From c9cdaf91dd1cfca402988339236a4f3ae544fcfc Mon Sep 17 00:00:00 2001 From: Simon Kelly Date: Fri, 11 Oct 2024 15:32:31 +0200 Subject: [PATCH 1/7] multi env support --- .github/workflows/deploy.yml | 50 ++++++++++++++++++++++++++---------- 1 file changed, 36 insertions(+), 14 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index c515d2322..cd33ad4ca 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -7,25 +7,47 @@ name: Deploy to Amazon ECS on: workflow_dispatch: -# push: -# branches: [ "main" ] - -env: - AWS_REGION: ${{ vars.DEPLOY_AWS_REGION }} - ECR_REPOSITORY: ${{ vars.DEPLOY_APP_NAME }}-${{ vars.DEPLOY_ENV }}-ecr-repo - ECS_CLUSTER: ${{ vars.DEPLOY_APP_NAME }}-${{ vars.DEPLOY_ENV }}-Cluster - ECS_SERVICE_DJANGO: ${{ vars.DEPLOY_APP_NAME }}-${{ vars.DEPLOY_ENV }}-Django - ECS_SERVICE_CELERY: ${{ vars.DEPLOY_APP_NAME }}-${{ vars.DEPLOY_ENV }}-Celery - ECS_SERVICE_CELERY_BEAT: ${{ vars.DEPLOY_APP_NAME }}-${{ vars.DEPLOY_ENV }}-CeleryBeat + inputs: + environment: + description: "Deploy environment" + required: true + type: choice + options: + - dev + - prod + # push: + # branches: [ "main" ] + permissions: id-token: write contents: read jobs: + init: + runs-on: ubuntu-latest + steps: + - name: Set variables + run: | + if [[ "${{ github.event_name }}" == "workflow_dispatch" ]]; then + echo "DEPLOY_ENV=${{ inputs.environment }}" >> "$GITHUB_ENV" + elif [[ "${{github.base_ref}}" == "main" || "${{github.ref}}" == "refs/heads/main" ]]; then + echo "DEPLOY_ENV=prod" >> "$GITHUB_ENV" + else + echo "DEPLOY_ENV=dev" >> "$GITHUB_ENV" + fi + deploy: name: Deploy runs-on: ubuntu-latest - environment: production + needs: init + + env: + AWS_REGION: ${{ vars.DEPLOY_AWS_REGION }} + ECR_REPOSITORY: ${{ vars.DEPLOY_APP_NAME }}-${{ env.DEPLOY_ENV }}-ecr-repo + ECS_CLUSTER: ${{ vars.DEPLOY_APP_NAME }}-${{ env.DEPLOY_ENV }}-Cluster + ECS_SERVICE_DJANGO: ${{ vars.DEPLOY_APP_NAME }}-${{ env.DEPLOY_ENV }}-Django + ECS_SERVICE_CELERY: ${{ vars.DEPLOY_APP_NAME }}-${{ env.DEPLOY_ENV }}-Celery + ECS_SERVICE_CELERY_BEAT: ${{ vars.DEPLOY_APP_NAME }}-${{ env.DEPLOY_ENV }}-CeleryBeat steps: - name: Checkout @@ -69,7 +91,7 @@ jobs: id: django-web-def uses: aws-actions/amazon-ecs-render-task-definition@v1.5.0 with: - task-definition-family: ${{ vars.DEPLOY_APP_NAME }}-${{ vars.DEPLOY_ENV }}-Django + task-definition-family: ${{ env.ECS_SERVICE_DJANGO }}-${{ env.DEPLOY_ENV }}-Django container-name: web image: ${{ steps.image-name.outputs.image }} @@ -85,7 +107,7 @@ jobs: id: celery-worker-def uses: aws-actions/amazon-ecs-render-task-definition@v1.5.0 with: - task-definition-family: ${{ vars.DEPLOY_APP_NAME }}-${{ vars.DEPLOY_ENV }}-CeleryWorkerTask + task-definition-family: ${{ vars.DEPLOY_APP_NAME }}-${{ env.DEPLOY_ENV }}-CeleryWorkerTask container-name: celery-worker image: ${{ steps.image-name.outputs.image }} @@ -93,7 +115,7 @@ jobs: id: celery-beat-def uses: aws-actions/amazon-ecs-render-task-definition@v1.5.0 with: - task-definition-family: ${{ vars.DEPLOY_APP_NAME }}-${{ vars.DEPLOY_ENV }}-CeleryBeatTask + task-definition-family: ${{ vars.DEPLOY_APP_NAME }}-${{ env.DEPLOY_ENV }}-CeleryBeatTask