@@ -4,7 +4,7 @@ name: Connect to an AWS role from a GitHub repository
44# Controls when the action will run. Invokes the workflow on push events but only for the main branch
55on :
66 push :
7- branches : [5165-cicd ]
7+ branches : [main ]
88 pull_request :
99 branches : [main]
1010
@@ -134,131 +134,122 @@ jobs:
134134 id : login-ecr
135135 uses : aws-actions/amazon-ecr-login@v2
136136
137- # For manually triggered runs, grab the image digest from the already built image
138- - name : Get latest tag for ECR Image
139- id : get_tagged_image
140- run : |
141- ecr_repo="aodn-v2"
142- test=$(aws ecr describe-images --repository-name $ecr_repo)
143- echo $test
144- latest_image=$(aws ecr describe-images --repository-name $ecr_repo --query 'sort_by(imageDetails,& imagePushedAt)[-1].imageTags[0]' --output text)
145- echo "Latest Image Tag: $latest_image"
146- echo "latest_image=$latest_image" >> $GITHUB_OUTPUT
147-
148- # - name: Build and tag image
149- # id: build-image
150- # env:
151- # ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
152- # IMAGE_TAG: ${{ steps.prep.outputs.BUILD_ID }}
153- # run: |
154- # # build a docker container to be deployed to ecr-ecs.
155- # docker build -t $ECR_REPOSITORY:$IMAGE_TAG .
156- # echo "image=$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT
157-
158- # - name: Run Trivy vulnerability scanner in docker mode
159- # uses: aquasecurity/trivy-action@master
160- # with:
161- # image-ref: ${{ steps.build-image.outputs.image }}
162- # format: 'table'
163- # severity: 'HIGH,CRITICAL'
164- # vuln-type: 'os,library'
165- # exit-code: 1
166- # ignore-unfixed: true
167- # continue-on-error: true
137+
168138
169- # - name: Push image to Amazon ECR
170- # id: push -image
171- # env:
172- # ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
173- # IMAGE_TAG: ${{ steps.prep.outputs.BUILD_ID }}
174- # run: |
175- # # push image to aws ecr
176- # docker push $ECR_REPOSITORY:$IMAGE_TAG
177- # echo "image=$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT
139+ - name : Build and tag image
140+ id : build -image
141+ env :
142+ ECR_REGISTRY : ${{ steps.login-ecr.outputs.registry }}
143+ IMAGE_TAG : ${{ steps.prep.outputs.BUILD_ID }}
144+ run : |
145+ # build a docker container to be deployed to ecr-ecs.
146+ docker build -t $ECR_REPOSITORY:$IMAGE_TAG .
147+ echo "image=$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT
178148
179- # - name: Fill in the new image ID in the Amazon ECS task definition
180- # id: task-def
181- # uses: aws-actions/amazon-ecs-render-task-definition@v1
182- # with:
183- # task-definition: ${{ env.ECS_TASK_DEFINITION }}
184- # container-name: ${{ env.CONTAINER_NAME }}
185- # image: ${{ steps.push-image.outputs.image }}
186- # environment-variables: |
187- # ENVIRONMENT=${{ env.ENVIRONMENT }}
188- # HOST=${{ vars.HOST }}
189- # PORT=${{ vars.PORT }}
190- # ELASTIC_URL=${{ vars.ELASTIC_URL }}
191- # ELASTIC_KEY=${{ vars.ELASTIC_KEY }}
192- # IMAGE=${{ steps.push-image.outputs.image }}
149+ name : Run Trivy vulnerability scanner in docker mode
150+ uses : aquasecurity/trivy-action@master
151+ with :
152+ image-ref : ${{ steps.build-image.outputs.image }}
153+ format : ' table'
154+ severity : ' HIGH,CRITICAL'
155+ vuln-type : ' os,library'
156+ exit-code : 1
157+ ignore-unfixed : true
158+ continue-on-error : true
159+
160+ - name : Push image to Amazon ECR
161+ id : push-image
162+ env :
163+ ECR_REGISTRY : ${{ steps.login-ecr.outputs.registry }}
