1+ name : deploy_to_produc†ion
2+ on : [pull_request, workflow_dispatch]
3+
4+ permissions :
5+ id-token : write
6+ contents : read
7+ issues : write
8+
9+ jobs :
10+
11+ deploy_to_ecs :
12+ runs-on : ubuntu-latest
13+ if : ${{ github.ref_name == 'release\/[0-9]+.[0-9]+.[0-9]+([0-9]+)' }}
14+ env :
15+ TASK_FAMILY_PREFIX : backend
16+ ECS_CLUSTER_NAME : cmiml-prod
17+ ECS_SERVICE_NAME : backend
18+ ECR_REPO : 917902836630.dkr.ecr.us-east-1.amazonaws.com
19+ IMAGE_PREFIX : ${{ github.ref_name }}
20+ COMMIT_HASH : ${{ github.sha }}
21+ AWS_REGION : " us-east-1"
22+ steps :
23+
24+ - uses : trstringer/manual-approval@v1
25+ with :
26+ secret : ${{ github.TOKEN }}
27+ approvers : mbanting, natalia-muzyka, aweiland, vshvechko
28+ minimum-approvals : 2
29+ issue-title : " Deploying ${{ github.ref_name }} to prod"
30+ issue-body : " Please approve or deny the deployment of version ${{ github.ref_name }}"
31+ exclude-workflow-initiator-as-approver : false
32+
33+ - name : Git clone the repository
34+ uses : actions/checkout@v4
35+
36+ - name : configure aws credentials
37+ uses : aws-actions/configure-aws-credentials@v3
38+ with :
39+ role-to-assume : arn:aws:iam::641513112151:role/cmiml-prod-oidc-github-role
40+ role-session-name : OIDC-GHA-session
41+ aws-region : ${{ env.AWS_REGION }}
42+
43+ - name : change image and register task definitions
44+ run : |
45+ NEW_IMAGE=${IMAGE_PREFIX/\//-}-$(echo $COMMIT_HASH | cut -c1-5)
46+ for app in api worker scheduler; do
47+ export NEW_TASK_DEFINITION=$(aws ecs describe-task-definition --task-definition ${TASK_FAMILY_PREFIX}_${app} --region ${AWS_REGION} | jq --arg IMAGE "$ECR_REPO:$NEW_IMAGE" '.taskDefinition | .containerDefinitions[0].image = $IMAGE | del(.taskDefinitionArn) | del(.revision) | del(.status) | del(.requiresAttributes) | del(.compatibilities) | del(.registeredAt) | del(.registeredBy)')
48+ aws ecs register-task-definition --region ${AWS_REGION} --cli-input-json "$NEW_TASK_DEFINITION"
49+ done
50+
51+ name : update services
52+ run : |
53+ for app in scheduler worker; do
54+ aws ecs update-service --cluster ${ECS_CLUSTER_NAME} --service ${ECS_SERVICE_NAME}-${app} --task-definition ${TASK_FAMILY_PREFIX}_${app}
55+ done
56+
57+ #this step is separate because api sarvice and task definition names are different, need to be changed
58+ aws ecs update-service --cluster ${ECS_CLUSTER_NAME} --service ${ECS_SERVICE_NAME} --task-definition ${TASK_FAMILY_PREFIX}_api
59+
60+
61+ on-failure :
62+ runs-on : ubuntu-latest
63+ if : ${{ always() && (needs.deploy_to_ecs.result == 'failure' || needs.deploy_to_ecs.result == 'timed_out') }}
64+ needs :
65+ - deploy_to_ecs
66+ steps :
67+ - uses : actions/checkout@v4
68+ - name : " Send Slack message on failure"
69+ uses : rtCamp/action-slack-notify@v2
70+ env :
71+ SLACK_COLOR : failure
72+ SLACK_WEBHOOK : ${{ secrets.PROD_SLACK_WEBHOOK }}
73+ SLACK_CHANNEL : gha-deploy-to-prod
74+ SLACK_TOKEN : ${{ secrets.SLACK_BOT_TOKEN }}
75+ SLACK_TITLE : Deployment to PROD environment
76+ SLACK_MESSAGE : ' Error when executing deployment!'
77+
78+ on-success :
79+ runs-on : ubuntu-latest
80+ if : ${{ always() && (needs.deploy_to_ecs.result == 'success') }}
81+ needs :
82+ - deploy_to_ecs
83+ steps :
84+ - uses : actions/checkout@v4
85+ - name : " Send Slack message on success"
86+ uses : rtCamp/action-slack-notify@v2
87+ env :
88+ SLACK_COLOR : success
89+ SLACK_WEBHOOK : ${{ secrets.PROD_SLACK_WEBHOOK }}
90+ SLACK_CHANNEL : gha-deploy-to-prod
91+ SLACK_TOKEN : ${{ secrets.SLACK_BOT_TOKEN }}
92+ SLACK_TITLE : Deployment to PROD environment
93+ SLACK_MESSAGE : ' Deployment is successfull!'
94+
0 commit comments