build id test

aodn · Dec 21, 2023 · 3747895 · 3747895
1 parent c469032
commit 3747895
Showing 1 changed file with 111 additions and 120 deletions.
diff --git a/.github/workflows/github-actions.yml b/.github/workflows/github-actions.yml
@@ -4,7 +4,7 @@ name: Connect to an AWS role from a GitHub repository
 # Controls when the action will run. Invokes the workflow on push events but only for the main branch
 on:
   push:
-    branches: [5165-cicd]
+    branches: [main]
   pull_request:
     branches: [main]
 
@@ -134,131 +134,122 @@ jobs:
         id: login-ecr
         uses: aws-actions/amazon-ecr-login@v2
 
-        # For manually triggered runs, grab the image digest from the already built image
-      - name: Get latest tag for ECR Image
-        id: get_tagged_image
-        run: |
-          ecr_repo="aodn-v2"
-          test=$(aws ecr describe-images --repository-name $ecr_repo)
-          echo $test 
-          latest_image=$(aws ecr describe-images --repository-name $ecr_repo --query 'sort_by(imageDetails,& imagePushedAt)[-1].imageTags[0]' --output text)
-          echo "Latest Image Tag: $latest_image"
-          echo "latest_image=$latest_image" >> $GITHUB_OUTPUT
-
-      # - name: Build and tag image
-      #   id: build-image
-      #   env:
-      #     ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
-      #     IMAGE_TAG: ${{ steps.prep.outputs.BUILD_ID }}
-      #   run: |
-      #     # build a docker container to be deployed to ecr-ecs.
-      #     docker build -t $ECR_REPOSITORY:$IMAGE_TAG .
-      #     echo "image=$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT
-
-      # - name: Run Trivy vulnerability scanner in docker mode
-      #   uses: aquasecurity/trivy-action@master
-      #   with:
-      #       image-ref: ${{ steps.build-image.outputs.image }}
-      #       format: 'table'
-      #       severity: 'HIGH,CRITICAL'
-      #       vuln-type: 'os,library'
-      #       exit-code: 1
-      #       ignore-unfixed: true
-      #   continue-on-error: true
+
 
-      # - name: Push image to Amazon ECR
-      #   id: push-image
-      #   env:
-      #     ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
-      #     IMAGE_TAG: ${{ steps.prep.outputs.BUILD_ID }}
-      #   run: |
-      #     # push image to aws ecr
-      #     docker push $ECR_REPOSITORY:$IMAGE_TAG
-      #     echo "image=$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT
+      - name: Build and tag image
+        id: build-image
+        env:
+          ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
+          IMAGE_TAG: ${{ steps.prep.outputs.BUILD_ID }}
+        run: |
+          # build a docker container to be deployed to ecr-ecs.
+          docker build -t $ECR_REPOSITORY:$IMAGE_TAG .
+          echo "image=$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT
 
-      # - name: Fill in the new image ID in the Amazon ECS task definition
-      #   id: task-def
-      #   uses: aws-actions/amazon-ecs-render-task-definition@v1
-      #   with:
-      #     task-definition: ${{ env.ECS_TASK_DEFINITION }}
-      #     container-name: ${{ env.CONTAINER_NAME }}
-      #     image: ${{ steps.push-image.outputs.image }}
-      #     environment-variables: |
-      #       ENVIRONMENT=${{ env.ENVIRONMENT }}
-      #       HOST=${{ vars.HOST }} 
-      #       PORT=${{ vars.PORT }} 
-      #       ELASTIC_URL=${{ vars.ELASTIC_URL }} 
-      #       ELASTIC_KEY=${{ vars.ELASTIC_KEY }}
-      #       IMAGE=${{ steps.push-image.outputs.image }}
+      - name: Run Trivy vulnerability scanner in docker mode
+        uses: aquasecurity/trivy-action@master
+        with:
+            image-ref: ${{ steps.build-image.outputs.image }}
+            format: 'table'
+            severity: 'HIGH,CRITICAL'
+            vuln-type: 'os,library'
+            exit-code: 1
+            ignore-unfixed: true
+        continue-on-error: true
+
+      - name: Push image to Amazon ECR
+        id: push-image
+        env:
+          ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
+          IMAGE_TAG: ${{ steps.prep.outputs.BUILD_ID }}
+        run: |
+          # push image to aws ecr
+          docker push $ECR_REPOSITORY:$IMAGE_TAG
+          echo "image=$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT
 
