pipeline testing

.github/workflows/github-actions.yml

@@ -1,3 +1,235 @@
+# # This is a basic workflow to help you get started with Actions
+# name: Connect to an AWS role from a GitHub repository
+
+# # Controls when the action will run. Invokes the workflow on push events but only for the main branch
+# on:
+#   push:
+#     branches: [5165-cicd]
+#   pull_request:
+#     branches: [5165-cicd]
+
+# env:
+#   ENVIRONMENT: development
+#   AWS_REGION: ap-southeast-2 #MY_AWS_REGION
+#   ECR_REPOSITORY: test # set this to your Amazon ECR repository name
+#   ECS_SERVICE: ogcapi-java-service # set this to your Amazon ECS service name
+#   ECS_CLUSTER: aodn-imos-v2 # set this to your Amazon ECS cluster name
+#   ECS_TASK_DEFINITION: ./ogcapi-java-dev-td.json #MY_ECS_TASK_DEFINITION # set this to the path to your Amazon ECS task definition
+#   CONTAINER_NAME: aodn-dev-container # set this to the name of the container in the
+#   name: development
+
+
+# # Permission can be added at job level or workflow level
+# permissions:
+#   id-token: write   # This is required for requesting the JWT
+#   contents: read    # This is required for actions/checkout
+
+# jobs:
+#   AWS-ECR-ECS-Deploy:
+#     runs-on: ubuntu-latest
+#     environment: development
+#     steps:
+#       - name: Git clone the repository
+#         uses: actions/checkout@v3
+#       - name: Configure AWS credentials
+#         uses: aws-actions/configure-aws-credentials@v4
+#         with:
+#           role-to-assume: ${{ vars.ROLE_ARN }}
+#           role-session-name: GitHub_to_AWS_via_FederatedOIDC
+#           aws-region: ${{ env.AWS_REGION }}
+#       # Hello from AWS: WhoAmI
+#       - name: Sts GetCallerIdentity
+#         run: |
+#           aws sts get-caller-identity
+
+#       - name: Install jq
+#         run: sudo apt-get update && sudo apt-get install -y jq
+
+#       - name: Retrieve Parameters - ssm parameter store
+#         id: getParameters
+#         run: |
+#           # Replace '--path' with your specific path from Parameter Store
+#           parameters=$(aws ssm get-parameters-by-path --path "/core/ogcapi/dev_ecr_ecs_config/" --recursive --query 'Parameters[*].[Name,Value]' --output json)
+#           echo "$parameters" > parameters.json
+#           echo "::set-output name=parameters_json::$parameters"
+
+#       - name: Process Parameters - ssm parameter store
+#         run: |
+#           parameters=$(cat parameters.json)
+#           # Loop through the JSON array of parameters using jq
+#           for row in $(echo "${parameters}" | jq -r '.[] | @base64'); do
+#             _jq() {
+#               echo "${row}" | base64 --decode | jq -r "${1}"
+#             }
+#             name=$(_jq '.[0]')
+#             value=$(_jq '.[1]')
+
+#             echo "Name: $name, Value: $value"
+
+#             # Perform actions using parameter values here
+#             # For example, set environment variables
+#             if [ "$name" = "/core/ogcapi/dev_ecr_ecs_config/ecr_repo" ]; then
+#               echo "ECR_REPOSITORY=$value" >> "$GITHUB_ENV"
+#             fi
+#             if [ "$name" = "/core/ogcapi/dev_ecr_ecs_config/ecs_cluster" ]; then
+#               echo "ECS_CLUSTER=$value" >> "$GITHUB_ENV"
+#             fi
+#             if [ "$name" = "/core/ogcapi/dev_ecr_ecs_config/ecs_service" ]; then
+#               echo "ECS_SERVICE=$value" >> "$GITHUB_ENV"
