Skip to content

Merge pull request #1359 from CMSgov/feature/QPPSE-708_sanitize-api-i… #414

Merge pull request #1359 from CMSgov/feature/QPPSE-708_sanitize-api-i…

Merge pull request #1359 from CMSgov/feature/QPPSE-708_sanitize-api-i… #414

Workflow file for this run

name: Deploy to Amazon ECS
on:
push:
branches:
- ecr-deploy
- develop
- release/*
- master
env:
SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
jobs:
deploy:
name: Build Docker image and deploy to AWS ECR
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
steps:
- uses: actions/checkout@v2
with:
fetch-depth: 2
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
role-to-assume: arn:aws:iam::${{ secrets.ACCOUNT_ID }}:role/delegatedadmin/developer/qppsf-dev-githubactions-conversiontool-role
aws-region: ${{ secrets.AWS_REGION }}
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1
- name: Get certificates for Dev
env:
ENV_CT: dev
if: github.ref == 'refs/heads/develop'
run: bash ./qppsfct-copy-certs.sh ${{ env.ENV_CT }} ${{ secrets.AWS_REGION }}
- name: Dev - Build and deploy to Amazon ECR
id: build-image-dev
if: github.ref == 'refs/heads/develop'
env:
ECR_REPOSITORY: qppsf/conversion-tool/dev
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
IMAGE_TAG: ${{ github.sha }}
run: |
docker build -t $ECR_REPOSITORY:latest .
docker tag $ECR_REPOSITORY:latest $ECR_REGISTRY/$ECR_REPOSITORY:latest
docker push $ECR_REGISTRY/$ECR_REPOSITORY:latest
docker build -t $ECR_REPOSITORY:$IMAGE_TAG .
docker tag $ECR_REPOSITORY:$IMAGE_TAG $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
echo "image=${ECR_REGISTRY}/${ECR_REPOSITORY}:${IMAGE_TAG}" >> $GITHUB_OUTPUT
- name: Get task definition for dev
if: github.ref == 'refs/heads/develop' && success()
run: |
aws ecs describe-task-definition --task-definition qppsf-conversion-tool-td-dev --query taskDefinition > task-definition.json
- name: Fill in image ID for ECS task-definition
id: task-def-dev
if: github.ref == 'refs/heads/develop' && success()
uses: aws-actions/amazon-ecs-render-task-definition@v1
with:
task-definition: task-definition.json
container-name: conversion-tool
image: ${{ steps.build-image-dev.outputs.image }}
- name: Deploy Amazon ECS task definition
if: github.ref == 'refs/heads/develop' && success()
uses: aws-actions/amazon-ecs-deploy-task-definition@v1
with:
task-definition: ${{ steps.task-def-dev.outputs.task-definition }}
service: conversion-tool-service-dev
cluster: qppsf-conversion-tool-dev
wait-for-service-stability: true
- name: Dev - Notify slack success
if: github.ref == 'refs/heads/develop' && success()
uses: voxmedia/github-action-slack-notify-build@v1
with:
channel: p-qpp-sub-alerts
status: Conversion tools - Successful Docker build and AWS ECS deployment
color: good
- name: Dev - Notify slack fail
if: github.ref == 'refs/heads/develop' && failure()
uses: voxmedia/github-action-slack-notify-build@v1
with:
channel: p-qpp-sub-alerts
status: Conversion tools - Failed Docker build or AWS ECS deployment
color: danger
- name: Get certificates for Impl
env:
ENV_CT: impl
if: startsWith(github.ref,'refs/heads/release/')
run: bash ./qppsfct-copy-certs.sh ${{ env.ENV_CT }} ${{ secrets.AWS_REGION }}
- name: Impl - Build and deploy to Amazon ECR
id: build-image-impl
if: startsWith(github.ref,'refs/heads/release/')
env:
ECR_REPOSITORY: qppsf/conversion-tool/impl
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
IMAGE_TAG: ${{ github.sha }}
run: |
docker build -t $ECR_REPOSITORY:latest .
docker tag $ECR_REPOSITORY:latest $ECR_REGISTRY/$ECR_REPOSITORY:latest
docker push $ECR_REGISTRY/$ECR_REPOSITORY:latest
docker build -t $ECR_REPOSITORY:$IMAGE_TAG .
docker tag $ECR_REPOSITORY:$IMAGE_TAG $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
echo "image=${ECR_REGISTRY}/${ECR_REPOSITORY}:${IMAGE_TAG}" >> $GITHUB_OUTPUT
- name: Get task definition for Impl
if: startsWith(github.ref,'refs/heads/release/') && success()
run: |
aws ecs describe-task-definition --task-definition qppsf-conversion-tool-td-impl --query taskDefinition > task-definition.json
- name: Fill in image ID for ECS task-definition
id: task-def-impl
if: startsWith(github.ref,'refs/heads/release/') && success()
uses: aws-actions/amazon-ecs-render-task-definition@v1
with:
task-definition: task-definition.json
container-name: conversion-tool
image: ${{ steps.build-image-impl.outputs.image }}
- name: Deploy Amazon ECS task definition
if: startsWith(github.ref,'refs/heads/release/') && success()
uses: aws-actions/amazon-ecs-deploy-task-definition@v1
with:
task-definition: ${{ steps.task-def-impl.outputs.task-definition }}
service: conversion-tool-service-impl
cluster: qppsf-conversion-tool-impl
wait-for-service-stability: true
- name: Impl - Notify slack success
if: startsWith(github.ref,'refs/heads/release/') && success()