container-name: celery-beat image: ${{ steps.image-name.outputs.image }} From 8efb74a35fcf9bd22b8a7e1e19d7a6afdf89cb3e Mon Sep 17 00:00:00 2001 From: Simon Kelly Date: Fri, 11 Oct 2024 17:10:01 +0200 Subject: [PATCH 2/7] define env in script --- .github/workflows/deploy.yml | 24 +++++++++++++----------- 1 file changed, 13 insertions(+), 11 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index cd33ad4ca..b10728109 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -29,26 +29,28 @@ jobs: - name: Set variables run: | if [[ "${{ github.event_name }}" == "workflow_dispatch" ]]; then - echo "DEPLOY_ENV=${{ inputs.environment }}" >> "$GITHUB_ENV" + DEPLOY_ENV="${{ inputs.environment }}" elif [[ "${{github.base_ref}}" == "main" || "${{github.ref}}" == "refs/heads/main" ]]; then - echo "DEPLOY_ENV=prod" >> "$GITHUB_ENV" + DEPLOY_ENV="prod" else - echo "DEPLOY_ENV=dev" >> "$GITHUB_ENV" + DEPLOY_ENV="dev" fi + + echo "AWS_REGION=${{ vars.DEPLOY_AWS_REGION }}" >> "$GITHUB_ENV" + echo "DEPLOY_ENV=$DEPLOY_ENV" >> "$GITHUB_ENV" + + # you can't reference the `env` context when defining other env vars to do it here + echo "ECR_REPOSITORY=${{ vars.DEPLOY_APP_NAME }}-$DEPLOY_ENV-ecr-repo" >> "$GITHUB_ENV" + echo "ECS_CLUSTER=${{ vars.DEPLOY_APP_NAME }}-$DEPLOY_ENV-Cluster" >> "$GITHUB_ENV" + echo "ECS_SERVICE_DJANGO=${{ vars.DEPLOY_APP_NAME }}-$DEPLOY_ENV-Django" >> "$GITHUB_ENV" + echo "ECS_SERVICE_CELERY=${{ vars.DEPLOY_APP_NAME }}-$DEPLOY_ENV-Celery" >> "$GITHUB_ENV" + echo "ECS_SERVICE_CELERY_BEAT=${{ vars.DEPLOY_APP_NAME }}-$DEPLOY_ENV-CeleryBeat" >> "$GITHUB_ENV" deploy: name: Deploy runs-on: ubuntu-latest needs: init - env: - AWS_REGION: ${{ vars.DEPLOY_AWS_REGION }} - ECR_REPOSITORY: ${{ vars.DEPLOY_APP_NAME }}-${{ env.DEPLOY_ENV }}-ecr-repo - ECS_CLUSTER: ${{ vars.DEPLOY_APP_NAME }}-${{ env.DEPLOY_ENV }}-Cluster - ECS_SERVICE_DJANGO: ${{ vars.DEPLOY_APP_NAME }}-${{ env.DEPLOY_ENV }}-Django - ECS_SERVICE_CELERY: ${{ vars.DEPLOY_APP_NAME }}-${{ env.DEPLOY_ENV }}-Celery - ECS_SERVICE_CELERY_BEAT: ${{ vars.DEPLOY_APP_NAME }}-${{ env.DEPLOY_ENV }}-CeleryBeat - steps: - name: Checkout uses: actions/checkout@v4 From 07e2559d43a34537439ddff4d040a2aa4e08030a Mon Sep 17 00:00:00 2001 From: Simon Kelly Date: Fri, 11 Oct 2024 17:16:21 +0200 Subject: [PATCH 3/7] move to step in same job --- .github/workflows/deploy.yml | 44 ++++++++++++++++-------------------- 1 file changed, 20 insertions(+), 24 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index b10728109..f345c0941 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -23,38 +23,34 @@ permissions: contents: read jobs: - init: - runs-on: ubuntu-latest - steps: - - name: Set variables - run: | - if [[ "${{ github.event_name }}" == "workflow_dispatch" ]]; then - DEPLOY_ENV="${{ inputs.environment }}" - elif [[ "${{github.base_ref}}" == "main" || "${{github.ref}}" == "refs/heads/main" ]]; then - DEPLOY_ENV="prod" - else - DEPLOY_ENV="dev" - fi - - echo "AWS_REGION=${{ vars.DEPLOY_AWS_REGION }}" >> "$GITHUB_ENV" - echo "DEPLOY_ENV=$DEPLOY_ENV" >> "$GITHUB_ENV" - - # you can't reference the `env` context when defining other