+#             fi
+#             if [ "$name" = "/core/ogcapi/dev_ecr_ecs_config/container_name" ]; then
+#               echo "CONTAINER_NAME=$value" >> "$GITHUB_ENV"
+#             fi
+#           done
+
+#       - name: Print new env var values - ssm parameter store
+#         run: |
+#           printf '%s\n' "$ECR_REPOSITORY"
+#           printf '%s\n' "$ECS_CLUSTER"
+#           printf '%s\n' "$ECS_SERVICE"
+#           printf '%s\n' "$CONTAINER_NAME"
+
+#       - name: Prepare
+#         id: prep
+#         run: |
+#           BRANCH=${GITHUB_REF##*/}
+#           TS=$(date +%s)
+#           REVISION=${GITHUB_SHA::8}
+#           BUILD_ID="${BRANCH}-${REVISION}-${TS}"
+#           LATEST_ID=canary
+#           if [[ $GITHUB_REF == refs/tags/* ]]; then
+#             BUILD_ID=${GITHUB_REF/refs\/tags\//}
+#             LATEST_ID=latest
+#           fi
+#           echo ::set-output name=BUILD_DATE::$(date -u +'%Y-%m-%dT%H:%M:%SZ')
+#           echo ::set-output name=BUILD_ID::${BUILD_ID}
+#           echo ::set-output name=LATEST_ID::${LATEST_ID} >> $GITHUB_OUTPUT
+
+#       - name: Checkout
+#         uses: actions/checkout@v3
+
+#       - name: Set up JDK 17
+#         uses: actions/setup-java@v3
+#         with:
+#           distribution: 'temurin'
+#           java-version: '17'
+#           cache: 'maven'
+
+#       - name: Build with Maven
+#         run: |
+#           mvn -B package --file pom.xml
+
+#       - name: Login to Amazon ECR
+#         id: login-ecr
+#         uses: aws-actions/amazon-ecr-login@v2
+
+#       - name: Build and tag image
+#         id: build-image
+#         env:
+#           ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
+#           IMAGE_TAG: ${{ steps.prep.outputs.BUILD_ID }}
+#           LATEST_ID: ${{ steps.prep.outputs.LATEST_ID }}
+#         run: |
+#           # Build a docker container and
+#           # be deployed to ECS.
+#           # docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
+#           # echo "image=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT
+#           # aws ecr get-login-password --region ap-southeast-2 | docker login --username AWS --password-stdin $ACCOUNT_ID
+#           docker build -t $ECR_REPOSITORY:$IMAGE_TAG .
+#           echo "image=$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT
+
+#       - name: Run Trivy vulnerability scanner in docker mode
+#         uses: aquasecurity/trivy-action@master
+#         with:
+#             image-ref: ${{ steps.build-image.outputs.image }}
+#             format: 'table'
+#             severity: 'HIGH,CRITICAL'
+#             vuln-type: 'os,library'
+#             exit-code: 1
+#             ignore-unfixed: true
+#         continue-on-error: true
+
+#       - name: Push image to Amazon ECR
+#         id: push-image
+#         env:
+#           ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
+#           IMAGE_TAG: ${{ steps.prep.outputs.BUILD_ID }}
+#           LATEST_ID: ${{ steps.prep.outputs.LATEST_ID }}
+#         run: |
+#           # Build a docker container and
+#           # be deployed to ECS.
+#           # docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
+#           # echo "image=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT
+#           # aws ecr get-login-password --region ap-southeast-2 | docker login --username AWS --password-stdin $ACCOUNT_ID
+#           docker push $ECR_REPOSITORY:$IMAGE_TAG
