From 289fc0f86dbc556ea2a828b1a67f2fbf69407349 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andri=20Mar=20Bj=C3=B6rgvinsson?= Date: Thu, 6 Feb 2025 10:38:53 +0000 Subject: [PATCH 01/16] Adding working directory to terraform quality check --- .github/workflows/terraform-quality-checks.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/terraform-quality-checks.yml b/.github/workflows/terraform-quality-checks.yml index 9ac967d..be17761 100644 --- a/.github/workflows/terraform-quality-checks.yml +++ b/.github/workflows/terraform-quality-checks.yml @@ -8,6 +8,10 @@ on: description: "Terraform version" type: string default: "1.9.8" + working_directory: + description: "The working directory to use" + type: string + default: "." permissions: id-token: write # Required f. IAM Token @@ -63,6 +67,7 @@ jobs: tfenv --version - name: "🔍 Lint Terraform" + working-directory: ${{ inputs.working_directory }} run: | tflint --recursive tfsec From f0ac1b173a78bb989a955dbdfa85571ee8b38241 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andri=20Mar=20Bj=C3=B6rgvinsson?= Date: Fri, 14 Feb 2025 14:41:25 +0000 Subject: [PATCH 02/16] Adding terraform_path variable --- .github/workflows/main-deploy.yml | 36 ++++++++++++++++++------------- 1 file changed, 21 insertions(+), 15 deletions(-) diff --git a/.github/workflows/main-deploy.yml b/.github/workflows/main-deploy.yml index 3dbe9be..4fdfa1d 100644 --- a/.github/workflows/main-deploy.yml +++ b/.github/workflows/main-deploy.yml @@ -1,4 +1,4 @@ -name: '🚀 Build and deploy to main' +name: "🚀 Build and deploy to main" on: workflow_call: inputs: @@ -24,21 +24,26 @@ on: required: true type: string terraform_version: - description: 'Terraform version' + description: "Terraform version" type: string - default: '1.9.8' + default: "1.9.8" working_directory: - description: 'Working directory' + description: "Working directory" type: string - default: '.' + default: "." use_latest_tag: - description: 'Use latest tag' + description: "Use latest tag" type: boolean default: true pre_applied_resources: - description: 'Resources to apply before main deploy' + description: "Resources to apply before main deploy" type: string - default: '[]' + default: "[]" + terraform_path: + type: string + description: "The path to the terraform files" + required: false + default: "terraform" secrets: token: required: true @@ -49,7 +54,7 @@ permissions: jobs: terraform-quality-checks: - name: '✅ Terraform Quality checks' + name: "✅ Terraform Quality checks" uses: ./.github/workflows/terraform-quality-checks.yml with: terraform_version: ${{ inputs.terraform_version }} @@ -70,13 +75,13 @@ jobs: github_token: ${{ secrets.token }} create-ecr-repo: - name: '🚀 Apply shared' + name: "🚀 Apply shared" runs-on: ubuntu-latest steps: - name: 📁 Checkout uses: actions/checkout@v4 - - name: '🚀 Apply shared' + - name: "🚀 Apply shared" uses: aproorg/github-workflows/.github/actions/apply-shared@main with: AWS_REGION: ${{ inputs.aws_region }} @@ -84,7 +89,7 @@ jobs: TERRAFORM_VERSION: ${{ inputs.terraform_version }} build-and-push: - name: '️️️🏗️ Build and push' + name: "️️️🏗️ Build and push" needs: - terraform-quality-checks - get-next-version @@ -94,7 +99,7 @@ jobs: - name: 📁 Checkout uses: actions/checkout@v4 - - name: '️️️🏗️ Build and push