/heads/develop' | |
| env: | |
| ECR_REPOSITORY: qppsf/conversion-tool/dev | |
| ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
| IMAGE_TAG: ${{ github.sha }} | |
| run: | | |
| docker build -t $ECR_REPOSITORY:latest . | |
| docker tag $ECR_REPOSITORY:latest $ECR_REGISTRY/$ECR_REPOSITORY:latest | |
| docker push $ECR_REGISTRY/$ECR_REPOSITORY:latest | |
| docker build -t $ECR_REPOSITORY:$IMAGE_TAG . | |
| docker tag $ECR_REPOSITORY:$IMAGE_TAG $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG | |
| docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG | |
| echo "image=${ECR_REGISTRY}/${ECR_REPOSITORY}:${IMAGE_TAG}" >> $GITHUB_OUTPUT | |
| - name: Get task definition for dev | |
| if: github.ref == 'refs/heads/develop' && success() | |
| run: | | |
| aws ecs describe-task-definition --task-definition qppsf-conversion-tool-td-dev --query taskDefinition > task-definition.json | |
| - name: Fill in image ID for ECS task-definition | |
| id: task-def-dev | |
| if: github.ref == 'refs/heads/develop' && success() | |
| uses: aws-actions/amazon-ecs-render-task-definition@v1 | |
| with: | |
| task-definition: task-definition.json | |
| container-name: conversion-tool | |
| image: ${{ steps.build-image-dev.outputs.image }} | |
| - name: Deploy Amazon ECS task definition | |
| if: github.ref == 'refs/heads/develop' && success() | |
| uses: aws-actions/amazon-ecs-deploy-task-definition@v1 | |
| with: | |
| task-definition: ${{ steps.task-def-dev.outputs.task-definition }} | |
| service: conversion-tool-service-dev | |
| cluster: qppsf-conversion-tool-dev | |
| wait-for-service-stability: true | |
| - name: Dev - Notify slack success | |
| if: github.ref == 'refs/heads/develop' && success() | |
| uses: voxmedia/github-action-slack-notify-build@v1 | |
| with: | |
| channel: p-qpp-sub-alerts | |
| status: Conversion tools - Successful Docker build and AWS ECS deployment | |
| color: good | |
| - name: Dev - Notify slack fail | |
| if: github.ref == 'refs/heads/develop' && failure() | |
| uses: voxmedia/github-action-slack-notify-build@v1 | |
| with: | |
| channel: p-qpp-sub-alerts | |
| status: Conversion tools - Failed Docker build or AWS ECS deployment | |
| color: danger | |
| - name: Get certificates for Impl | |
| env: | |
| ENV_CT: impl | |
| if: startsWith(github.ref,'refs/heads/release/') | |
| run: bash ./qppsfct-copy-certs.sh ${{ env.ENV_CT }} ${{ secrets.AWS_REGION }} | |
| - name: Impl - Build and deploy to Amazon ECR | |
| id: build-image-impl | |
| if: startsWith(github.ref,'refs/heads/release/') | |
| env: | |
| ECR_REPOSITORY: qppsf/conversion-tool/impl | |
| ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
| IMAGE_TAG: ${{ github.sha }} | |
| run: | | |
| docker build -t $ECR_REPOSITORY:latest . | |
| docker tag $ECR_REPOSITORY:latest $ECR_REGISTRY/$ECR_REPOSITORY:latest | |
| docker push $ECR_REGISTRY/$ECR_REPOSITORY:latest | |
| docker build -t $ECR_REPOSITORY:$IMAGE_TAG . | |
| docker tag $ECR_REPOSITORY:$IMAGE_TAG $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG | |
| docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG | |
| echo "image=${ECR_REGISTRY}/${ECR_REPOSITORY}:${IMAGE_TAG}" >> $GITHUB_OUTPUT | |
| - name: Get task definition for Impl | |
| if: startsWith(github.ref,'refs/heads/release/') && success() | |
| run: | | |