+#           echo "image=$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT
+
+#       - name: Fill in the new image ID in the Amazon ECS task definition
+#         id: task-def
+#         uses: aws-actions/amazon-ecs-render-task-definition@v1
+#         with:
+#           task-definition: ${{ env.ECS_TASK_DEFINITION }}
+#           container-name: ${{ env.CONTAINER_NAME }}
+#           image: ${{ steps.push-image.outputs.image }}
+#           environment-variables: |
+#             ENVIRONMENT=${{ env.ENVIRONMENT }}
+#             HOST=${{ vars.HOST }} 
+#             PORT=${{ vars.PORT }} 
+#             ELASTIC_URL=${{ vars.ELASTIC_URL }} 
+#             ELASTIC_KEY=${{ vars.ELASTIC_KEY }}
+#             IMAGE=${{ steps.push-image.outputs.image }}
+
+#       - name: Deploy Amazon ECS task definition
+#         uses: aws-actions/amazon-ecs-deploy-task-definition@v1
+#         id: ecs-deploy
+#         with:
+#           task-definition: ${{ steps.task-def.outputs.task-definition }}
+#           service: ${{ env.ECS_SERVICE }}
+#           cluster: ${{ env.ECS_CLUSTER }}
+#           wait-for-service-stability: true
+
+#       - name: Check if deployment was successful
+#         id: check-deployment
+#         run: |
+#             CURRENT_TASK_DEF_ARN=$(aws ecs describe-services --cluster ${{ env.ECS_CLUSTER }} --services ${{ env.ECS_SERVICE }} --query services[0].deployments[0].taskDefinition | jq -r ".")
+#             NEW_TASK_DEF_ARN=${{ steps.ecs-deploy.outputs.task-definition-arn }}
+#             REVISION=${GITHUB_SHA::8}
+#             echo "Current task arn: $CURRENT_TASK_DEF_ARN"
+#             echo "New task arn: $NEW_TASK_DEF_ARN"
+#             echo "Latest revision: $REVISION"
+#             if [ "$CURRENT_TASK_DEF_ARN" != "$NEW_TASK_DEF_ARN" ]; then
+#               echo "Deployment failed with latest code revision."
+#               exit 1
+#             else
+#               echo "Deployment successfull."
+#             fi
+
+#       - name: Install AWS CLI dependencies
+#         run: |
+#           python -m pip install --upgrade pip
+#           pip install awscli
+
+#       - name: Publish to AWS CodeArtifact
+#         id: ca-deploy
+#         run: |
+#           DOMAIN="testmvp-io"
+#           DOMAIN_OWNER="704910415367"
+#           CODE_ARTIFACT_REPO="java-maven-repo"
+#           PACKAGE="ogcapi"
+#           SOURCE_PATH="./server/target/server-java-1.0.0-SNAPSHOT-exec.jar"
+#           CA_VERSION="1.0.1"
+#           CA_NAMESPACE="ogcapi"
+#           export ASSET_SHA256=$(sha256sum ./server/target/server-java-1.0.0-SNAPSHOT-exec.jar | awk '{print $1;}')
+
+#           #aws codeartifact get-repository-endpoint --domain $DOMAIN --repository $CODE_ARTIFACT_REPO --format maven
+
+#           #aws codeartifact login --tool pip --repository $CODE_ARTIFACT_REPO --domain $DOMAIN --domain-owner $DOMAIN_OWNER --region ${{ env.AWS_REGION }}
+
+#           aws codeartifact publish-package-version --repository $CODE_ARTIFACT_REPO --domain $DOMAIN --domain-owner $DOMAIN_OWNER --format generic --package $PACKAGE --asset-content $SOURCE_PATH --package-version $CA_VERSION --asset-name $PACKAGE --asset-sha256 $ASSET_SHA256 --namespace $CA_NAMESPACE  --output text
+
+
+#Test docker-compose.yml file
+
 # This is a basic workflow to help you get started with Actions
 name: Connect to an AWS role from a GitHub repository
 