164+ IMAGE_TAG : ${{ steps.prep.outputs.BUILD_ID }}
165+ run : |
166+ # push image to aws ecr
167+ docker push $ECR_REPOSITORY:$IMAGE_TAG
168+ echo "image=$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT
193169
194- # - name: Deploy Amazon ECS task definition
195- # uses: aws-actions/amazon-ecs-deploy-task-definition@v1
196- # id: ecs-deploy
197- # with:
198- # task-definition: ${{ steps.task-def.outputs.task-definition }}
199- # service: ${{ env.ECS_SERVICE }}
200- # cluster: ${{ env.ECS_CLUSTER }}
201- # wait-for-service-stability: true
170+ name : Fill in the new image ID in the Amazon ECS task definition
171+ id : task-def
172+ uses : aws-actions/amazon-ecs-render-task-definition@v1
173+ with :
174+ task-definition : ${{ env.ECS_TASK_DEFINITION }}
175+ container-name : ${{ env.CONTAINER_NAME }}
176+ image : ${{ steps.push-image.outputs.image }}
177+ environment-variables : |
178+ ENVIRONMENT=${{ env.ENVIRONMENT }}
179+ HOST=${{ vars.HOST }}
180+ PORT=${{ vars.PORT }}
181+ ELASTIC_URL=${{ vars.ELASTIC_URL }}
182+ ELASTIC_KEY=${{ vars.ELASTIC_KEY }}
183+ IMAGE=${{ steps.push-image.outputs.image }}
184+
185+ name : Deploy Amazon ECS task definition
186+ uses : aws-actions/amazon-ecs-deploy-task-definition@v1
187+ id : ecs-deploy
188+ with :
189+ task-definition : ${{ steps.task-def.outputs.task-definition }}
190+ service : ${{ env.ECS_SERVICE }}
191+ cluster : ${{ env.ECS_CLUSTER }}
192+ wait-for-service-stability : true
202193
203- # - name: Check if deployment was successful
204- # id: check-deployment
205- # run: |
206- # CURRENT_TASK_DEF_ARN=$(aws ecs describe-services --cluster ${{ env.ECS_CLUSTER }} --services ${{ env.ECS_SERVICE }} --query services[0].deployments[0].taskDefinition | jq -r ".")
207- # NEW_TASK_DEF_ARN=${{ steps.ecs-deploy.outputs.task-definition-arn }}
208- # REVISION=${GITHUB_SHA::8}
209- # echo "Current task arn: $CURRENT_TASK_DEF_ARN"
210- # echo "New task arn: $NEW_TASK_DEF_ARN"
211- # echo "Latest revision: $REVISION"
212- # if [ "$CURRENT_TASK_DEF_ARN" != "$NEW_TASK_DEF_ARN" ]; then
213- # echo "Deployment failed with latest code revision."
214- # exit 1
215- # else
216- # echo "Deployment successfull."
217- # fi
194+ - name : Check if deployment was successful
195+ id : check-deployment
196+ run : |
197+ CURRENT_TASK_DEF_ARN=$(aws ecs describe-services --cluster ${{ env.ECS_CLUSTER }} --services ${{ env.ECS_SERVICE }} --query services[0].deployments[0].taskDefinition | jq -r ".")
198+ NEW_TASK_DEF_ARN=${{ steps.ecs-deploy.outputs.task-definition-arn }}
199+ REVISION=${GITHUB_SHA::8}
200+ echo "Current task arn: $CURRENT_TASK_DEF_ARN"
201+ echo "New task arn: $NEW_TASK_DEF_ARN"
202+ echo "Latest revision: $REVISION"
203+ if [ "$CURRENT_TASK_DEF_ARN" != "$NEW_TASK_DEF_ARN" ]; then
204+ echo "Deployment failed with latest code revision."
205+ exit 1
206+ else
207+ echo "Deployment successfull."
208+ fi
218209
219- # - name: Get and calculate latest package version - AWS CodeArtifact
220- # id: ca-getversion
221- # env:
222- # BUILD_ID: ${{ steps.prep.outputs.BUILD_ID }}
223- # run: |
224- # FLAG_INITIAL=false
210+ name : Get and calculate latest package version - AWS CodeArtifact
211+ id : ca-getversion
212+ env :
213+ BUILD_ID : ${{ steps.prep.outputs.BUILD_ID }}
214+ run : |
215+ FLAG_INITIAL=false
225216
226- # CURRENT_VERSION=$(aws codeartifact list-package-versions --domain $CA_DOMAIN --repository $CA_REPO --format generic --package $CA_PACKAGE --namespace $CA_NAMESPACE --query defaultDisplayVersion | jq -r ".")