| aws ecs describe-task-definition --task-definition qppsf-conversion-tool-td-impl --query taskDefinition > task-definition.json | |
| - name: Fill in image ID for ECS task-definition | |
| id: task-def-impl | |
| if: startsWith(github.ref,'refs/heads/release/') && success() | |
| uses: aws-actions/amazon-ecs-render-task-definition@v1 | |
| with: | |
| task-definition: task-definition.json | |
| container-name: conversion-tool | |
| image: ${{ steps.build-image-impl.outputs.image }} | |
| - name: Deploy Amazon ECS task definition | |
| if: startsWith(github.ref,'refs/heads/release/') && success() | |
| uses: aws-actions/amazon-ecs-deploy-task-definition@v1 | |
| with: | |
| task-definition: ${{ steps.task-def-impl.outputs.task-definition }} | |
| service: conversion-tool-service-impl | |
| cluster: qppsf-conversion-tool-impl | |
| wait-for-service-stability: true | |
| - name: Impl - Notify slack success | |
| if: startsWith(github.ref,'refs/heads/release/') && success() | |
| uses: voxmedia/github-action-slack-notify-build@v1 | |
| with: | |
| channel: p-qpp-sub-alerts | |
| status: Conversion tools - Successful Docker build and AWS ECS deployment | |
| color: good | |
| - name: Impl - Notify slack fail | |
| if: startsWith(github.ref,'refs/heads/release/') && failure() | |
| uses: voxmedia/github-action-slack-notify-build@v1 | |
| with: | |
| channel: p-qpp-sub-alerts | |
| status: Conversion tools - Failed Docker build or AWS ECS deployment | |
| color: danger | |
| - name: Get certificates for Prod | |
| env: | |
| ENV_CT: prod | |
| if: github.ref == 'refs/heads/master' | |
| run: bash ./qppsfct-copy-certs.sh ${{ env.ENV_CT }} ${{ secrets.AWS_REGION }} | |
| - name: Prod - Build and deploy to Amazon ECR | |
| id: build-image-prod | |
| if: github.ref == 'refs/heads/master' | |
| env: | |
| ECR_REPOSITORY: qppsf/conversion-tool/prod | |
| ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
| IMAGE_TAG: ${{ github.sha }} | |
| run: | | |
| docker build -t $ECR_REPOSITORY:latest . | |
| docker tag $ECR_REPOSITORY:latest $ECR_REGISTRY/$ECR_REPOSITORY:latest | |
| docker push $ECR_REGISTRY/$ECR_REPOSITORY:latest | |
| docker build -t $ECR_REPOSITORY:$IMAGE_TAG . | |
| docker tag $ECR_REPOSITORY:$IMAGE_TAG $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG | |
| docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG | |
| echo "image=${ECR_REGISTRY}/${ECR_REPOSITORY}:${IMAGE_TAG}" >> $GITHUB_OUTPUT | |
| - name: Get task definition for Prod | |
| if: github.ref == 'refs/heads/master' && success() | |
| run: | | |
| aws ecs describe-task-definition --task-definition qppsf-conversion-tool-td-prod --query taskDefinition > task-definition.json | |
| - name: Fill in image ID for ECS task-definition | |
| id: task-def-prod | |
| if: github.ref == 'refs/heads/master' && success() | |
| uses: aws-actions/amazon-ecs-render-task-definition@v1 | |
| with: | |
| task-definition: task-definition.json | |
| container-name: conversion-tool | |
| image: ${{ steps.build-image-prod.outputs.image }} | |
| - name: Deploy Amazon ECS task definition | |
| if: github.ref == 'refs/heads/master' && success() | |
| uses: aws-actions/amazon-ecs-deploy-task-definition@v1 | |
| with: | |
| task-definition: ${{ steps.task-def-prod.outputs.task-definition }} | |
| service: conversion-tool-service-prod | |