@@ -104,9 +336,9 @@ jobs:
             BUILD_ID=${GITHUB_REF/refs\/tags\//}
             LATEST_ID=latest
           fi
-          echo ::set-output name=BUILD_DATE::$(date -u +'%Y-%m-%dT%H:%M:%SZ')
-          echo ::set-output name=BUILD_ID::${BUILD_ID}
-          echo ::set-output name=LATEST_ID::${LATEST_ID} >> $GITHUB_OUTPUT
+          echo name=BUILD_DATE::$(date -u +'%Y-%m-%dT%H:%M:%SZ')
+          echo name=BUILD_ID::${BUILD_ID}
+          echo name=LATEST_ID::${LATEST_ID} >> $GITHUB_OUTPUT
 
       - name: Checkout
         uses: actions/checkout@v3
@@ -126,108 +358,25 @@ jobs:
         id: login-ecr
         uses: aws-actions/amazon-ecr-login@v2
 
-      - name: Build and tag image
-        id: build-image
+      - name: Replace Image Name
         env:
-          ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
           IMAGE_TAG: ${{ steps.prep.outputs.BUILD_ID }}
           LATEST_ID: ${{ steps.prep.outputs.LATEST_ID }}
         run: |
-          # Build a docker container and
-          # be deployed to ECS.
-          # docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
-          # echo "image=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT
-          # aws ecr get-login-password --region ap-southeast-2 | docker login --username AWS --password-stdin $ACCOUNT_ID
-          docker build -t $ECR_REPOSITORY:$IMAGE_TAG .
-          echo "image=$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT
-
-      # - name: Run Trivy vulnerability scanner in docker mode
-      #   uses: aquasecurity/trivy-action@master
-      #   with:
-      #       image-ref: ${{ steps.build-image.outputs.image }}
-      #       format: 'table'
-      #       severity: 'HIGH,CRITICAL'
-      #       vuln-type: 'os,library'
-      #       exit-code: 1
-      #       ignore-unfixed: true
-      #   continue-on-error: true
-
-      # - name: Push image to Amazon ECR
-      #   id: push-image
-      #   env:
-      #     ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
-      #     IMAGE_TAG: ${{ steps.prep.outputs.BUILD_ID }}
-      #     LATEST_ID: ${{ steps.prep.outputs.LATEST_ID }}
-      #   run: |
-      #     # Build a docker container and
-      #     # be deployed to ECS.
-      #     # docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
-      #     # echo "image=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT
-      #     # aws ecr get-login-password --region ap-southeast-2 | docker login --username AWS --password-stdin $ACCOUNT_ID
-      #     docker push $ECR_REPOSITORY:$IMAGE_TAG
-      #     echo "image=$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT
-
-      # - name: Fill in the new image ID in the Amazon ECS task definition
-      #   id: task-def
-      #   uses: aws-actions/amazon-ecs-render-task-definition@v1
-      #   with:
-      #     task-definition: ${{ env.ECS_TASK_DEFINITION }}
-      #     container-name: ${{ env.CONTAINER_NAME }}
-      #     image: ${{ steps.push-image.outputs.image }}
-      #     environment-variables: |
-      #       ENVIRONMENT=${{ env.ENVIRONMENT }}
-      #       HOST=${{ vars.HOST }} 
-      #       PORT=${{ vars.PORT }} 
-      #       ELASTIC_URL=${{ vars.ELASTIC_URL }} 
-      #       ELASTIC_KEY=${{ vars.ELASTIC_KEY }}
-      #       IMAGE=${{ steps.push-image.outputs.image }}
-
-      # - name: Deploy Amazon ECS task definition
-      #   uses: aws-actions/amazon-ecs-deploy-task-definition@v1
-      #   id: ecs-deploy
-      #   with:
-      #     task-definition: ${{ steps.task-def.outputs.task-definition }}
-      #     service: ${{ env.ECS_SERVICE }}
-      #     cluster: ${{ env.ECS_CLUSTER }}
-      #     wait-for-service-stability: true
-
-      # - name: Check if deployment was successful
-      #   id: check-deployment
-      #   run: |
-      #       CURRENT_TASK_DEF_ARN=$(aws ecs describe-services --cluster ${{ env.ECS_CLUSTER }} --services ${{ env.ECS_SERVICE }} --query services[0].deployments[0].taskDefinition | jq -r ".")
-      #       NEW_TASK_DEF_ARN=${{ steps.ecs-deploy.outputs.task-definition-arn }}
-      #       REVISION=${GITHUB_SHA::8}
-      #       echo "Current task arn: $CURRENT_TASK_DEF_ARN"
-      #       echo "New task arn: $NEW_TASK_DEF_ARN"
-      #       echo "Latest revision: $REVISION"
-      #       if [ "$CURRENT_TASK_DEF_ARN" != "$NEW_TASK_DEF_ARN" ]; then
-      #         echo "Deployment failed with latest code revision."
-      #         exit 1
-      #       else
-      #         echo "Deployment successfull."
-      #       fi
-
-      - name: Install AWS CLI dependencies
-        run: |
-          python -m pip install --upgrade pip
-          pip install awscli
+          sed -i 's|${CONTAINER_NAME}|'${{ env.CONTAINER_NAME }}'|g' docker-compose.yml
+          sed -i 's|${IMAGE_ID}|'$ECR_REPOSITORY:$IMAGE_TAG'|g' docker-compose.yml
+          sed -i 's|${API_HOST}|'${{ env.HOST }}'|g' docker-compose.yml
+          sed -i 's|${API_CONTAINER_PORT}|'${{ env.PORT }}'|g' docker-compose.yml
+          sed -i 's|${ELASTIC_KEY}|'${{ env.ELASTIC_KEY }}'|g' docker-compose.yml
+          sed -i 's|${ELASTIC_URL}|'${{ env.ELASTIC_URL }}'|g' docker-compose.yml
+          
+      - name: Build Docker images
+        run: docker-compose -f docker-compose.yml build
 