-      # - name: Deploy Amazon ECS task definition
-      #   uses: aws-actions/amazon-ecs-deploy-task-definition@v1
-      #   id: ecs-deploy
-      #   with:
-      #     task-definition: ${{ steps.task-def.outputs.task-definition }}
-      #     service: ${{ env.ECS_SERVICE }}
-      #     cluster: ${{ env.ECS_CLUSTER }}
-      #     wait-for-service-stability: true
+      - name: Fill in the new image ID in the Amazon ECS task definition
+        id: task-def
+        uses: aws-actions/amazon-ecs-render-task-definition@v1
+        with:
+          task-definition: ${{ env.ECS_TASK_DEFINITION }}
+          container-name: ${{ env.CONTAINER_NAME }}
+          image: ${{ steps.push-image.outputs.image }}
+          environment-variables: |
+            ENVIRONMENT=${{ env.ENVIRONMENT }}
+            HOST=${{ vars.HOST }} 
+            PORT=${{ vars.PORT }} 
+            ELASTIC_URL=${{ vars.ELASTIC_URL }} 
+            ELASTIC_KEY=${{ vars.ELASTIC_KEY }}
+            IMAGE=${{ steps.push-image.outputs.image }}
+
+      - name: Deploy Amazon ECS task definition
+        uses: aws-actions/amazon-ecs-deploy-task-definition@v1
+        id: ecs-deploy
+        with:
+          task-definition: ${{ steps.task-def.outputs.task-definition }}
+          service: ${{ env.ECS_SERVICE }}
+          cluster: ${{ env.ECS_CLUSTER }}
+          wait-for-service-stability: true
 
-      # - name: Check if deployment was successful
-      #   id: check-deployment
-      #   run: |
-      #       CURRENT_TASK_DEF_ARN=$(aws ecs describe-services --cluster ${{ env.ECS_CLUSTER }} --services ${{ env.ECS_SERVICE }} --query services[0].deployments[0].taskDefinition | jq -r ".")
-      #       NEW_TASK_DEF_ARN=${{ steps.ecs-deploy.outputs.task-definition-arn }}
-      #       REVISION=${GITHUB_SHA::8}
-      #       echo "Current task arn: $CURRENT_TASK_DEF_ARN"
-      #       echo "New task arn: $NEW_TASK_DEF_ARN"
-      #       echo "Latest revision: $REVISION"
-      #       if [ "$CURRENT_TASK_DEF_ARN" != "$NEW_TASK_DEF_ARN" ]; then
-      #         echo "Deployment failed with latest code revision."
-      #         exit 1
-      #       else
-      #         echo "Deployment successfull."
-      #       fi
+      - name: Check if deployment was successful
+        id: check-deployment
+        run: |
+            CURRENT_TASK_DEF_ARN=$(aws ecs describe-services --cluster ${{ env.ECS_CLUSTER }} --services ${{ env.ECS_SERVICE }} --query services[0].deployments[0].taskDefinition | jq -r ".")
+            NEW_TASK_DEF_ARN=${{ steps.ecs-deploy.outputs.task-definition-arn }}
+            REVISION=${GITHUB_SHA::8}
+            echo "Current task arn: $CURRENT_TASK_DEF_ARN"
+            echo "New task arn: $NEW_TASK_DEF_ARN"
+            echo "Latest revision: $REVISION"
+            if [ "$CURRENT_TASK_DEF_ARN" != "$NEW_TASK_DEF_ARN" ]; then
+              echo "Deployment failed with latest code revision."
+              exit 1
+            else
+              echo "Deployment successfull."
+            fi
 
-      # - name: Get and calculate latest package version - AWS CodeArtifact
-      #   id: ca-getversion
-      #   env:
-      #     BUILD_ID: ${{ steps.prep.outputs.BUILD_ID }}
-      #   run: |
-      #     FLAG_INITIAL=false
+      - name: Get and calculate latest package version - AWS CodeArtifact
+        id: ca-getversion
+        env:
+          BUILD_ID: ${{ steps.prep.outputs.BUILD_ID }}
+        run: |
+          FLAG_INITIAL=false
           