227- # echo "current version: $CURRENT_VERSION"
217+ CURRENT_VERSION=$(aws codeartifact list-package-versions --domain $CA_DOMAIN --repository $CA_REPO --format generic --package $CA_PACKAGE --namespace $CA_NAMESPACE --query defaultDisplayVersion | jq -r ".")
218+ echo "current version: $CURRENT_VERSION"
228219
229- # if [ -z "$CURRENT_VERSION" ]; then
230- # CURRENT_VERSION="1.0.0"
231- # FLAG_INITIAL=true
232- # fi
233- # IFS='.' read -ra version_parts <<< "$CURRENT_VERSION"
234- # MAJOR=${version_parts[0]}
235- # MINOR=${version_parts[1]}
236- # NEW_MINOR=$((MINOR + 1))
237- # if [ "$FLAG_INITIAL" == "true" ]; then
238- # NEW_MINOR="0"
239- # fi
220+ if [ -z "$CURRENT_VERSION" ]; then
221+ CURRENT_VERSION="1.0.0"
222+ FLAG_INITIAL=true
223+ fi
224+ IFS='.' read -ra version_parts <<< "$CURRENT_VERSION"
225+ MAJOR=${version_parts[0]}
226+ MINOR=${version_parts[1]}
227+ NEW_MINOR=$((MINOR + 1))
228+ if [ "$FLAG_INITIAL" == "true" ]; then
229+ NEW_MINOR="0"
230+ fi
240231
241- # #version format[major.minor.build_number]
242- # #build_number format{BRANCH}-${REVISION}-${TS}
243- # echo "latest_version=$MAJOR.$NEW_MINOR.${{ env.BUILD_ID }}" >> $GITHUB_OUTPUT
244-
245- # - name: Publish JAR file - AWS CodeArtifact
246- # id: ca-deploy
247- # env:
248- # CA_VERSION: ${{ steps.ca-getversion.outputs.latest_version }}
249- # run: |
250- # export ASSET_SHA256=$(sha256sum ${{ vars.CA_SOURCE_PATH }} | awk '{print $1;}')
251- # #ASSET_SHA256:- This value is used as an integrity check to verify that the assetContent has not changed after it was originally sent or published.
232+ #version format[major.minor.build_number]
233+ #build_number format{BRANCH}-${REVISION}-${TS}
234+ echo "latest_version=$MAJOR.$NEW_MINOR.${{ env.BUILD_ID }}" >> $GITHUB_OUTPUT
235+
236+ name : Publish JAR file - AWS CodeArtifact
237+ id : ca-deploy
238+ env :
239+ CA_VERSION : ${{ steps.ca-getversion.outputs.latest_version }}
240+ run : |
241+ export ASSET_SHA256=$(sha256sum ${{ vars.CA_SOURCE_PATH }} | awk '{print $1;}')
242+ #ASSET_SHA256:- This value is used as an integrity check to verify that the assetContent has not changed after it was originally sent or published.
252243
253- # aws codeartifact publish-package-version \
254- # --repository $CA_REPO \
255- # --domain $CA_DOMAIN \
256- # --domain-owner $CA_DOMAIN_OWNER \
257- # --format generic \
258- # --package $CA_PACKAGE \
259- # --asset-content ${{ vars.CA_SOURCE_PATH }} \
260- # --package-version ${{ env.CA_VERSION }} \
261- # --asset-name $CA_PACKAGE \
262- # --asset-sha256 $ASSET_SHA256 \
263- # --namespace $CA_NAMESPACE \
264- # --output text
244+ aws codeartifact publish-package-version \
245+ --repository $CA_REPO \
246+ --domain $CA_DOMAIN \
247+ --domain-owner $CA_DOMAIN_OWNER \
248+ --format generic \
249+ --package $CA_PACKAGE \
250+ --asset-content ${{ vars.CA_SOURCE_PATH }} \
251+ --package-version ${{ env.CA_VERSION }} \
252+ --asset-name $CA_PACKAGE \
253+ --asset-sha256 $ASSET_SHA256 \
254+ --namespace $CA_NAMESPACE \
255+ --output text
0 commit comments