| cluster: qppsf-conversion-tool-prod | |
| wait-for-service-stability: true | |
| - name: Prod - Notify slack success | |
| if: github.ref == 'refs/heads/master' && success() | |
| uses: voxmedia/github-action-slack-notify-build@v1 | |
| with: | |
| channel: p-qpp-sub-alerts | |
| status: Conversion tools - Successful Docker build and AWS ECS deployment | |
| color: good | |
| - name: Prod - Notify slack fail | |
| if: github.ref == 'refs/heads/master' && failure() | |
| uses: voxmedia/github-action-slack-notify-build@v1 | |
| with: | |
| channel: p-qpp-sub-alerts | |
| status: Conversion tools - Failed Docker build or AWS ECS deployment | |
| color: danger | |
| - name: Get certificates for Devpre | |
| env: | |
| ENV_CT: devpre | |
| if: github.ref == 'refs/heads/master' | |
| run: bash ./qppsfct-copy-certs.sh ${{ env.ENV_CT }} ${{ secrets.AWS_REGION }} | |
| - name: DevPre - Build and deploy to Amazon ECR | |
| id: build-image-devpre | |
| if: github.ref == 'refs/heads/master' | |
| env: | |
| ECR_REPOSITORY: qppsf/conversion-tool/devpre | |
| ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
| IMAGE_TAG: ${{ github.sha }} | |
| run: | | |
| docker build -t $ECR_REPOSITORY:latest . | |
| docker tag $ECR_REPOSITORY:latest $ECR_REGISTRY/$ECR_REPOSITORY:latest | |
| docker push $ECR_REGISTRY/$ECR_REPOSITORY:latest | |
| docker build -t $ECR_REPOSITORY:$IMAGE_TAG . | |
| docker tag $ECR_REPOSITORY:$IMAGE_TAG $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG | |
| docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG | |
| echo "image=${ECR_REGISTRY}/${ECR_REPOSITORY}:${IMAGE_TAG}" >> $GITHUB_OUTPUT | |
| - name: Get task definition for DevPre | |
| if: github.ref == 'refs/heads/master' && success() | |
| run: | | |
| aws ecs describe-task-definition --task-definition qppsf-conversion-tool-td-devpre --query taskDefinition > task-definition.json | |
| - name: Fill in image ID for ECS task-definition | |
| id: task-def-devpre | |
| if: github.ref == 'refs/heads/master' && success() | |
| uses: aws-actions/amazon-ecs-render-task-definition@v1 | |
| with: | |
| task-definition: task-definition.json | |
| container-name: conversion-tool | |
| image: ${{ steps.build-image-devpre.outputs.image }} | |
| - name: Deploy Amazon ECS task definition | |
| if: github.ref == 'refs/heads/master' && success() | |
| uses: aws-actions/amazon-ecs-deploy-task-definition@v1 | |
| with: | |
| task-definition: ${{ steps.task-def-devpre.outputs.task-definition }} | |
| service: conversion-tool-service-devpre | |
| cluster: qppsf-conversion-tool-devpre | |
| wait-for-service-stability: true | |
| - name: DevPre - Notify slack success | |
| if: github.ref == 'refs/heads/master' && success() | |
| uses: voxmedia/github-action-slack-notify-build@v1 | |
| with: | |
| channel: p-qpp-sub-alerts | |
| status: Conversion tools - Successful Docker build and AWS ECS deployment | |
| color: good | |
| - name: DevPre - Notify slack fail | |
| if: github.ref == 'refs/heads/master' && failure() | |
| uses: voxmedia/github-action-slack-notify-build@v1 | |
| with: | |
| channel: p-qpp-sub-alerts | |
| status: Conversion tools - Failed Docker build or AWS ECS deployment | |
| color: danger | |
| - name: Logout of Amazon ECR | |
| if: always() | |
| run: docker logout ${{ steps.login-ecr.outputs.registry }} |