-      #     CURRENT_VERSION=$(aws codeartifact list-package-versions --domain $CA_DOMAIN --repository $CA_REPO --format generic --package $CA_PACKAGE --namespace $CA_NAMESPACE --query defaultDisplayVersion | jq -r ".")
-      #     echo "current version: $CURRENT_VERSION"
+          CURRENT_VERSION=$(aws codeartifact list-package-versions --domain $CA_DOMAIN --repository $CA_REPO --format generic --package $CA_PACKAGE --namespace $CA_NAMESPACE --query defaultDisplayVersion | jq -r ".")
+          echo "current version: $CURRENT_VERSION"
           
-      #     if [ -z "$CURRENT_VERSION" ]; then
-      #       CURRENT_VERSION="1.0.0"
-      #       FLAG_INITIAL=true
-      #     fi
-      #     IFS='.' read -ra version_parts <<< "$CURRENT_VERSION"
-      #     MAJOR=${version_parts[0]}
-      #     MINOR=${version_parts[1]}
-      #     NEW_MINOR=$((MINOR + 1))
-      #     if [ "$FLAG_INITIAL" == "true" ]; then
-      #       NEW_MINOR="0"
-      #     fi
+          if [ -z "$CURRENT_VERSION" ]; then
+            CURRENT_VERSION="1.0.0"
+            FLAG_INITIAL=true
+          fi
+          IFS='.' read -ra version_parts <<< "$CURRENT_VERSION"
+          MAJOR=${version_parts[0]}
+          MINOR=${version_parts[1]}
+          NEW_MINOR=$((MINOR + 1))
+          if [ "$FLAG_INITIAL" == "true" ]; then
+            NEW_MINOR="0"
+          fi
           
-      #     #version format[major.minor.build_number] 
-      #     #build_number format{BRANCH}-${REVISION}-${TS}
-      #     echo "latest_version=$MAJOR.$NEW_MINOR.${{ env.BUILD_ID }}" >> $GITHUB_OUTPUT
-
-      # - name: Publish JAR file - AWS CodeArtifact
-      #   id: ca-deploy
-      #   env:
-      #     CA_VERSION: ${{ steps.ca-getversion.outputs.latest_version }}
-      #   run: |
-      #     export ASSET_SHA256=$(sha256sum ${{ vars.CA_SOURCE_PATH }} | awk '{print $1;}')
-      #     #ASSET_SHA256:- This value is used as an integrity check to verify that the assetContent has not changed after it was originally sent or published.
+          #version format[major.minor.build_number] 
+          #build_number format{BRANCH}-${REVISION}-${TS}
+          echo "latest_version=$MAJOR.$NEW_MINOR.${{ env.BUILD_ID }}" >> $GITHUB_OUTPUT
+
+      - name: Publish JAR file - AWS CodeArtifact
+        id: ca-deploy
+        env:
+          CA_VERSION: ${{ steps.ca-getversion.outputs.latest_version }}
+        run: |
+          export ASSET_SHA256=$(sha256sum ${{ vars.CA_SOURCE_PATH }} | awk '{print $1;}')
+          #ASSET_SHA256:- This value is used as an integrity check to verify that the assetContent has not changed after it was originally sent or published.
           
-      #     aws codeartifact publish-package-version \
-      #     --repository $CA_REPO \
-      #     --domain $CA_DOMAIN \
-      #     --domain-owner $CA_DOMAIN_OWNER \
-      #     --format generic \
-      #     --package $CA_PACKAGE \
-      #     --asset-content ${{ vars.CA_SOURCE_PATH }} \
-      #     --package-version ${{ env.CA_VERSION }} \
-      #     --asset-name $CA_PACKAGE \
-      #     --asset-sha256 $ASSET_SHA256 \
-      #     --namespace $CA_NAMESPACE  \
-      #     --output text
+          aws codeartifact publish-package-version \
+          --repository $CA_REPO \
+          --domain $CA_DOMAIN \
+          --domain-owner $CA_DOMAIN_OWNER \
+          --format generic \
+          --package $CA_PACKAGE \
+          --asset-content ${{ vars.CA_SOURCE_PATH }} \
+          --package-version ${{ env.CA_VERSION }} \
+          --asset-name $CA_PACKAGE \
+          --asset-sha256 $ASSET_SHA256 \
+          --namespace $CA_NAMESPACE  \
+          --output text