Merge pull request #1388 from ChildMindInstitute/M2-6816-deployment-t…

…o-prod added condition to dev for testing
ChildMindInstitute · Jun 6, 2024 · 183c6ae · 183c6ae
2 parents 6f0dc8a + e4f89df
commit 183c6ae
Show file tree

Hide file tree

Showing 2 changed files with 104 additions and 0 deletions.
diff --git a/.github/workflows/run_deploy_dev.yaml b/.github/workflows/run_deploy_dev.yaml
@@ -32,6 +32,16 @@ jobs:
       AWS_REGION : "us-east-1"
 
     steps:
+
+      - uses: trstringer/manual-approval@v1
+        with:
+          secret: ${{ github.TOKEN }}
+          approvers: mbarsukou, yatrashkevich-scn, rsiauko
+          minimum-approvals: 2
+          issue-title: "Deploying ${{ github.ref_name }} to dev"
+          issue-body: "Please approve or deny the deployment of version ${{ github.ref_name }}"
+          exclude-workflow-initiator-as-approver: false
+
       - name: configure aws credentials
         uses: aws-actions/configure-aws-credentials@v4
         with:

diff --git a/.github/workflows/run_deploy_prod.yaml b/.github/workflows/run_deploy_prod.yaml
@@ -0,0 +1,94 @@
+name: deploy_to_produc†ion
+on: [pull_request, workflow_dispatch]
+
+permissions:
+  id-token: write
+  contents: read
+  issues: write
+
+jobs:
+
+  deploy_to_ecs:
+    runs-on: ubuntu-latest
+    if: ${{ github.ref_name == 'release\/[0-9]+.[0-9]+.[0-9]+([0-9]+)' }}
+    env:
+      TASK_FAMILY_PREFIX: backend
+      ECS_CLUSTER_NAME: cmiml-prod
+      ECS_SERVICE_NAME: backend
+      ECR_REPO: 917902836630.dkr.ecr.us-east-1.amazonaws.com
+      IMAGE_PREFIX: ${{ github.ref_name }}
+      COMMIT_HASH: ${{ github.sha }}
+      AWS_REGION : "us-east-1"
+    steps:
+
+      - uses: trstringer/manual-approval@v1
+        with:
+          secret: ${{ github.TOKEN }}
+          approvers: mbanting, natalia-muzyka, aweiland, vshvechko
+          minimum-approvals: 2
+          issue-title: "Deploying ${{ github.ref_name }} to prod"
+          issue-body: "Please approve or deny the deployment of version ${{ github.ref_name }}"
+          exclude-workflow-initiator-as-approver: false
+
+      - name: Git clone the repository
+        uses: actions/checkout@v4
+
+      - name: configure aws credentials
+        uses: aws-actions/configure-aws-credentials@v3
+        with:
+          role-to-assume: arn:aws:iam::641513112151:role/cmiml-prod-oidc-github-role
+          role-session-name: OIDC-GHA-session
+          aws-region: ${{ env.AWS_REGION }}
+
+      - name: change image and register task definitions
+        run: |
+          NEW_IMAGE=${IMAGE_PREFIX/\//-}-$(echo $COMMIT_HASH | cut -c1-5) 
+          for app in api worker scheduler; do 
+            export NEW_TASK_DEFINITION=$(aws ecs describe-task-definition --task-definition ${TASK_FAMILY_PREFIX}_${app} --region ${AWS_REGION} | jq --arg IMAGE "$ECR_REPO:$NEW_IMAGE" '.taskDefinition | .containerDefinitions[0].image = $IMAGE | del(.taskDefinitionArn) | del(.revision) | del(.status) | del(.requiresAttributes) | del(.compatibilities) | del(.registeredAt) | del(.registeredBy)')
+            aws ecs register-task-definition --region ${AWS_REGION} --cli-input-json "$NEW_TASK_DEFINITION"
+          done
+
+      - name: update services
+        run: |
+          for app in scheduler worker; do
+            aws ecs update-service --cluster ${ECS_CLUSTER_NAME} --service ${ECS_SERVICE_NAME}-${app} --task-definition ${TASK_FAMILY_PREFIX}_${app}
+          done
+          
+          #this step is separate because api sarvice and task definition names are different, need to be changed
+          aws ecs update-service --cluster ${ECS_CLUSTER_NAME} --service ${ECS_SERVICE_NAME} --task-definition ${TASK_FAMILY_PREFIX}_api
+        
+
+  on-failure:
+    runs-on: ubuntu-latest
+    if: ${{ always() && (needs.deploy_to_ecs.result == 'failure' || needs.deploy_to_ecs.result == 'timed_out') }}
+    needs:
+      - deploy_to_ecs
+    steps:
+      - uses: actions/checkout@v4
+      - name: "Send Slack message on failure"
+        uses: rtCamp/action-slack-notify@v2
+        env:
+          SLACK_COLOR: failure
+          SLACK_WEBHOOK: ${{ secrets.PROD_SLACK_WEBHOOK }}
+          SLACK_CHANNEL: gha-deploy-to-prod
+          SLACK_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
+          SLACK_TITLE: Deployment to PROD environment
+          SLACK_MESSAGE: 'Error when executing deployment!'
+
+  on-success:
+    runs-on: ubuntu-latest
+    if: ${{ always() && (needs.deploy_to_ecs.result == 'success') }}
+    needs:
+      - deploy_to_ecs
+    steps:
+      - uses: actions/checkout@v4
+      - name: "Send Slack message on success"
+        uses: rtCamp/action-slack-notify@v2
+        env:
+          SLACK_COLOR: success
+          SLACK_WEBHOOK: ${{ secrets.PROD_SLACK_WEBHOOK }}
+          SLACK_CHANNEL: gha-deploy-to-prod
+          SLACK_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
+          SLACK_TITLE: Deployment to PROD environment
+          SLACK_MESSAGE: 'Deployment is successfull!'
+