image' + - name: "️️️🏗️ Build and push image" uses: aproorg/github-workflows/.github/actions/build-and-push-image@main with: AWS_REGION: ${{ inputs.aws_region }} @@ -103,7 +108,7 @@ jobs: WORKING_DIRECTORY: ${{ inputs.working_directory }} deploy-to-dev: - name: '🚀 Deploy to dev' + name: "🚀 Deploy to dev" environment: dev needs: - build-and-push @@ -113,7 +118,7 @@ jobs: - name: 📁 Checkout uses: actions/checkout@v4 - - name: '🚀 Deploy to dev' + - name: "🚀 Deploy to dev" uses: aproorg/github-workflows/.github/actions/deploy-ecs-service@main with: AWS_REGION: ${{ inputs.aws_region }} @@ -125,3 +130,4 @@ jobs: CLUSTER_NAME: ${{ inputs.cluster_name }} TERRAFORM_VERSION: ${{ inputs.terraform_version }} PRE_APPLIED_RESOURCES: ${{ inputs.pre_applied_resources }} + TERRAFORM_PATH: ${{ inputs.terraform_path }} From ae736556b812754a539e2932e2fc759165bc2bc7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andri=20Mar=20Bj=C3=B6rgvinsson?= Date: Fri, 14 Feb 2025 15:32:30 +0000 Subject: [PATCH 03/16] Missing path in apply shared --- .github/workflows/main-deploy.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/main-deploy.yml b/.github/workflows/main-deploy.yml index 4fdfa1d..93444fe 100644 --- a/.github/workflows/main-deploy.yml +++ b/.github/workflows/main-deploy.yml @@ -87,6 +87,7 @@ jobs: AWS_REGION: ${{ inputs.aws_region }} AWS_ECR_DEPLOYMENT_ROLE: ${{ inputs.github_ci_ecr_role_arn }} TERRAFORM_VERSION: ${{ inputs.terraform_version }} + TERRAFORM_PATH: ${{ inputs.terraform_path }} build-and-push: name: "️️️🏗️ Build and push" From 72f42102ee85b5d1e477b7a0220849050edbe61e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andri=20Mar=20Bj=C3=B6rgvinsson?= Date: Tue, 8 Apr 2025 15:30:55 +0000 Subject: [PATCH 04/16] Removing double default --- .github/workflows/main-deploy.yml | 93 +++++++++++++++---------------- 1 file changed, 45 insertions(+), 48 deletions(-) diff --git a/.github/workflows/main-deploy.yml b/.github/workflows/main-deploy.yml index 862b161..f2692fc 100644 --- a/.github/workflows/main-deploy.yml +++ b/.github/workflows/main-deploy.yml @@ -40,9 +40,9 @@ on: working_directory: description: "Working directory" type: string - default: '.' + default: "." build_checkout_with_lfs: - description: 'Checkout with LFS' + description: "Checkout with LFS" type: boolean default: false use_latest_tag: @@ -58,9 +58,8 @@ on: description: "The path to the terraform files" required: false default: "terraform" - default: '[]' force_new_deployment: - description: 'Force a new deployment even if the image tag is the same as the current deployment. E.g. latest' + description: "Force a new deployment even if the image tag is the same as the current deployment. E.g. latest" type: boolean default: true secrets: @@ -73,7 +72,7 @@ permissions: jobs: terraform-quality-checks: - name: '✅ Terraform Quality checks' + name: "✅ Terraform Quality checks" uses: aproorg/github-workflows/.github/workflows/terraform-quality-checks.yml@main with: terraform_version: ${{ inputs.terraform_version }} @@ -94,7 +93,7 @@ jobs: github_token: ${{ secrets.token }} unify-services: - name: '🤝 Unify service inputs' + name: "🤝 Unify service inputs" runs-on: ubuntu-latest outputs: final_services: ${{ steps.unify-services.outputs.final_services }} @@ -106,52 +105,50 @@ jobs: service_name: ${{ inputs.service_name }} services: ${{ inputs.services }} - create-ecr-repo: - name: '🚀 Apply shared' + name: "🚀 Apply shared" needs: unify-services strategy: matrix: include: ${{ fromJSON(needs.unify-services.outputs.final_services) }} runs-on: ubuntu-latest steps: - - name: 📁 Checkout - uses: actions/checkout@v4 + - name: 📁 Checkout + uses: actions/checkout@v4 - - name: '🚀 Apply shared' - uses: aproorg/github-workflows/.github/actions/apply-shared@main - with: - AWS_REGION: ${{ inputs.aws_region }} - AWS_ECR_DEPLOYMENT_ROLE: ${{ inputs.github_ci_ecr_role_arn }} - TERRAFORM_VERSION: ${{ inputs.terraform_version }} - TERRAFORM_PATH: '${{ matrix.directory }}/terraform' + - name: "🚀 Apply shared" + uses: aproorg/github-workflows/.github/actions/apply-shared@main + with: + AWS_REGION: ${{ inputs.aws_region }} + AWS_ECR_DEPLOYMENT_ROLE: ${{ inputs.github_ci_ecr_role_arn }} + TERRAFORM_VERSION: ${{ inputs.terraform_version }} + TERRAFORM_PATH: "${{ matrix.directory }}/terraform" build-and-push-all-images: - name: '️️️🏗️ Build and push all images' + name: "️️️🏗️ Build and push all images" needs: - terraform-quality-checks - get-next-version if: ${{ needs.get-next-version.outputs.new_release_published == 'true' }} runs-on: ubuntu-latest steps: - - name: 📁 Checkout - uses: actions/checkout@v4 - with: - lfs: ${{ inputs.build_checkout_with_lfs }} - - - name: '️️️🏗️ Build and push image all images' - uses: aproorg/github-workflows/.github/actions/build-and-push-image@main - with: - AWS_REGION: ${{ inputs.aws_region }} - AWS_ROLE_ARN: ${{ inputs.github_ci_ecr_role_arn }} - WORKING_DIRECTORY: ${{ inputs.working_directory }} - ECR_REPOSITORY: ${{ inputs.ecr_repository }} - ECR_REPOSITORIES: ${{ inputs.ecr_repositories }} - CUSTOM_BUILD_SCRIPT: ${{ inputs.custom_build_script }} + - name: 📁 Checkout + uses: actions/checkout@v4 + with: + lfs: ${{ inputs.build_checkout_with_lfs }} + - name: "️️️🏗️ Build and push image all images" + uses: aproorg/github-workflows/.github/actions/build-and-push-image@main + with: + AWS_REGION: ${{ inputs.aws_region }} + AWS_ROLE_ARN: ${{ inputs.github_ci_ecr_role_arn }} + WORKING_DIRECTORY: ${{ inputs.working_directory }} + ECR_REPOSITORY: ${{ inputs.ecr_repository }} + ECR_REPOSITORIES: ${{ inputs.ecr_repositories }} + CUSTOM_BUILD_SCRIPT: ${{ inputs.custom_build_script }} deploy-to-dev: - name: '🚀 Deploy to dev' + name: "🚀 Deploy to dev" strategy: matrix: include: ${{ fromJSON(needs.unify-services.outputs.final_services) }} @@ -163,19 +160,19 @@ jobs: if: ${{ needs.get-next-version.outputs.new_release_published == 'true' }} runs-on: ubuntu-latest steps: - - name: 📁 Checkout - uses: actions/checkout@v4 + - name: 📁 Checkout + uses: actions/checkout@v4 - - name: '🚀 Deploy to dev' - uses: aproorg/github-workflows/.github/actions/deploy-ecs-service@main - with: - AWS_REGION: ${{ inputs.aws_region }} - ENVIRONMENT: dev - AWS_DEPLOYMENT_ROLE: ${{ inputs.github_ci_role_arn }} - IMAGE_TAG: ${{ inputs.use_latest_tag && 'latest' || format('sha-{0}', github.sha) }} - FORCE_NEW_DEPLOYMENT: ${{ inputs.force_new_deployment }} - SERVICE_NAME: ${{ matrix.name }} - CLUSTER_NAME: ${{ inputs.cluster_name }} - TERRAFORM_VERSION: ${{ inputs.terraform_version }} - TERRAFORM_PATH: '${{ matrix.directory }}/terraform' - PRE_APPLIED_RESOURCES: ${{ inputs.pre_applied_resources }} + - name: "🚀 Deploy to dev" + uses: aproorg/github-workflows/.github/actions/deploy-ecs-service@main + with: + AWS_REGION: ${{ inputs.aws_region }} + ENVIRONMENT: dev + AWS_DEPLOYMENT_ROLE: ${{ inputs.github_ci_role_arn }} + IMAGE_TAG: ${{ inputs.use_latest_tag && 'latest' || format('sha-{0}', github.sha) }} + FORCE_NEW_DEPLOYMENT: ${{ inputs.force_new_deployment }} + SERVICE_NAME: ${{ matrix.name }} + CLUSTER_NAME: ${{ inputs.cluster_name }} + TERRAFORM_VERSION: ${{ inputs.terraform_version }} + TERRAFORM_PATH: "${{ matrix.directory }}/terraform" + PRE_APPLIED_RESOURCES: ${{ inputs.pre_applied_resources }} From d2fd6cac5134832ffbc9839b75f87ffeeb67cc5d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andri=20Mar=20Bj=C3=B6rgvinsson?= Date: Tue, 8 Apr 2025 16:27:35 +0000 Subject: [PATCH 05/16] Adding new workflow for mono repo and terraform in root --- .github/actions/deploy-ecs-service/action.yml | 51 ++++-- .../workflows/main-deploy-mono-tf-global.yml | 153 ++++++++++++++++++ 2 files changed, 190 insertions(+), 14 deletions(-) create mode 100644 .github/workflows/main-deploy-mono-tf-global.yml diff --git a/.github/actions/deploy-ecs-service/action.yml b/.github/actions/deploy-ecs-service/action.yml index 00f4510..0040d78 100644 --- a/.github/actions/deploy-ecs-service/action.yml +++ b/.github/actions/deploy-ecs-service/action.yml @@ -1,45 +1,49 @@ -name: '🚀 Deploy ECS service' -description: 'Deploy service on ECS with terraform' +name: "🚀 Deploy ECS service" +description: "Deploy service on ECS with terraform" inputs: AWS_REGION: - description: 'The AWS region to use' + description: "The AWS region to use" required: true default: eu-west-1 ENVIRONMENT: - description: 'Enter the environment.' + description: "Enter the environment." required: true AWS_DEPLOYMENT_ROLE: - description: 'The ARN of the AWS github-ci role the role to use for deployment' + description: "The ARN of the AWS github-ci role the role to use for deployment" required: true IMAGE_TAG: - description: 'The version tag of the image to deploy. Can be any image tag e.g. latest, 1.0.0, git sha' + description: "The version tag of the image to deploy. Can be any image tag e.g. latest, 1.0.0, git sha" required: true FORCE_NEW_DEPLOYMENT: - description: 'Force a new deployment even if the image tag is the same as the current deployment. E.g. latest' + description: "Force a new deployment even if the image tag is the same as the current deployment. E.g. latest" required: false default: false SERVICE_NAME: - description: 'The name of the service to deploy. Only required if force new deployment is true' + description: "The name of the service to deploy. Only required if force new deployment is true" required: false CLUSTER_NAME: - description: 'The name of the ECS cluster to deploy to. Only required if force new deployment is true' + description: "The name of the ECS cluster to deploy to. Only required if force new deployment is true" required: false TERRAFORM_VERSION: - description: 'The version of Terraform to use' + description: "The version of Terraform to use" required: false default: 1.9.8 PRE_APPLIED_RESOURCES: - description: 'Resources to apply before deploying' + description: "Resources to apply before