5050 PRIMARY_AWS_REGION : us-east-1
5151
5252jobs :
53- deploy_docker :
53+ build_docker :
5454 name : Build Docker Image and Set regions
5555 runs-on : ubuntu-latest
5656
@@ -96,18 +96,18 @@ jobs:
9696 name : workflow-scripts-artifacts
9797 path : .github/workflows/scripts
9898
99- deploy_ecs :
100- needs : deploy_docker
101- name : Deploy to Amazon ECS
99+ deploy_job_processor :
100+ needs : build_docker
101+ name : Deploy Job Processing service to Amazon ECS
102102 runs-on : ubuntu-latest
103103
104104 strategy :
105105 fail-fast : false
106106 matrix :
107- region : ${{ fromJson(needs.deploy_docker .outputs.regions) }}
107+ region : ${{ fromJson(needs.build_docker .outputs.regions) }}
108108
109109 env :
110- DOCKER_IMAGE : ${{ needs.deploy_docker .outputs.docker_image }}
110+ DOCKER_IMAGE : ${{ needs.build_docker .outputs.docker_image }}
111111
112112 steps :
113113 - name : Download artifacts
@@ -144,7 +144,37 @@ jobs:
144144 service : ${{ inputs.environment }}-job-processor
145145 cluster : ${{ inputs.environment }}-ecs-cluster
146146 wait-for-service-stability : true
147+ deploy_api_service :
148+ needs :
149+ - build_docker
150+ - deploy_job_processor
151+ name : Deploy HTTP service to Amazon ECS
152+ runs-on : ubuntu-latest
147153
154+ strategy :
155+ fail-fast : false
156+ matrix :
157+ region : ${{ fromJson(needs.build_docker.outputs.regions) }}
158+
159+ env :
160+ DOCKER_IMAGE : ${{ needs.build_docker.outputs.docker_image }}
161+
162+ steps :
163+ - name : Download artifacts
164+ uses : actions/download-artifact@v5
165+ with :
166+ name : workflow-scripts-artifacts
167+ path : .github/workflows/scripts
168+
169+ - name : Configure AWS credentials
170+ uses : aws-actions/configure-aws-credentials@v5
171+ with :
172+ aws-access-key-id : ${{ secrets.AWS_ACCESS_KEY_ID }}
173+ aws-secret-access-key : ${{ secrets.AWS_SECRET_ACCESS_KEY }}
174+ aws-region : ${{ matrix.region }}
175+ # this plugin sets the AWS account ID to a secret which is not allowed in outputs
176+ # we have to disable that so env.DOCKER_IMAGE will work
177+ mask-aws-account-id : ' false'
148178 - name : Download current ECS task definition for the api service
149179 run : aws ecs describe-task-definition --task-definition ${{ inputs.environment }}-hrm-task --query taskDefinition > task-definition.json
150180
@@ -163,7 +193,37 @@ jobs:
163193 service : ${{ inputs.environment }}-ecs-service
164194 cluster : ${{ inputs.environment }}-ecs-cluster
165195 wait-for-service-stability : true
196+ deploy_scheduled_tasks :
197+ needs :
198+ - build_docker
199+ - deploy_job_processor
200+ name : Deploy to Amazon ECS
201+ runs-on : ubuntu-latest
202+
203+ strategy :
204+ fail-fast : false
205+ matrix :
206+ region : ${{ fromJson(needs.build_docker.outputs.regions) }}
207+
208+ env :
209+ DOCKER_IMAGE : ${{ needs.build_docker.outputs.docker_image }}
210+
211+ steps :
212+ - name : Download artifacts
213+ uses : actions/download-artifact@v5
214+ with :
215+ name : workflow-scripts-artifacts
216+ path : .github/workflows/scripts
166217
218+ - name : Configure AWS credentials
219+ uses : aws-actions/configure-aws-credentials@v5
220+ with :
221+ aws-access-key-id : ${{ secrets.AWS_ACCESS_KEY_ID }}
222+ aws-secret-access-key : ${{ secrets.AWS_SECRET_ACCESS_KEY }}
223+ aws-region : ${{ matrix.region }}
224+ # this plugin sets the AWS account ID to a secret which is not allowed in outputs
225+ # we have to disable that so env.DOCKER_IMAGE will work
226+ mask-aws-account-id : ' false'
167227 - name : Download current ECS task definition for scheduled tasks
168228 run : aws ecs describe-task-definition --task-definition ${{ inputs.environment }}-hrm-scheduled-task --query taskDefinition > task-definition-hrm-scheduled-task.json
169229
@@ -186,7 +246,39 @@ jobs:
186246 run : |
187247 chmod +x ./.github/workflows/scripts/update-event-bridge-target.sh
188248 ./.github/workflows/scripts/update-event-bridge-target.sh "${{ inputs.environment }}-hrm-scheduled-task" "${{ steps.scheduled-task-definition.outputs.task-definition-arn }}"
249+ notify :
250+ needs :
251+ - build_docker
252+ - deploy_api_service
253+ - deploy_job_processor
254+ - deploy_scheduled_tasks
255+ name : Notify Slack and update matrix
256+ runs-on : ubuntu-latest
257+
258+ strategy :
259+ fail-fast : false
260+ matrix :
261+ region : ${{ fromJson(needs.build_docker.outputs.regions) }}
189262
263+ env :
264+ DOCKER_IMAGE : ${{ needs.build_docker.outputs.docker_image }}
265+
266+ steps :
267+ - name : Download artifacts
268+ uses : actions/download-artifact@v5
269+ with :
270+ name : workflow-scripts-artifacts
271+ path : .github/workflows/scripts
272+
273+ - name : Configure AWS credentials
274+ uses : aws-actions/configure-aws-credentials@v5
275+ with :
276+ aws-access-key-id : ${{ secrets.AWS_ACCESS_KEY_ID }}
277+ aws-secret-access-key : ${{ secrets.AWS_SECRET_ACCESS_KEY }}
278+ aws-region : ${{ matrix.region }}
279+ # this plugin sets the AWS account ID to a secret which is not allowed in outputs
280+ # we have to disable that so env.DOCKER_IMAGE will work
281+ mask-aws-account-id : ' false'
190282 # reconfigure AWS credentials to use the default region for SSM Parameter Store.
191283 # aws-actions/configure-aws-credentials@v5 overrides env.AWS_DEFAULT_REGION, so
192284 # we name our env var PRIMARY_AWS_REGION to avoid that.
0 commit comments