Skip to content
Docker Image CI

feat: update cv projects #34

Sign in to view logs

feat: update cv projects

feat: update cv projects #34

Workflow file for this run

.github/workflows/docker-ci.yml at 5e2ac1e
name: Docker Image CI
on:
push:
branches: ["main"]
pull_request:
branches: ["main"]
permissions:
id-token: write # This is required for requesting the JWT
contents: read # This is required for actions/checkout
jobs:
build-and-deploy:
runs-on: ubuntu-latest
steps:
- name: Set resource name
id: resource-name
run: |
if [[ "${{ github.ref }}" == "refs/heads/dev" ]]; then
echo "resource=personal-website-dev" >> $GITHUB_OUTPUT
elif [[ "${{ github.ref }}" == "refs/heads/main" ]]; then
echo "resource=personal-website-prod" >> $GITHUB_OUTPUT
fi
- name: Checkout repo
uses: actions/checkout@v3
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-session-name: gh-action-docker-build
role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
aws-region: ${{ secrets.AWS_REGION }}
- name: Create .env file
run: |
echo NEXT_PUBLIC_URL=$(aws secretsmanager get-secret-value --secret-id ${{ steps.resource-name.outputs.resource }}-next_public_url --query SecretString --output text) >> .env
echo OPENAI_API_KEY = $(aws secretsmanager get-secret-value --secret-id ${{ steps.resource-name.outputs.resource }}-openai_api_key --query SecretString --output text) >> .env
echo PLAUSIBLE_API_KEY=$(aws secretsmanager get-secret-value --secret-id ${{ steps.resource-name.outputs.resource }}-plausible_api_key --query SecretString --output text) >> .env
echo DATABASE_URL=$(aws secretsmanager get-secret-value --secret-id ${{ steps.resource-name.outputs.resource }}-database_url --query SecretString --output text) >> .env
echo DIRECT_URL=$(aws secretsmanager get-secret-value --secret-id ${{ steps.resource-name.outputs.resource }}-direct_url --query SecretString --output text) >> .env
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
- name: Cache Docker layers
uses: actions/cache@v3
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ github.sha }}
restore-keys: |
${{ runner.os }}-buildx-
# Build Main image
- name: Build, tag, and push App image to Amazon ECR
id: build-image
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
ECR_REPOSITORY: ${{ steps.resource-name.outputs.resource }}
IMAGE_TAG: ${{ github.sha }}
run: |
docker build \
--cache-from=type=local,src=/tmp/.buildx-cache \
-t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG \
-t $ECR_REGISTRY/$ECR_REPOSITORY:latest .
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
docker push $ECR_REGISTRY/$ECR_REPOSITORY:latest
echo "image=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT
- name: Cleanup .env file
run: rm -f .env
- name: Download task definition
run: |
aws ecs describe-task-definition --task-definition ${{ steps.resource-name.outputs.resource }} --query taskDefinition | jq 'del(.compatibilities, .taskDefinitionArn, .requiresAttributes, .revision, .status, .registeredAt, .registeredBy)' > task-definition.json
# Assign Main image
- name: Fill in the new App image ID in the Amazon ECS task definition
id: task-def
uses: aws-actions/amazon-ecs-render-task-definition@v1
with:
task-definition: task-definition.json
container-name: ${{ steps.resource-name.outputs.resource }}
image: ${{ steps.build-image.outputs.image }}
- name: Deploy Amazon ECS task definition
uses: aws-actions/amazon-ecs-deploy-task-definition@v1
with:
task-definition: ${{ steps.task-def.outputs.task-definition }}
service: ${{ steps.resource-name.outputs.resource }}
cluster: ${{ steps.resource-name.outputs.resource }}
wait-for-service-stability: false