deploying" required: false - default: '[]' + default: "[]" TERRAFORM_PATH: description: "The path to the terraform files" required: false default: "terraform" + SERVICES: + descritpion: "Only for deployment of mono repo and terraform in root" + required: false + default: "" runs: - using: 'composite' + using: "composite" steps: - name: Setup Terraform uses: hashicorp/setup-Terraform@v3 @@ -50,7 +54,7 @@ runs: shell: bash run: terraform --version - - name: 'Configure AWS Credentials' + - name: "Configure AWS Credentials" uses: aws-actions/configure-aws-credentials@v4 with: role-to-assume: ${{ inputs.AWS_DEPLOYMENT_ROLE }} @@ -83,3 +87,22 @@ runs: aws ecs wait services-stable \ --cluster ${{ inputs.CLUSTER_NAME }} \ --services ${{ inputs.SERVICE_NAME }} + + - name: service list + id: service_list + if: ${{ inputs.SERVICES }} + outputs: + service_list: ${{ steps.service_list.outputs.service_list }} + shell: bash + run: | + list=$(echo ${{ inputs.SERVICES }} | jq -r ' . |map(.name) | join(" ")') + echo service_list=${list} >> $GITHUB_OUTPUT' + + - name: Wait for all stable + shell: bash + if: ${{ inputs.SERVICES }} + needs: service_list + run: | + aws ecs wait services-stable \ + --cluster ${{ inputs.CLUSTER_NAME }} \ + --services ${{ needs.service_list.outputs.service_list }} diff --git a/.github/workflows/main-deploy-mono-tf-global.yml b/.github/workflows/main-deploy-mono-tf-global.yml new file mode 100644 index 0000000..bfda4e6 --- /dev/null +++ b/.github/workflows/main-deploy-mono-tf-global.yml @@ -0,0 +1,153 @@ +name: "🚀 Build and deploy to main" +on: + workflow_call: + inputs: + aws_dev_account_id: + required: true + type: string + aws_region: + default: eu-west-1 + type: string + github_ci_role_arn: + required: true + type: string + github_ci_ecr_role_arn: + required: true + type: string + services: + required: false + type: string + description: 'Services names when deploying multiple services. Should be a list of objects with keys "directory" and "name" e.g. [{"directory": "core", "name": "apro-core-service"}]' + cluster_name: + required: true + type: string + ecr_repository: + required: false + type: string + ecr_repositories: + required: false + type: string + custom_build_script: + required: false + type: string + terraform_version: + description: "Terraform version" + type: string + default: "1.9.8" + working_directory: + description: "Working directory" + type: string + default: "." + build_checkout_with_lfs: + description: "Checkout with LFS" + type: boolean + default: false + use_latest_tag: + description: "Use latest tag" + type: boolean + default: true + pre_applied_resources: + description: "Resources to apply before main deploy" + type: string + default: "[]" + terraform_path: + type: string + description: "The path to the terraform files" + required: false + default: "terraform" + force_new_deployment: + description: "Force a new deployment even if the image tag is the same as the current deployment. E.g. latest" + type: boolean + default: true + secrets: + token: + required: true + +permissions: + id-token: write # Required f. IAM Token + contents: write + +jobs: + terraform-quality-checks: + name: "✅ Terraform Quality checks" + uses: aproorg/github-workflows/.github/workflows/terraform-quality-checks.yml@main + with: + terraform_version: ${{ inputs.terraform_version }} + + get-next-version: + name: 🏷️ Get next version + runs-on: ubuntu-latest + outputs: + new_release_published: ${{ steps.get-next-version.outputs.new_release_published }} + steps: + - name: 📁 Checkout + uses: actions/checkout@v4 + + - name: 🏷️ Get next version + id: get-next-version + uses: aproorg/github-workflows/.github/actions/get-next-version@main + with: + github_token: ${{ secrets.token }} + + create-ecr-repo: + name: "🚀 Apply shared" + runs-on: ubuntu-latest + steps: + - name: 📁 Checkout + uses: actions/checkout@v4 + + - name: "🚀 Apply shared" + uses: aproorg/github-workflows/.github/actions/apply-shared@main + with: + AWS_REGION: ${{ inputs.aws_region }} + AWS_ECR_DEPLOYMENT_ROLE: ${{ inputs.github_ci_ecr_role_arn }} + TERRAFORM_VERSION: ${{ inputs.terraform_version }} + + build-and-push-all-images: + name: "️️️🏗️ Build and push all images" + strategy: + matrix: + include: ${{ fromJSON(inputs.services) }} + needs: + - terraform-quality-checks + - get-next-version + if: ${{ needs.get-next-version.outputs.new_release_published == 'true' }} + runs-on: ubuntu-latest + steps: + - name: 📁 Checkout + uses: actions/checkout@v4 + with: + lfs: ${{ inputs.build_checkout_with_lfs }} + + - name: "️️️🏗️ Build and push image all images" + uses: aproorg/github-workflows/.github/actions/build-and-push-image@main + with: + AWS_REGION: ${{ inputs.aws_region }} + AWS_ROLE_ARN: ${{ inputs.github_ci_ecr_role_arn }} + WORKING_DIRECTORY: ${{ matrix.directory }} + ECR_REPOSITORY: ${{ matrix.ecr_repository }} + + deploy-to-dev: + name: "🚀 Deploy to dev" + environment: dev + needs: + - build-and-push-all-images + - get-next-version + if: ${{ needs.get-next-version.outputs.new_release_published == 'true' }} + runs-on: ubuntu-latest + steps: + - name: 📁 Checkout + uses: actions/checkout@v4 + + - name: "🚀 Deploy to dev" + uses: aproorg/github-workflows/.github/actions/deploy-ecs-service@kistill + with: + AWS_REGION: ${{ inputs.aws_region }} + ENVIRONMENT: dev + AWS_DEPLOYMENT_ROLE: ${{ inputs.github_ci_role_arn }} + IMAGE_TAG: ${{ format('sha-{0}', github.sha) }} + FORCE_NEW_DEPLOYMENT: false + SERVICES: ${{ inputs.services }} + CLUSTER_NAME: ${{ inputs.cluster_name }} + TERRAFORM_VERSION: ${{ inputs.terraform_version }} + PRE_APPLIED_RESOURCES: ${{ inputs.pre_applied_resources }} From a62478620095157af97815d3e9ff3299e7d99ac6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andri=20Mar=20Bj=C3=B6rgvinsson?= Date: Tue, 8 Apr 2025 16:30:11 +0000 Subject: [PATCH 06/16] Removing unused variables --- .github/workflows/main-deploy-mono-tf-global.yml | 15 +-------------- 1 file changed, 1 insertion(+), 14 deletions(-) diff --git a/.github/workflows/main-deploy-mono-tf-global.yml b/.github/workflows/main-deploy-mono-tf-global.yml index bfda4e6..f878ffd 100644 --- a/.github/workflows/main-deploy-mono-tf-global.yml +++ b/.github/workflows/main-deploy-mono-tf-global.yml @@ -42,23 +42,11 @@ on: description: "Checkout with LFS" type: boolean default: false - use_latest_tag: - description: "Use latest tag" - type: boolean - default: true pre_applied_resources: description: "Resources to apply before main deploy" type: string default: "[]" - terraform_path: - type: string - description: "The path to the terraform