-      - name: Publish to AWS CodeArtifact
-        id: ca-deploy
+      - name: Push Docker images to ECR
         run: |
-          DOMAIN="testmvp-io"
-          DOMAIN_OWNER="704910415367"
-          CODE_ARTIFACT_REPO="java-maven-repo"
-          PACKAGE="ogcapi"
-          SOURCE_PATH="./server/target/server-java-1.0.0-SNAPSHOT-exec.jar"
-          CA_VERSION="1.0.1"
-          CA_NAMESPACE="ogcapi"
-          export ASSET_SHA256=$(sha256sum ./server/target/server-java-1.0.0-SNAPSHOT-exec.jar | awk '{print $1;}')
-
-          #aws codeartifact get-repository-endpoint --domain $DOMAIN --repository $CODE_ARTIFACT_REPO --format maven
-          
-          #aws codeartifact login --tool pip --repository $CODE_ARTIFACT_REPO --domain $DOMAIN --domain-owner $DOMAIN_OWNER --region ${{ env.AWS_REGION }}
+          docker-compose -f docker-compose.yml push
 
-          aws codeartifact publish-package-version --repository $CODE_ARTIFACT_REPO --domain $DOMAIN --domain-owner $DOMAIN_OWNER --format generic --package $PACKAGE --asset-content $SOURCE_PATH --package-version $CA_VERSION --asset-name $PACKAGE --asset-sha256 $ASSET_SHA256 --namespace $CA_NAMESPACE  --output text
-          
-          
+      - name: Deploy to ECS Fargate
+        run: |
+          aws ecs update-service --cluster ${{ env.ECS_CLUSTER }} --service ${{ env.ECS_SERVICE }} --force-new-deployment

docker-compose.yml

@@ -12,11 +12,9 @@ version: '3.1'
 
 services:
   ogcapi:
-    container_name: ogcapi-java
+    container_name: ${CONTAINER_NAME:-ogcapi-java} 
     build: .
-    image: 615645230945.dkr.ecr.ap-southeast-2.amazonaws.com/raymond/ogcapi-java
-    env_file:
-      - .env
+    image: ${IMAGE_ID:-615645230945.dkr.ecr.ap-southeast-2.amazonaws.com/my-repository/test}
     environment:
       HOST: ${API_HOST:-http://localhost}
       PORT: ${API_CONTAINER_PORT:-8081}