Deploy to ECR #4
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This is a basic workflow to help you get started with Actions | |
name: Deploy to ECR | |
# Controls when the action will run. | |
on: | |
# Triggers the workflow on push or pull request events but only for the main branch | |
# push: | |
# branches: [ main ] | |
# Allows you to run this workflow manually from the Actions tab | |
workflow_dispatch: | |
inputs: | |
region: | |
description: 'Project AWS Region' | |
required: true | |
default: 'us-east-1' | |
aws_account_id: | |
description: 'Project AWS Account ID' | |
required: true | |
role: | |
description: 'Github Integration IAM role' | |
required: true | |
# A workflow run is made up of one or more jobs that can run sequentially or in parallel | |
jobs: | |
# This workflow contains multiple jobs | |
build_test: | |
name: Build & Test App | |
# The type of runner that the job will run on | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
node-version: [14.x, 18.x] | |
# Steps represent a sequence of tasks that will be executed as part of the job | |
steps: | |
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it | |
- uses: actions/checkout@v2 | |
- name: setup node | |
uses: actions/setup-node@master | |
with: | |
node-version: ${{ matrix.node-version }} | |
# install applicaion dependencies | |
- name: Install dependencies | |
run: | | |
npm install | |
npm ci | |
# build and test the apps | |
- name: build & test | |
run: | | |
npm run build | |
npm run test | |
# Validate that Github Actions Access to AWS Account | |
# via AWS Github Integration role set up on that account. | |
Validate-Access: | |
name: Validate AWS Access | |
runs-on: ubuntu-latest | |
permissions: | |
id-token: write | |
contents: read | |
steps: | |
- name: Check out repository code | |
uses: actions/checkout@v4 | |
- name: Configure AWS Credentials | |
id: creds | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
role-to-assume: arn:aws:iam::${{ github.event.inputs.aws_account_id }}:role/${{ github.event.inputs.role }} | |
# this is usefull when doing audit or reviewing | |
# all the sessions/accesses of this role | |
role-session-name: deployEC2DashboardAlarms | |
aws-region: ${{ github.event.inputs.region}} | |
# validate access to the AWS account by retrieving details of all the instances | |
- name: Retrieve ECR repo Info | |
id: ecr_info | |
run: | | |
aws ecr describe-repositories | |
- name: Action Job status | |
run: | | |
echo "${{ steps.ecr_info.outcome }}" | |
echo "${{ job.status }}" | |
# upload the app docker image to AWS ECR | |
push_to_AWS_ECR: | |
name: Deploy docker image to AWS ECR | |
runs-on: ubuntu-latest | |
# run this job only if the app build and test successfully | |
needs: [build_test, Validate-Access] | |
# Add "id-token" with the intended permissions. | |
permissions: | |
id-token: write | |
contents: read | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v2 | |
- name: Configure AWS Credentials | |
id: creds | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
role-to-assume: arn:aws:iam::${{ github.event.inputs.aws_account_id }}:role/${{ github.event.inputs.role }} | |
# this is usefull when doing audit or reviewing | |
# all the sessions/accesses of this role | |
role-session-name: deployImagetoECR | |
aws-region: ${{ github.event.inputs.region}} | |
- name: Login to Amazon ECR | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v2 | |
- name: Build, tag, and push the image to Amazon ECR | |
id: build-image | |
env: | |
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
ECR_REPOSITORY: nodejs-demo | |
IMAGE_TAG: latest | |
run: | | |
docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG . | |
echo "Pushing image to ECR..." | |
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG | |
echo "::set-output name=image::$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" |