uses: voxmedia/github-action-slack-notify-build@v1
with:
channel: p-qpp-sub-alerts
status: Conversion tools - Successful Docker build and AWS ECS deployment
color: good
- name: Impl - Notify slack fail
if: startsWith(github.ref,'refs/heads/release/') && failure()
uses: voxmedia/github-action-slack-notify-build@v1
with:
channel: p-qpp-sub-alerts
status: Conversion tools - Failed Docker build or AWS ECS deployment
color: danger
- name: Get certificates for Prod
env:
ENV_CT: prod
if: github.ref == 'refs/heads/master'
run: bash ./qppsfct-copy-certs.sh ${{ env.ENV_CT }} ${{ secrets.AWS_REGION }}
- name: Prod - Build and deploy to Amazon ECR
id: build-image-prod
if: github.ref == 'refs/heads/master'
env:
ECR_REPOSITORY: qppsf/conversion-tool/prod
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
IMAGE_TAG: ${{ github.sha }}
run: |
docker build -t $ECR_REPOSITORY:latest .
docker tag $ECR_REPOSITORY:latest $ECR_REGISTRY/$ECR_REPOSITORY:latest
docker push $ECR_REGISTRY/$ECR_REPOSITORY:latest
docker build -t $ECR_REPOSITORY:$IMAGE_TAG .
docker tag $ECR_REPOSITORY:$IMAGE_TAG $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
echo "image=${ECR_REGISTRY}/${ECR_REPOSITORY}:${IMAGE_TAG}" >> $GITHUB_OUTPUT
- name: Get task definition for Prod
if: github.ref == 'refs/heads/master' && success()
run: |
aws ecs describe-task-definition --task-definition qppsf-conversion-tool-td-prod --query taskDefinition > task-definition.json
- name: Fill in image ID for ECS task-definition
id: task-def-prod
if: github.ref == 'refs/heads/master' && success()
uses: aws-actions/amazon-ecs-render-task-definition@v1
with:
task-definition: task-definition.json
container-name: conversion-tool
image: ${{ steps.build-image-prod.outputs.image }}
- name: Deploy Amazon ECS task definition
if: github.ref == 'refs/heads/master' && success()
uses: aws-actions/amazon-ecs-deploy-task-definition@v1
with:
task-definition: ${{ steps.task-def-prod.outputs.task-definition }}
service: conversion-tool-service-prod
cluster: qppsf-conversion-tool-prod
wait-for-service-stability: true
- name: Prod - Notify slack success
if: github.ref == 'refs/heads/master' && success()
uses: voxmedia/github-action-slack-notify-build@v1
with:
channel: p-qpp-sub-alerts
status: Conversion tools - Successful Docker build and AWS ECS deployment
color: good
- name: Prod - Notify slack fail
if: github.ref == 'refs/heads/master' && failure()
uses: voxmedia/github-action-slack-notify-build@v1
with:
channel: p-qpp-sub-alerts
status: Conversion tools - Failed Docker build or AWS ECS deployment
color: danger
- name: Get certificates for Devpre
env:
ENV_CT: devpre
if: github.ref == 'refs/heads/master'
run: bash ./qppsfct-copy-certs.sh ${{ env.ENV_CT }} ${{ secrets.AWS_REGION }}
- name: DevPre - Build and deploy to Amazon ECR
id: build-image-devpre
if: github.ref == 'refs/heads/master'
env:
ECR_REPOSITORY: qppsf/conversion-tool/devpre
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
IMAGE_TAG: ${{ github.sha }}
run: |
docker build -t $ECR_REPOSITORY:latest .
docker tag $ECR_REPOSITORY:latest $ECR_REGISTRY/$ECR_REPOSITORY:latest
docker push $ECR_REGISTRY/$ECR_REPOSITORY:latest
docker build -t $ECR_REPOSITORY:$IMAGE_TAG .
docker tag $ECR_REPOSITORY:$IMAGE_TAG $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
echo "image=${ECR_REGISTRY}/${ECR_REPOSITORY}:${IMAGE_TAG}" >> $GITHUB_OUTPUT
- name: Get task definition for DevPre
if: github.ref == 'refs/heads/master' && success()
run: |
aws ecs describe-task-definition --task-definition qppsf-conversion-tool-td-devpre --query taskDefinition > task-definition.json
- name: Fill in image ID for ECS task-definition
id: task-def-devpre
if: github.ref == 'refs/heads/master' && success()
uses: aws-actions/amazon-ecs-render-task-definition@v1
with:
task-definition: task-definition.json
container-name: conversion-tool
image: ${{ steps.build-image-devpre.outputs.image }}
- name: Deploy Amazon ECS task definition
if: github.ref == 'refs/heads/master' && success()
uses: aws-actions/amazon-ecs-deploy-task-definition@v1
with:
task-definition: ${{ steps.task-def-devpre.outputs.task-definition }}
service: conversion-tool-service-devpre
cluster: qppsf-conversion-tool-devpre
wait-for-service-stability: true
- name: DevPre - Notify slack success
if: github.ref == 'refs/heads/master' && success()
uses: voxmedia/github-action-slack-notify-build@v1
with:
channel: p-qpp-sub-alerts
status: Conversion tools - Successful Docker build and AWS ECS deployment
color: good
- name: DevPre - Notify slack fail
if: github.ref == 'refs/heads/master' && failure()
uses: voxmedia/github-action-slack-notify-build@v1
with:
channel: p-qpp-sub-alerts
status: Conversion tools - Failed Docker build or AWS ECS deployment
color: danger
- name: Logout of Amazon ECR
if: always()
run: docker logout ${{ steps.login-ecr.outputs.registry }}