Skip to content

pipeline testing

pipeline testing #81

# # This is a basic workflow to help you get started with Actions
# name: Connect to an AWS role from a GitHub repository
# # Controls when the action will run. Invokes the workflow on push events but only for the main branch
# on:
# push:
# branches: [5165-cicd]
# pull_request:
# branches: [5165-cicd]
# env:
# ENVIRONMENT: development
# AWS_REGION: ap-southeast-2 #MY_AWS_REGION
# ECR_REPOSITORY: test # set this to your Amazon ECR repository name
# ECS_SERVICE: ogcapi-java-service # set this to your Amazon ECS service name
# ECS_CLUSTER: aodn-imos-v2 # set this to your Amazon ECS cluster name
# ECS_TASK_DEFINITION: ./ogcapi-java-dev-td.json #MY_ECS_TASK_DEFINITION # set this to the path to your Amazon ECS task definition
# CONTAINER_NAME: aodn-dev-container # set this to the name of the container in the
# name: development
# # Permission can be added at job level or workflow level
# permissions:
# id-token: write # This is required for requesting the JWT
# contents: read # This is required for actions/checkout
# jobs:
# AWS-ECR-ECS-Deploy:
# runs-on: ubuntu-latest
# environment: development
# steps:
# - name: Git clone the repository
# uses: actions/checkout@v3
# - name: Configure AWS credentials
# uses: aws-actions/configure-aws-credentials@v4
# with:
# role-to-assume: ${{ vars.ROLE_ARN }}
# role-session-name: GitHub_to_AWS_via_FederatedOIDC
# aws-region: ${{ env.AWS_REGION }}
# # Hello from AWS: WhoAmI
# - name: Sts GetCallerIdentity
# run: |
# aws sts get-caller-identity
# - name: Install jq
# run: sudo apt-get update && sudo apt-get install -y jq
# - name: Retrieve Parameters - ssm parameter store
# id: getParameters
# run: |
# # Replace '--path' with your specific path from Parameter Store
# parameters=$(aws ssm get-parameters-by-path --path "/core/ogcapi/dev_ecr_ecs_config/" --recursive --query 'Parameters[*].[Name,Value]' --output json)
