Skip to content

Deploy to ECR

Deploy to ECR #4

# This is a basic workflow to help you get started with Actions
name: Deploy to ECR
# Controls when the action will run.
on:
# Triggers the workflow on push or pull request events but only for the main branch
# push:
# branches: [ main ]
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
inputs:
region:
description: 'Project AWS Region'
required: true
default: 'us-east-1'
aws_account_id:
description: 'Project AWS Account ID'
required: true
role:
description: 'Github Integration IAM role'
required: true
# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
# This workflow contains multiple jobs
build_test:
name: Build & Test App
# The type of runner that the job will run on
runs-on: ubuntu-latest
strategy:
matrix:
node-version: [14.x, 18.x]
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- uses: actions/checkout@v2
- name: setup node
uses: actions/setup-node@master
with:
node-version: ${{ matrix.node-version }}
# install applicaion dependencies
- name: Install dependencies
run: |
npm install
npm ci
# build and test the apps
- name: build & test
run: |
npm run build
npm run test
# Validate that Github Actions Access to AWS Account
# via AWS Github Integration role set up on that account.
Validate-Access:
name: Validate AWS Access
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
steps:
- name: Check out repository code
uses: actions/checkout@v4
- name: Configure AWS Credentials
id: creds
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws:iam::${{ github.event.inputs.aws_account_id }}:role/${{ github.event.inputs.role }}
# this is usefull when doing audit or reviewing
# all the sessions/accesses of this role
role-session-name: deployEC2DashboardAlarms
aws-region: ${{ github.event.inputs.region}}
# validate access to the AWS account by retrieving details of all the instances
- name: Retrieve ECR repo Info
id: ecr_info
run: |
aws ecr describe-repositories
- name: Action Job status
run: |
echo "${{ steps.ecr_info.outcome }}"
echo "${{ job.status }}"
# upload the app docker image to AWS ECR
push_to_AWS_ECR:
name: Deploy docker image to AWS ECR
runs-on: ubuntu-latest
# run this job only if the app build and test successfully
needs: [build_test, Validate-Access]
# Add "id-token" with the intended permissions.
permissions:
id-token: write
contents: read
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Configure AWS Credentials
id: creds
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws:iam::${{ github.event.inputs.aws_account_id }}:role/${{ github.event.inputs.role }}
# this is usefull when doing audit or reviewing
# all the sessions/accesses of this role
role-session-name: deployImagetoECR
aws-region: ${{ github.event.inputs.region}}
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
- name: Build, tag, and push the image to Amazon ECR
id: build-image
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
ECR_REPOSITORY: nodejs-demo
IMAGE_TAG: latest
run: |
docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
echo "Pushing image to ECR..."
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
echo "::set-output name=image::$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG"