.github/workflows/deploy.yml

name: VLY2 deploy

on:
  push:
    branches:
      - master
    tags: 
      - beta*
      - gamma*
      - v*

jobs:
  build-and-deploy:
    name: Build and push image to ECR, deploy to ECS
    runs-on: ubuntu-latest
    steps:

    - name: Check out
      uses: actions/checkout@v2
    
    - name: Set tag vars
      run: |
        echo "TAG=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV 

    - name: Set var for tags vs PR merge
      run: |
        [[ $TAG == 'master' ]] && echo "ENVM=alpha" >> $GITHUB_ENV || echo "ENVM=${TAG}" >> $GITHUB_ENV
    - name: Set env type var and secret
      run: |
        if [[ $ENVM == 'v'* ]];then 
          echo "ENVM_TYPE=live" >> $GITHUB_ENV
          echo "ENV_SECRET=${{ secrets.ENV_SECRET_LIVE }}" >> $GITHUB_ENV
        elif [[ $ENVM == 'beta'* ]];then 
          echo "ENVM_TYPE=beta" >> $GITHUB_ENV
          echo "ENV_SECRET=${{ secrets.ENV_SECRET_BETA }}" >> $GITHUB_ENV
        elif [[ $ENVM == 'gamma'* ]];then 
          echo "ENVM_TYPE=gamma" >> $GITHUB_ENV
          echo "ENV_SECRET=${{ secrets.ENV_SECRET_GAMMA }}" >> $GITHUB_ENV
        else
          echo "ENVM_TYPE=alpha" >> $GITHUB_ENV
          echo "ENV_SECRET=${{ secrets.ENV_SECRET_ALPHA }}" >> $GITHUB_ENV
        fi

    - name: Check vars
      run: |
        echo $TAG
        echo $ENVM
        echo $ENVM_TYPE
        echo $ENV_SECRET

    - name: Cache node modules
      uses: actions/cache@v1
      env:
        cache-name: cache-node-modules
      with:
        path: ~/.npm # npm cache files are stored in `~/.npm` on Linux/macOS
        key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('**/package-lock.json') }}
        restore-keys: |
          ${{ runner.os }}-build-${{ env.cache-name }}-
          ${{ runner.os }}-build-
          ${{ runner.os }}-  

    - name: Configure AWS credentials
      uses: aws-actions/configure-aws-credentials@v1
      with:
        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
        aws-region: ap-southeast-2

    - name: Log in to ECR
      id: login-ecr
      uses: aws-actions/amazon-ecr-login@v1

    # Builds image, uses same image to tag and push to appropriate environment
    - name: Build, tag, and push
      env:
        ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
        ECR_REPOSITORY: vly-${{ env.ENVM_TYPE }}
        IMAGE_TAG: ${{ github.sha }}
        ENV_ENVIRONMENT: ${{ env.ENVM_TYPE }}
      run: |
        docker build --target production -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG \
        --build-arg ENV_ENVIRONMENT=$ENV_ENVIRONMENT --build-arg ENV_SECRET=${{ env.ENV_SECRET }} \
        --build-arg REVISION=$IMAGE_TAG \
        .
        docker image tag $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG $ECR_REGISTRY/$ECR_REPOSITORY:master
        docker push $ECR_REGISTRY/$ECR_REPOSITORY:master

    - name: Log out of ECR
      if: always()
      run: docker logout ${{ steps.login-ecr.outputs.registry }}

    - name: Deploy to ECS
      env:
        ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
        ECR_REPOSITORY: vly-${{ env.ENVM_TYPE }}  
      run: |
        aws ecs update-service --service vly-${{ env.ENVM_TYPE }}  --cluster vly-${{ env.ENVM_TYPE }}-ECSCluster --force-new-deployment --desired-count 3 --deployment-configuration maximumPercent=100,minimumHealthyPercent=50