# echo "$parameters" > parameters.json
# echo "::set-output name=parameters_json::$parameters"
# - name: Process Parameters - ssm parameter store
# run: |
# parameters=$(cat parameters.json)
# # Loop through the JSON array of parameters using jq
# for row in $(echo "${parameters}" | jq -r '.[] | @base64'); do
# _jq() {
# echo "${row}" | base64 --decode | jq -r "${1}"
# }
# name=$(_jq '.[0]')
# value=$(_jq '.[1]')
# echo "Name: $name, Value: $value"
# # Perform actions using parameter values here
# # For example, set environment variables
# if [ "$name" = "/core/ogcapi/dev_ecr_ecs_config/ecr_repo" ]; then
# echo "ECR_REPOSITORY=$value" >> "$GITHUB_ENV"
# fi
# if [ "$name" = "/core/ogcapi/dev_ecr_ecs_config/ecs_cluster" ]; then
# echo "ECS_CLUSTER=$value" >> "$GITHUB_ENV"
# fi
# if [ "$name" = "/core/ogcapi/dev_ecr_ecs_config/ecs_service" ]; then
# echo "ECS_SERVICE=$value" >> "$GITHUB_ENV"
# fi
# if [ "$name" = "/core/ogcapi/dev_ecr_ecs_config/container_name" ]; then
# echo "CONTAINER_NAME=$value" >> "$GITHUB_ENV"
# fi
# done
# - name: Print new env var values - ssm parameter store
# run: |
# printf '%s\n' "$ECR_REPOSITORY"
# printf '%s\n' "$ECS_CLUSTER"
# printf '%s\n' "$ECS_SERVICE"
# printf '%s\n' "$CONTAINER_NAME"
# - name: Prepare
# id: prep
# run: |
# BRANCH=${GITHUB_REF##*/}
# TS=$(date +%s)
# REVISION=${GITHUB_SHA::8}
# BUILD_ID="${BRANCH}-${REVISION}-${TS}"
# LATEST_ID=canary
# if [[ $GITHUB_REF == refs/tags/* ]]; then
# BUILD_ID=${GITHUB_REF/refs\/tags\//}
# LATEST_ID=latest
# fi
# echo ::set-output name=BUILD_DATE::$(date -u +'%Y-%m-%dT%H:%M:%SZ')
# echo ::set-output name=BUILD_ID::${BUILD_ID}
# echo ::set-output name=LATEST_ID::${LATEST_ID} >> $GITHUB_OUTPUT
# - name: Checkout
# uses: actions/checkout@v3
# - name: Set up JDK 17
# uses: actions/setup-java@v3
# with:
# distribution: 'temurin'
# java-version: '17'
# cache: 'maven'
# - name: Build with Maven
# run: |
# mvn -B package --file pom.xml
# - name: Login to Amazon ECR
# id: login-ecr
# uses: aws-actions/amazon-ecr-login@v2
# - name: Build and tag image
# id: build-image
# env:
# ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
# IMAGE_TAG: ${{ steps.prep.outputs.BUILD_ID }}
# LATEST_ID: ${{ steps.prep.outputs.LATEST_ID }}
# run: |
# # Build a docker container and
# # be deployed to ECS.
# # docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
# # echo "image=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT
# # aws ecr get-login-password --region ap-southeast-2 | docker login --username AWS --password-stdin $ACCOUNT_ID
# docker build -t $ECR_REPOSITORY:$IMAGE_TAG .
# echo "image=$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT
# - name: Run Trivy vulnerability scanner in docker mode
# uses: aquasecurity/trivy-action@master
# with:
# image-ref: ${{ steps.build-image.outputs.image }}
# format: 'table'
# severity: 'HIGH,CRITICAL'
# vuln-type: 'os,library'
# exit-code: 1
# ignore-unfixed: true
# continue-on-error: true
# - name: Push image to Amazon ECR
# id: push-image
# env:
# ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
# IMAGE_TAG: ${{ steps.prep.outputs.BUILD_ID }}
# LATEST_ID: ${{ steps.prep.outputs.LATEST_ID }}
# run: |
# # Build a docker container and
# # be deployed to ECS.
# # docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
# # echo "image=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT
# # aws ecr get-login-password --region ap-southeast-2 | docker login --username AWS --password-stdin $ACCOUNT_ID
# docker push $ECR_REPOSITORY:$IMAGE_TAG
# echo "image=$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT
# - name: Fill in the new image ID in the Amazon ECS task definition
# id: task-def
# uses: aws-actions/amazon-ecs-render-task-definition@v1
# with:
# task-definition: ${{ env.ECS_TASK_DEFINITION }}
# container-name: ${{ env.CONTAINER_NAME }}
# image: ${{ steps.push-image.outputs.image }}
# environment-variables: |
# ENVIRONMENT=${{ env.ENVIRONMENT }}
# HOST=${{ vars.HOST }}
# PORT=${{ vars.PORT }}
# ELASTIC_URL=${{ vars.ELASTIC_URL }}
# ELASTIC_KEY=${{ vars.ELASTIC_KEY }}
# IMAGE=${{ steps.push-image.outputs.image }}
# - name: Deploy Amazon ECS task definition
# uses: aws-actions/amazon-ecs-deploy-task-definition@v1
# id: ecs-deploy
# with:
# task-definition: ${{ steps.task-def.outputs.task-definition }}
# service: ${{ env.ECS_SERVICE }}
# cluster: ${{ env.ECS_CLUSTER }}
# wait-for-service-stability: true
# - name: Check if deployment was successful
# id: check-deployment
# run: |
# CURRENT_TASK_DEF_ARN=$(aws ecs describe-services --cluster ${{ env.ECS_CLUSTER }} --services ${{ env.ECS_SERVICE }} --query services[0].deployments[0].taskDefinition | jq -r ".")
# NEW_TASK_DEF_ARN=${{ steps.ecs-deploy.outputs.task-definition-arn }}
# REVISION=${GITHUB_SHA::8}
# echo "Current task arn: $CURRENT_TASK_DEF_ARN"
# echo "New task arn: $NEW_TASK_DEF_ARN"
# echo "Latest revision: $REVISION"
# if [ "$CURRENT_TASK_DEF_ARN" != "$NEW_TASK_DEF_ARN" ]; then
# echo "Deployment failed with latest code revision."
# exit 1
# else
# echo "Deployment successfull."
# fi
# - name: Install AWS CLI dependencies
# run: |
# python -m pip install --upgrade pip
# pip install awscli
# - name: Publish to AWS CodeArtifact
# id: ca-deploy
# run: |
# DOMAIN="testmvp-io"
# DOMAIN_OWNER="704910415367"
# CODE_ARTIFACT_REPO="java-maven-repo"
# PACKAGE="ogcapi"
# SOURCE_PATH="./server/target/server-java-1.0.0-SNAPSHOT-exec.jar"
# CA_VERSION="1.0.1"
# CA_NAMESPACE="ogcapi"
# export ASSET_SHA256=$(sha256sum ./server/target/server-java-1.0.0-SNAPSHOT-exec.jar | awk '{print $1;}')
# #aws codeartifact get-repository-endpoint --domain $DOMAIN --repository $CODE_ARTIFACT_REPO --format maven
# #aws codeartifact login --tool pip --repository $CODE_ARTIFACT_REPO --domain $DOMAIN --domain-owner $DOMAIN_OWNER --region ${{ env.AWS_REGION }}
# aws codeartifact publish-package-version --repository $CODE_ARTIFACT_REPO --domain $DOMAIN --domain-owner $DOMAIN_OWNER --format generic --package $PACKAGE --asset-content $SOURCE_PATH --package-version $CA_VERSION --asset-name $PACKAGE --asset-sha256 $ASSET_SHA256 --namespace $CA_NAMESPACE --output text
#Test docker-compose.yml file
# This is a basic workflow to help you get started with Actions
name: Connect to an AWS role from a GitHub repository
# Controls when the action will run. Invokes the workflow on push events but only for the main branch
on:
push:
branches: [5165-cicd]
pull_request:
branches: [5165-cicd]
env:
ENVIRONMENT: development
AWS_REGION: ap-southeast-2 #MY_AWS_REGION # set this to your preferred AWS region, e.g. us-west-1
ECR_REPOSITORY: test #########.dkr.ecr.ap-southeast-2.amazonaws.com/aodn-v2 # set this to your Amazon ECR repository name
ECS_SERVICE: ogcapi-java-service #MY_ECS_SERVICE # set this to your Amazon ECS service name
ECS_CLUSTER: aodn-imos-v2 # set this to your Amazon ECS cluster name
ECS_TASK_DEFINITION: ./ogcapi-java-dev-td.json #MY_ECS_TASK_DEFINITION # set this to the path to your Amazon ECS task definition
# file, e.g. .aws/task-definition.json
CONTAINER_NAME: aodn-dev-container #MY_CONTAINER_NAME # set this to the name of the container in the
# containerDefinitions section of your task definition
#ROLE_ARN: arn:aws:iam::#########:role/tlc-ci-cd
name: development
# Permission can be added at job level or workflow level
permissions:
id-token: write # This is required for requesting the JWT
contents: read # This is required for actions/checkout
jobs:
AWS-ECR-ECS-Deploy:
runs-on: ubuntu-latest
environment: development
steps:
- name: Git clone the repository
uses: actions/checkout@v3
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ vars.ROLE_ARN }}
role-session-name: GitHub_to_AWS_via_FederatedOIDC
aws-region: ${{ env.AWS_REGION }}
# Hello from AWS: WhoAmI
- name: Sts GetCallerIdentity
run: |
aws sts get-caller-identity
- name: Install jq
run: sudo apt-get update && sudo apt-get install -y jq
- name: Retrieve Parameters - ssm parameter store
