diff --git a/.github/workflows/run_deploy_staging.yaml b/.github/workflows/run_deploy_staging.yaml new file mode 100644 index 00000000000..6e9fbafdaab --- /dev/null +++ b/.github/workflows/run_deploy_staging.yaml @@ -0,0 +1,49 @@ +name: deploy_to_staging +on: [push, pull_request, workflow_dispatch] + +permissions: + id-token: write + contents: read + +jobs: + + deploy_to_ecs: + runs-on: ubuntu-latest + if: ${{ github.ref_name == 'release\/[0-9]+.[0-9]+.[0-9]+([0-9]+)' }} + env: + TASK_FAMILY_PREFIX: backend + ECS_CLUSTER_NAME: cmiml-stage + ECS_SERVICE_NAME: backend + ECR_REPO: 917902836630.dkr.ecr.us-east-1.amazonaws.com + IMAGE_PREFIX: ${{ github.ref_name }} + COMMIT_HASH: ${{ github.sha }} + AWS_REGION : "us-east-1" + steps: + + - name: Git clone the repository + uses: actions/checkout@v4 + + - name: configure aws credentials + uses: aws-actions/configure-aws-credentials@v3 + with: + role-to-assume: arn:aws:iam::641513112151:role/cmiml-stage-oidc-github-role + role-session-name: OIDC-GHA-session + aws-region: ${{ env.AWS_REGION }} + + - name: change image and register task definitions + run: | + NEW_IMAGE=${IMAGE_PREFIX/\//-}-$(echo $COMMIT_HASH | cut -c1-5) + for app in api worker scheduler; do + export NEW_TASK_DEFINITION=$(aws ecs describe-task-definition --task-definition ${TASK_FAMILY_PREFIX}_${app} --region ${AWS_REGION} | jq --arg IMAGE "$ECR_REPO:$NEW_IMAGE" '.taskDefinition | .containerDefinitions[0].image = $IMAGE | del(.taskDefinitionArn) | del(.revision) | del(.status) | del(.requiresAttributes) | del(.compatibilities) | del(.registeredAt) | del(.registeredBy)') + aws ecs register-task-definition --region ${AWS_REGION} --cli-input-json "$NEW_TASK_DEFINITION" + done + + - name: update services + run: | + for app in scheduler worker; do + aws ecs update-service --cluster ${ECS_CLUSTER_NAME} --service ${ECS_SERVICE_NAME}-${app} --task-definition ${TASK_FAMILY_PREFIX}_${app} + done + + #this step is separate because api sarvice and task definition names are different, need to be changed + aws ecs update-service --cluster ${ECS_CLUSTER_NAME} --service ${ECS_SERVICE_NAME} --task-definition ${TASK_FAMILY_PREFIX}_api + \ No newline at end of file diff --git a/.github/workflows/run_deploy_test.yaml b/.github/workflows/run_deploy_test.yaml index cc93e679fb3..ecfe003738c 100644 --- a/.github/workflows/run_deploy_test.yaml +++ b/.github/workflows/run_deploy_test.yaml @@ -22,10 +22,9 @@ jobs: runs-on: ubuntu-latest if: contains(github.ref, '-rc') env: - TASK_FAMILY: backend_api + TASK_FAMILY_PREFIX: backend ECS_CLUSTER_NAME: cmiml-test ECS_SERVICE_NAME: backend - AWS_REGION : "us-east-1" ECR_REPO: 917902836630.dkr.ecr.us-east-1.amazonaws.com/api-server IMAGE_PREFIX: ${{ inputs.COMMIT_HASH }} COMMIT_HASH: ${{ inputs.IMAGE_PREFIX }} @@ -37,17 +36,24 @@ jobs: - name: configure aws credentials uses: aws-actions/configure-aws-credentials@v3 with: - role-to-assume: arn:aws:iam::641513112151:role/cmiml-devops-oidc-github-role + role-to-assume: arn:aws:iam::641513112151:role/cmiml-test-oidc-github-role role-session-name: OIDC-GHA-session aws-region: ${{ env.AWS_REGION }} - - name: change image in the task definitions and update services + - name: change image and register task definitions run: | NEW_IMAGE=${IMAGE_PREFIX/\//-}-$(echo $COMMIT_HASH | cut -c1-5) - for app in api worker scheduler; do - NEW_TASK_DEFINITION=$(aws ecs describe-task-definition --task-definition ${TASK_FAMILY_PREFIX}_${app} --region ${AWS_REGION} | jq --arg IMAGE "$ECR_REPO:$NEW_IMAGE" '.taskDefinition | .containerDefinitions[0].image = $IMAGE | del(.taskDefinitionArn) | del(.revision) | del(.status) | del(.requiresAttributes) | del(.compatibilities) | del(.registeredAt) | del(.registeredBy)') - aws ecs register-task-definition --region ${{ env.AWS_REGION }} --cli-input-json "$NEW_TASK_DEFINTIION" - aws ecs update-service --cluster ${{ env.ECS_CLUSTER_NAME }} --service ${{ env.ECS_SERVICE_NAME }}_${app} --task-definition ${TASK_FAMILY_PREFIX}_${app} + export NEW_TASK_DEFINITION=$(aws ecs describe-task-definition --task-definition ${TASK_FAMILY_PREFIX}_${app} --region ${AWS_REGION} | jq --arg IMAGE "$ECR_REPO:$NEW_IMAGE" '.taskDefinition | .containerDefinitions[0].image = $IMAGE | del(.taskDefinitionArn) | del(.revision) | del(.status) | del(.requiresAttributes) | del(.compatibilities) | del(.registeredAt) | del(.registeredBy)') + aws ecs register-task-definition --region ${AWS_REGION} --cli-input-json "$NEW_TASK_DEFINITION" + done + + - name: update services + run: | + for app in scheduler worker; do + aws ecs update-service --cluster ${ECS_CLUSTER_NAME} --service ${ECS_SERVICE_NAME}-${app} --task-definition ${TASK_FAMILY_PREFIX}_${app} done + + #this step is separate because api sarvice and task definition names are different, need to be changed + aws ecs update-service --cluster ${ECS_CLUSTER_NAME} --service ${ECS_SERVICE_NAME} --task-definition ${TASK_FAMILY_PREFIX}_api \ No newline at end of file diff --git a/.github/workflows/run_deploy_uat.yaml b/.github/workflows/run_deploy_uat.yaml index 72c1516ffa7..c6ad0b67324 100644 --- a/.github/workflows/run_deploy_uat.yaml +++ b/.github/workflows/run_deploy_uat.yaml @@ -22,10 +22,9 @@ jobs: runs-on: ubuntu-latest if: contains(github.ref, '-rc') env: - TASK_FAMILY: backend_api + TASK_FAMILY_PREFIX: backend ECS_CLUSTER_NAME: cmiml-uat ECS_SERVICE_NAME: backend - ECR_URL: 917902836630.dkr.ecr.us-east-1.amazonaws.com IMAGE_PREFIX: ${{ inputs.COMMIT_HASH }} COMMIT_HASH: ${{ inputs.IMAGE_PREFIX }} AWS_REGION : "us-east-1" @@ -38,16 +37,24 @@ jobs: - name: configure aws credentials uses: aws-actions/configure-aws-credentials@v3 with: - role-to-assume: arn:aws:iam::641513112151:role/cmiml-devops-oidc-github-role + role-to-assume: arn:aws:iam::641513112151:role/cmiml-uat-oidc-github-role role-session-name: OIDC-GHA-session aws-region: ${{ env.AWS_REGION }} - - name: change image in the task definitions and update services + - name: change image and register task definitions run: | NEW_IMAGE=${IMAGE_PREFIX/\//-}-$(echo $COMMIT_HASH | cut -c1-5) - for app in api worker scheduler; do - NEW_TASK_DEFINITION=$(aws ecs describe-task-definition --task-definition ${TASK_FAMILY_PREFIX}_${app} --region ${AWS_REGION} | jq --arg IMAGE "$ECR_REPO:$NEW_IMAGE" '.taskDefinition | .containerDefinitions[0].image = $IMAGE | del(.taskDefinitionArn) | del(.revision) | del(.status) | del(.requiresAttributes) | del(.compatibilities) | del(.registeredAt) | del(.registeredBy)') - aws ecs register-task-definition --region ${{ env.AWS_REGION }} --cli-input-json "$NEW_TASK_DEFINTIION" - aws ecs update-service --cluster ${{ env.ECS_CLUSTER_NAME }} --service ${{ env.ECS_SERVICE_NAME }}_${app} --task-definition ${TASK_FAMILY_PREFIX}_${app} - done \ No newline at end of file + export NEW_TASK_DEFINITION=$(aws ecs describe-task-definition --task-definition ${TASK_FAMILY_PREFIX}_${app} --region ${AWS_REGION} | jq --arg IMAGE "$ECR_REPO:$NEW_IMAGE" '.taskDefinition | .containerDefinitions[0].image = $IMAGE | del(.taskDefinitionArn) | del(.revision) | del(.status) | del(.requiresAttributes) | del(.compatibilities) | del(.registeredAt) | del(.registeredBy)') + aws ecs register-task-definition --region ${AWS_REGION} --cli-input-json "$NEW_TASK_DEFINITION" + done + + - name: update services + run: | + for app in scheduler worker; do + aws ecs update-service --cluster ${ECS_CLUSTER_NAME} --service ${ECS_SERVICE_NAME}-${app} --task-definition ${TASK_FAMILY_PREFIX}_${app} + done + + #this step is separate because api sarvice and task definition names are different, need to be changed + aws ecs update-service --cluster ${ECS_CLUSTER_NAME} --service ${ECS_SERVICE_NAME} --task-definition ${TASK_FAMILY_PREFIX}_api + \ No newline at end of file