env vars to do it here - echo "ECR_REPOSITORY=${{ vars.DEPLOY_APP_NAME }}-$DEPLOY_ENV-ecr-repo" >> "$GITHUB_ENV" - echo "ECS_CLUSTER=${{ vars.DEPLOY_APP_NAME }}-$DEPLOY_ENV-Cluster" >> "$GITHUB_ENV" - echo "ECS_SERVICE_DJANGO=${{ vars.DEPLOY_APP_NAME }}-$DEPLOY_ENV-Django" >> "$GITHUB_ENV" - echo "ECS_SERVICE_CELERY=${{ vars.DEPLOY_APP_NAME }}-$DEPLOY_ENV-Celery" >> "$GITHUB_ENV" - echo "ECS_SERVICE_CELERY_BEAT=${{ vars.DEPLOY_APP_NAME }}-$DEPLOY_ENV-CeleryBeat" >> "$GITHUB_ENV" - deploy: name: Deploy runs-on: ubuntu-latest - needs: init steps: - name: Checkout uses: actions/checkout@v4 + - name: Set variables + run: | + if [[ "${{ github.event_name }}" == "workflow_dispatch" ]]; then + DEPLOY_ENV="${{ inputs.environment }}" + elif [[ "${{github.base_ref}}" == "main" || "${{github.ref}}" == "refs/heads/main" ]]; then + DEPLOY_ENV="prod" + else + DEPLOY_ENV="dev" + fi + + echo "AWS_REGION=${{ vars.DEPLOY_AWS_REGION }}" >> "$GITHUB_ENV" + echo "DEPLOY_ENV=$DEPLOY_ENV" >> "$GITHUB_ENV" + + # you can't reference the `env` context when defining other env vars to do it here + echo "ECR_REPOSITORY=${{ vars.DEPLOY_APP_NAME }}-$DEPLOY_ENV-ecr-repo" >> "$GITHUB_ENV" + echo "ECS_CLUSTER=${{ vars.DEPLOY_APP_NAME }}-$DEPLOY_ENV-Cluster" >> "$GITHUB_ENV" + echo "ECS_SERVICE_DJANGO=${{ vars.DEPLOY_APP_NAME }}-$DEPLOY_ENV-Django" >> "$GITHUB_ENV" + echo "ECS_SERVICE_CELERY=${{ vars.DEPLOY_APP_NAME }}-$DEPLOY_ENV-Celery" >> "$GITHUB_ENV" + echo "ECS_SERVICE_CELERY_BEAT=${{ vars.DEPLOY_APP_NAME }}-$DEPLOY_ENV-CeleryBeat" >> "$GITHUB_ENV" + - name: configure aws credentials uses: aws-actions/configure-aws-credentials@v4.0.2 with: From bcdcbad17c5b8df421fa9e75ccd331ef4be94082 Mon Sep 17 00:00:00 2001 From: Simon Kelly Date: Fri, 11 Oct 2024 17:25:14 +0200 Subject: [PATCH 4/7] fix task definition family --- .github/workflows/deploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index f345c0941..83e367d2c 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -89,7 +89,7 @@ jobs: id: django-web-def uses: aws-actions/amazon-ecs-render-task-definition@v1.5.0 with: - task-definition-family: ${{ env.ECS_SERVICE_DJANGO }}-${{ env.DEPLOY_ENV }}-Django + task-definition-family: ${{ vars.DEPLOY_APP_NAME }}-${{ env.DEPLOY_ENV }}-Django container-name: web image: ${{ steps.image-name.outputs.image }} From 8a4f1b14f62cbf2246191751d0cdadfdb634c48f Mon Sep 17 00:00:00 2001 From: Simon Kelly Date: Fri, 11 Oct 2024 20:16:05 +0200 Subject: [PATCH 5/7] env specific account --- .github/workflows/deploy.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 83e367d2c..4da4db20a 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -41,7 +41,6 @@ jobs: DEPLOY_ENV="dev" fi - echo "AWS_REGION=${{ vars.DEPLOY_AWS_REGION }}" >> "$GITHUB_ENV" echo "DEPLOY_ENV=$DEPLOY_ENV" >> "$GITHUB_ENV" # you can't reference the `env` context when defining other env vars to do it here @@ -54,9 +53,9 @@ jobs: - name: configure aws credentials uses: aws-actions/configure-aws-credentials@v4.0.2 with: - role-to-assume: arn:aws:iam::${{ vars.AWS_ACCOUNT }}:role/github_deploy + role-to-assume: "arn:aws:iam::${{ fromJSON(vars.AWS_ACCOUNT)[env.DEPLOY_ENV] }}:role/github_deploy" role-session-name: GithubDeploy - aws-region: ${{ env.AWS_REGION }} + aws-region: ${{ vars.DEPLOY_AWS_REGION }} - name: Login to Amazon ECR id: login-ecr From d65cf27fd1e877afdcfb4071b8d06ccb9a9e9195 Mon Sep 17 00:00:00 2001 From: Simon Kelly Date: Fri, 11 Oct 2024 20:33:26 +0200 Subject: [PATCH 6/7] make other vars support multiple envs --- .github/workflows/deploy.yml | 26 ++++++++++++++++---------- 1 file changed, 16 insertions(+), 10 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 4da4db20a..d76814803 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -31,7 +31,7 @@ jobs: - name: Checkout uses: actions/checkout@v4 - - name: Set variables + - name: Set Deploy Env run: | if [[ "${{ github.event_name }}" == "workflow_dispatch" ]]; then DEPLOY_ENV="${{ inputs.environment }}" @@ -43,19 +43,25 @@ jobs: echo "DEPLOY_ENV=$DEPLOY_ENV" >> "$GITHUB_ENV" + - name: Set variables + env: + APP_NAME: ${{ fromJSON(vars.DEPLOY_APP_NAME)[env.DEPLOY_ENV] }} + run: | + # you can't reference the `env` context when defining other env vars to do it here - echo "ECR_REPOSITORY=${{ vars.DEPLOY_APP_NAME }}-$DEPLOY_ENV-ecr-repo" >> "$GITHUB_ENV" - echo "ECS_CLUSTER=${{ vars.DEPLOY_APP_NAME }}-$DEPLOY_ENV-Cluster" >> "$GITHUB_ENV" - echo "ECS_SERVICE_DJANGO=${{ vars.DEPLOY_APP_NAME }}-$DEPLOY_ENV-Django" >> "$GITHUB_ENV" - echo "ECS_SERVICE_CELERY=${{ vars.DEPLOY_APP_NAME }}-$DEPLOY_ENV-Celery" >> "$GITHUB_ENV" - echo "ECS_SERVICE_CELERY_BEAT=${{ vars.DEPLOY_APP_NAME }}-$DEPLOY_ENV-CeleryBeat" >> "$GITHUB_ENV" + echo "APP_NAME=${{ env.APP_NAME }}" >> "$GITHUB_ENV" + echo "ECR_REPOSITORY=${{ env.APP_NAME }}-$DEPLOY_ENV-ecr-repo" >> "$GITHUB_ENV" + echo "ECS_CLUSTER=${{ env.APP_NAME }}-$DEPLOY_ENV-Cluster" >> "$GITHUB_ENV" + echo "ECS_SERVICE_DJANGO=${{ env.APP_NAME }}-$DEPLOY_ENV-Django" >> "$GITHUB_ENV" + echo "ECS_SERVICE_CELERY=${{ env.APP_NAME }}-$DEPLOY_ENV-Celery" >> "$GITHUB_ENV" + echo "ECS_SERVICE_CELERY_BEAT=${{ env.APP_NAME }}-$DEPLOY_ENV-CeleryBeat" >> "$GITHUB_ENV" - name: configure aws credentials uses: aws-actions/configure-aws-credentials@v4.0.2 with: role-to-assume: "arn:aws:iam::${{ fromJSON(vars.AWS_ACCOUNT)[env.DEPLOY_ENV] }}:role/github_deploy" role-session-name: GithubDeploy - aws-region: ${{ vars.DEPLOY_AWS_REGION }} + aws-region: ${{ fromJSON(vars.DEPLOY_AWS_REGION)[env.DEPLOY_ENV] }} - name: Login to Amazon ECR id: login-ecr @@ -88,7 +94,7 @@ jobs: id: django-web-def uses: aws-actions/amazon-ecs-render-task-definition@v1.5.0 with: - task-definition-family: ${{ vars.DEPLOY_APP_NAME }}-${{ env.DEPLOY_ENV }}-Django + task-definition-family: ${{ env.APP_NAME }}-${{ env.DEPLOY_ENV }}-Django container-name: web image: ${{ steps.image-name.outputs.image }} @@ -104,7 +110,7 @@ jobs: id: celery-worker-def uses: aws-actions/amazon-ecs-render-task-definition@v1.5.0 with: - task-definition-family: ${{ vars.DEPLOY_APP_NAME }}-${{ env.DEPLOY_ENV }}-CeleryWorkerTask + task-definition-family: ${{ env.APP_NAME }}-${{ env.DEPLOY_ENV }}-CeleryWorkerTask container-name: celery-worker image: ${{ steps.image-name.outputs.image }} @@ -112,7 +118,7 @@ jobs: id: celery-beat-def uses: aws-actions/amazon-ecs-render-task-definition@v1.5.0 with: - task-definition-family: ${{ vars.DEPLOY_APP_NAME }}-${{ env.DEPLOY_ENV }}-CeleryBeatTask + task-definition-family: ${{ env.APP_NAME }}-${{ env.DEPLOY_ENV }}-CeleryBeatTask container-name: celery-beat image: ${{ steps.image-name.outputs.image }} From 931aac552c34dc482c8058825e0f6d280875fcd6 Mon Sep 17 00:00:00 2001 From: Simon Kelly Date: Fri, 11 Oct 2024 20:38:58 +0200 Subject: [PATCH 7/7] fix vars + some notes --- .github/workflows/deploy.yml | 26 +++++++++++++++++--------- 1 file changed, 17 insertions(+), 9 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index d76814803..afe067b7f 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -1,6 +1,14 @@ # This workflow will build and push a new container image to Amazon ECR, # and then will deploy a new task definition for each of the services to Amazon ECS. +# Expected vars: +# The following vars must be set at the repo level. Their values must be JSON and contain one key per +# environment (dev, prod, etc.) and the value for each key must be the value for that environment. +# +# DEPLOY_APP_NAME: {"dev": "app1", "prod": "app2"} +# DEPLOY_AWS_REGION: {"dev": "us-west-2", "prod": "us-east-1"} +# AWS_ACCOUNT: {"dev": "123456789012", "prod": "123456789012"} + # Note: The names of repository, cluster, services match what is configured in https://github.com/dimagi/ocs-deploy name: Deploy to Amazon ECS @@ -32,6 +40,7 @@ jobs: uses: actions/checkout@v4 - name: Set Deploy Env + # Set the deploy env based on the input from the event or else from the branch run: | if [[ "${{ github.event_name }}" == "workflow_dispatch" ]]; then DEPLOY_ENV="${{ inputs.environment }}" @@ -44,17 +53,16 @@ jobs: echo "DEPLOY_ENV=$DEPLOY_ENV" >> "$GITHUB_ENV" - name: Set variables - env: - APP_NAME: ${{ fromJSON(vars.DEPLOY_APP_NAME)[env.DEPLOY_ENV] }} + # Set other variables accordingly run: | - # you can't reference the `env` context when defining other env vars to do it here - echo "APP_NAME=${{ env.APP_NAME }}" >> "$GITHUB_ENV" - echo "ECR_REPOSITORY=${{ env.APP_NAME }}-$DEPLOY_ENV-ecr-repo" >> "$GITHUB_ENV" - echo "ECS_CLUSTER=${{ env.APP_NAME }}-$DEPLOY_ENV-Cluster" >> "$GITHUB_ENV" - echo "ECS_SERVICE_DJANGO=${{ env.APP_NAME }}-$DEPLOY_ENV-Django" >> "$GITHUB_ENV" - echo "ECS_SERVICE_CELERY=${{ env.APP_NAME }}-$DEPLOY_ENV-Celery" >> "$GITHUB_ENV" - echo "ECS_SERVICE_CELERY_BEAT=${{ env.APP_NAME }}-$DEPLOY_ENV-CeleryBeat" >> "$GITHUB_ENV" + APP_NAME="${{ fromJSON(vars.DEPLOY_APP_NAME)[env.DEPLOY_ENV] }}" + echo "APP_NAME=$APP_NAME" >> "$GITHUB_ENV" + echo "ECR_REPOSITORY=$APP_NAME-${{ env.DEPLOY_ENV }}-ecr-repo" >> "$GITHUB_ENV" + echo "ECS_CLUSTER=$APP_NAME-${{ env.DEPLOY_ENV }}-Cluster" >> "$GITHUB_ENV" + echo "ECS_SERVICE_DJANGO=$APP_NAME-${{ env.DEPLOY_ENV }}-Django" >> "$GITHUB_ENV" + echo "ECS_SERVICE_CELERY=$APP_NAME-${{ env.DEPLOY_ENV }}-Celery" >> "$GITHUB_ENV" + echo "ECS_SERVICE_CELERY_BEAT=$APP_NAME-${{ env.DEPLOY_ENV }}-CeleryBeat" >> "$GITHUB_ENV" - name: configure aws credentials uses: aws-actions/configure-aws-credentials@v4.0.2