id: getParameters
run: |
# Replace '--path' with your specific path from Parameter Store
parameters=$(aws ssm get-parameters-by-path --path "/core/ogcapi/dev_ecr_ecs_config/" --recursive --query 'Parameters[*].[Name,Value]' --output json)
echo "$parameters" > parameters.json
echo "::set-output name=parameters_json::$parameters"
- name: Process Parameters - ssm parameter store
run: |
parameters=$(cat parameters.json)
# Loop through the JSON array of parameters using jq
for row in $(echo "${parameters}" | jq -r '.[] | @base64'); do
_jq() {
echo "${row}" | base64 --decode | jq -r "${1}"
}
name=$(_jq '.[0]')
value=$(_jq '.[1]')
echo "Name: $name, Value: $value"
# Perform actions using parameter values here
# For example, set environment variables
if [ "$name" = "/core/ogcapi/dev_ecr_ecs_config/ecr_repo" ]; then
echo "ECR_REPOSITORY=$value" >> "$GITHUB_ENV"
fi
if [ "$name" = "/core/ogcapi/dev_ecr_ecs_config/ecs_cluster" ]; then
echo "ECS_CLUSTER=$value" >> "$GITHUB_ENV"
fi
if [ "$name" = "/core/ogcapi/dev_ecr_ecs_config/ecs_service" ]; then
echo "ECS_SERVICE=$value" >> "$GITHUB_ENV"
fi
if [ "$name" = "/core/ogcapi/dev_ecr_ecs_config/container_name" ]; then
echo "CONTAINER_NAME=$value" >> "$GITHUB_ENV"
fi
done
- name: Print new env var values - ssm parameter store
run: |
printf '%s\n' "$ECR_REPOSITORY"
printf '%s\n' "$ECS_CLUSTER"
printf '%s\n' "$ECS_SERVICE"
printf '%s\n' "$CONTAINER_NAME"
- name: Prepare
id: prep
run: |
BRANCH=${GITHUB_REF##*/}
TS=$(date +%s)
REVISION=${GITHUB_SHA::8}
BUILD_ID="${BRANCH}-${REVISION}-${TS}"
LATEST_ID=canary
if [[ $GITHUB_REF == refs/tags/* ]]; then
BUILD_ID=${GITHUB_REF/refs\/tags\//}
LATEST_ID=latest
fi
echo name=BUILD_DATE::$(date -u +'%Y-%m-%dT%H:%M:%SZ')
echo name=BUILD_ID::${BUILD_ID}
echo name=LATEST_ID::${LATEST_ID} >> $GITHUB_OUTPUT
- name: Checkout
uses: actions/checkout@v3
- name: Set up JDK 17
uses: actions/setup-java@v3
with:
distribution: 'temurin'
java-version: '17'
cache: 'maven'
- name: Build with Maven
run: |
mvn -B package --file pom.xml
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
- name: Replace Image Name
env:
IMAGE_TAG: ${{ steps.prep.outputs.BUILD_ID }}
LATEST_ID: ${{ steps.prep.outputs.LATEST_ID }}
HOST: ${{ vars.HOST }}
PORT: ${{ vars.PORT }}
ELASTIC_URL: ${{ vars.ELASTIC_URL }}
ELASTIC_KEY: ${{ vars.ELASTIC_KEY }}
IMAGE: ${{ steps.push-image.outputs.image }}
run: |
IMAGE_ID=${{ env.ECR_REPOSITORY }}:${{ steps.push-image.outputs.image }}
echo $IMAGE_ID
sed -i 's|${CONTAINER_NAME}|'${{ env.CONTAINER_NAME }}'|g' docker-compose.yml
sed -i 's/${GITHUB_ENV_IMAGE_TAG}/'"${GITHUB_ENV_IMAGE_TAG}"'/g' docker-compose.yml
sed -i 's|${IMAGE_ID}|'$IMAGE_ID'|g' docker-compose.yml
sed -i 's|${API_HOST}|'${{ vars.HOST }}'|g' docker-compose.yml
sed -i 's|${API_CONTAINER_PORT}|'${{ vars.PORT }}'|g' docker-compose.yml
sed -i 's|${ELASTIC_KEY}|'${{ vars.ELASTIC_KEY }}'|g' docker-compose.yml
sed -i 's|${ELASTIC_URL}|'${{ vars.ELASTIC_URL }}'|g' docker-compose.yml
- name: Build Docker images
run: docker-compose -f docker-compose.yml build
- name: Push Docker images to ECR
run: |
docker-compose -f docker-compose.yml push
- name: Deploy to ECS Fargate
run: |
aws ecs update-service --cluster ${{ env.ECS_CLUSTER }} --service ${{ env.ECS_SERVICE }} --force-new-deployment