[Staging] Build and Deploy #13
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "[Staging] Build and Deploy" | |
| on: | |
| workflow_dispatch: {} | |
| env: | |
| AWS_REGION: eu-central-1 | |
| ECR_REPOSITORY: shapedocs | |
| ECS_SERVICE: StagingApp-AppService7F8F0CA1-jCcia0OvXEXa | |
| ECS_CLUSTER: StagingApp-EcsDefaultClusterMnL3mNNYNVPC9C1EC7A3-L9xrshUBnmqe | |
| ECS_TASK_DEFINITION_NAME: StagingAppAppServiceTaskDef1613562E | |
| CONTAINER_NAME: web | |
| OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN_SHAPE_DOCS }} | |
| # /start: needed for build to succeed | |
| NEXT_TELEMETRY_DISABLED: 1 | |
| NEXTAUTH_URL: http://dev.local:3000 | |
| NEXTAUTH_SECRET: 336f7a926310cff425cea29556dce2a98859b8d234aa27968696c2e6f1cb7d34 | |
| GITHUB_CLIENT_ID: this-is-our-github-client-id | |
| GITHUB_CLIENT_SECRET: this-is-our-github-client-secret | |
| GITHUB_APP_ID: 12345 | |
| GITHUB_PRIVATE_KEY_BASE_64: LS0tLS1CRUdJTiBPUEVOU1NIIFBSSVZBVEUgS0VZLS0tLS0KYjNCbGJuTnphQzFyWlhrdGRqRUFBQUFBQkc1dmJtVUFBQUFFYm05dVpRQUFBQUFBQUFBQkFBQUFNd0FBQUF0emMyZ3RaVwpReU5UVXhPUUFBQUNCS2NaL3UyL3dubDA4R1BjeXdiSVc2QVdKdnhVL2o0V0g2UnkxODVPSHZDd0FBQUpBYW01MzdHcHVkCit3QUFBQXR6YzJndFpXUXlOVFV4T1FBQUFDQktjWi91Mi93bmwwOEdQY3l3YklXNkFXSnZ4VS9qNFdINlJ5MTg1T0h2Q3cKQUFBRUJ6T2htRGpuY3R0QSt3ai9USHRnWnN6MklRWjdLM2ovb0Z1OEZBNTMxTDhrcHhuKzdiL0NlWFR3WTl6TEJzaGJvQgpZbS9GVCtQaFlmcEhMWHprNGU4TEFBQUFDMlp2YjBCb1lYQmxMbVJyQVFJPQotLS0tLUVORCBPUEVOU1NIIFBSSVZBVEUgS0VZLS0tLS0K | |
| GITHUB_WEBHOOK_SECRET: super-duper-secret | |
| IS_BUILD_PROCESS: true # used to signal to the code that it is being built in a CI/CD environment and does not have access to e.g. DB | |
| # /end: needed for the build to succeed | |
| jobs: | |
| build: | |
| name: Build and Deploy | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Install 1Password CLI | |
| uses: 1password/install-cli-action@v1 | |
| - name: Install AWS credentials from 1Password | |
| run: | | |
| AWS_ACCESS_KEY_ID=$(op read "op://Shape Docs GitHub Actions/AWS GitHub Actions User/access_key_id") | |
| AWS_SECRET_ACCESS_KEY=$(op read "op://Shape Docs GitHub Actions/AWS GitHub Actions User/secret_access_key") | |
| echo "AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID" >> $GITHUB_ENV | |
| echo "AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY" >> $GITHUB_ENV | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4.0.1 | |
| with: | |
| aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: ${{ env.AWS_REGION }} | |
| - name: Login to Amazon ECR | |
| id: login-ecr | |
| uses: aws-actions/amazon-ecr-login@v2.0.1 | |
| - name: Fetch task definition | |
| id: fetch-task-definition | |
| run: | | |
| aws ecs describe-task-definition --task-definition ${{ env.ECS_TASK_DEFINITION_NAME }} --region ${{ env.AWS_REGION }} | jq .taskDefinition > task-definition.json | |
| jq . task-definition.json | |
| - name: Build, tag, and push image to Amazon ECR | |
| id: build-image | |
| env: | |
| ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
| IMAGE_TAG: ${{ github.sha }} | |
| run: | | |
| # Build a docker image and push it to ECR so that it can | |
| # be deployed to ECS | |
| docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG . | |
| docker tag $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG $ECR_REGISTRY/$ECR_REPOSITORY:latest | |
| docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG | |
| docker push $ECR_REGISTRY/$ECR_REPOSITORY:latest | |
| echo "image=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT | |
| - name: Fill in the new image ID in the Amazon ECS task definition | |
| id: task-def | |
| uses: aws-actions/amazon-ecs-render-task-definition@v1.2.0 | |
| with: | |
| task-definition: task-definition.json | |
| container-name: ${{ env.CONTAINER_NAME }} | |
| image: ${{ steps.build-image.outputs.image }} | |
| - name: Deploy Amazon ECS task definition | |
| uses: aws-actions/amazon-ecs-deploy-task-definition@v1.4.11 | |
| with: | |
| task-definition: ${{ steps.task-def.outputs.task-definition }} | |
| service: ${{ env.ECS_SERVICE }} | |
| cluster: ${{ env.ECS_CLUSTER }} | |
| wait-for-service-stability: true |