files" - required: false - default: "terraform" - force_new_deployment: - description: "Force a new deployment even if the image tag is the same as the current deployment. E.g. latest" - type: boolean - default: true + secrets: token: required: true @@ -146,7 +134,6 @@ jobs: ENVIRONMENT: dev AWS_DEPLOYMENT_ROLE: ${{ inputs.github_ci_role_arn }} IMAGE_TAG: ${{ format('sha-{0}', github.sha) }} - FORCE_NEW_DEPLOYMENT: false SERVICES: ${{ inputs.services }} CLUSTER_NAME: ${{ inputs.cluster_name }} TERRAFORM_VERSION: ${{ inputs.terraform_version }} From a6b77b929dd6e9dcf5fa8f451b4ef81baa5a2e63 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andri=20Mar=20Bj=C3=B6rgvinsson?= Date: Wed, 9 Apr 2025 10:27:35 +0000 Subject: [PATCH 07/16] Adding option to sett dockerfile --- .../actions/build-and-push-image/action.yml | 146 +++++++++--------- .../workflows/main-deploy-mono-tf-global.yml | 3 +- 2 files changed, 77 insertions(+), 72 deletions(-) diff --git a/.github/actions/build-and-push-image/action.yml b/.github/actions/build-and-push-image/action.yml index dc813c5..6e76f23 100644 --- a/.github/actions/build-and-push-image/action.yml +++ b/.github/actions/build-and-push-image/action.yml @@ -21,86 +21,90 @@ inputs: CUSTOM_BUILD_SCRIPT: description: "The custom build script to use" required: false + DOCKERFILE: + description: "The Dockerfile to use" + required: false + default: "Dockerfile" runs: using: "composite" steps: - - name: 🔐 Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - role-to-assume: ${{ inputs.AWS_ROLE_ARN }} - role-session-name: GitHub-Action-Role - aws-region: ${{ inputs.AWS_REGION }} + - name: 🔐 Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ inputs.AWS_ROLE_ARN }} + role-session-name: GitHub-Action-Role + aws-region: ${{ inputs.AWS_REGION }} + + - name: 🔓 Login to Amazon ECR + id: login-ecr + uses: aws-actions/amazon-ecr-login@v2 - - name: 🔓 Login to Amazon ECR - id: login-ecr - uses: aws-actions/amazon-ecr-login@v2 + - name: 🧩 Parse ECR repositories + id: parse + shell: bash + run: | + if [ -n "${{ inputs.ECR_REPOSITORIES }}" ]; then + repos=$(echo "${{ inputs.ECR_REPOSITORIES }}" | tr ',' '\n') + elif [ -n "${{ inputs.ECR_REPOSITORY }}" ]; then + repos="${{ inputs.ECR_REPOSITORY }}" + else + echo "Error: Either ECR_REPOSITORY or ECR_REPOSITORIES must be provided." + exit 1 + fi - - name: 🧩 Parse ECR repositories - id: parse - shell: bash - run: | - if [ -n "${{ inputs.ECR_REPOSITORIES }}" ]; then - repos=$(echo "${{ inputs.ECR_REPOSITORIES }}" | tr ',' '\n') - elif [ -n "${{ inputs.ECR_REPOSITORY }}" ]; then - repos="${{ inputs.ECR_REPOSITORY }}" - else - echo "Error: Either ECR_REPOSITORY or ECR_REPOSITORIES must be provided." - exit 1 - fi - - echo "repos<> $GITHUB_OUTPUT - echo "$repos" >> $GITHUB_OUTPUT - echo "EOF" >> $GITHUB_OUTPUT + echo "repos<> $GITHUB_OUTPUT + echo "$repos" >> $GITHUB_OUTPUT + echo "EOF" >> $GITHUB_OUTPUT - # Build a multiline string of full ECR paths - images="" - for repo in $repos; do - images="$images\n${{ steps.login-ecr.outputs.registry }}/${repo}" - done + # Build a multiline string of full ECR paths + images="" + for repo in $repos; do + images="$images\n${{ steps.login-ecr.outputs.registry }}/${repo}" + done - # Write images to this step's output - echo "images<> $GITHUB_OUTPUT - echo -e "$images" >> $GITHUB_OUTPUT - echo "EOF" >> $GITHUB_OUTPUT + # Write images to this step's output + echo "images<> $GITHUB_OUTPUT + echo -e "$images" >> $GITHUB_OUTPUT + echo "EOF" >> $GITHUB_OUTPUT - - name: 🐳 Docker Metadata - uses: docker/metadata-action@v5 - id: meta - with: - images: "${{ steps.parse.outputs.images }}" - tags: | - latest - type=sha,prefix=sha-,format=long - type=ref,event=branch - type=ref,event=pr - type=ref,event=tag + - name: 🐳 Docker Metadata + uses: docker/metadata-action@v5 + id: meta + with: + images: "${{ steps.parse.outputs.images }}" + tags: | + latest + type=sha,prefix=sha-,format=long + type=ref,event=branch + type=ref,event=pr + type=ref,event=tag - - name: 🏗️ Build and push - if: ${{ !inputs.CUSTOM_BUILD_SCRIPT }} - uses: docker/build-push-action@v5 - with: - push: true - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - context: ${{ inputs.WORKING_DIRECTORY }} + - name: 🏗️ Build and push + if: ${{ !inputs.CUSTOM_BUILD_SCRIPT }} + uses: docker/build-push-action@v5 + with: + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + context: ${{ inputs.WORKING_DIRECTORY }} + file: ${{ inputs.WORKING_DIRECTORY }}/${{ inputs.DOCKERFILE }} - - name: 🏗️ Build and push images with custom script - if: ${{ inputs.CUSTOM_BUILD_SCRIPT }} - shell: bash - working-directory: ${{ inputs.WORKING_DIRECTORY }} - run: | - ${{ inputs.CUSTOM_BUILD_SCRIPT }} - repos="${{ steps.parse.outputs.repos }}" - tags="${{ steps.meta.outputs.tags }}" - for repo in $repos; do - echo "Processing repository: $repo" - for tag in $tags; do - if [[ $tag == *"$repo"* ]]; then - echo "Tagging and pushing: $tag for image $repo" - docker tag "$repo" "$tag" - docker push "$tag" - fi + - name: 🏗️ Build and push images with custom script + if: ${{ inputs.CUSTOM_BUILD_SCRIPT }} + shell: bash + working-directory: ${{ inputs.WORKING_DIRECTORY }} + run: | + ${{ inputs.CUSTOM_BUILD_SCRIPT }} + repos="${{ steps.parse.outputs.repos }}" + tags="${{ steps.meta.outputs.tags }}" + for repo in $repos; do + echo "Processing repository: $repo" + for tag in $tags; do + if [[ $tag == *"$repo"* ]]; then + echo "Tagging and pushing: $tag for image $repo" + docker tag "$repo" "$tag" + docker push "$tag" + fi + done done - done - diff --git a/.github/workflows/main-deploy-mono-tf-global.yml b/.github/workflows/main-deploy-mono-tf-global.yml index f878ffd..64d9db4 100644 --- a/.github/workflows/main-deploy-mono-tf-global.yml +++ b/.github/workflows/main-deploy-mono-tf-global.yml @@ -108,12 +108,13 @@ jobs: lfs: ${{ inputs.build_checkout_with_lfs }} - name: "️️️🏗️ Build and push image all images" - uses: aproorg/github-workflows/.github/actions/build-and-push-image@main + uses: aproorg/github-workflows/.github/actions/build-and-push-image@kistill with: AWS_REGION: ${{ inputs.aws_region }} AWS_ROLE_ARN: ${{ inputs.github_ci_ecr_role_arn }} WORKING_DIRECTORY: ${{ matrix.directory }} ECR_REPOSITORY: ${{ matrix.ecr_repository }} + DOCKERFILE: ${{ matrix.dockerfile }} deploy-to-dev: name: "🚀 Deploy to dev" From 1e0c67f44c5b9917884418e8ea822242e370a1c1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andri=20Mar=20Bj=C3=B6rgvinsson?= Date: Wed, 9 Apr 2025 13:16:02 +0000 Subject: [PATCH 08/16] Fixing service list action and reference --- .github/actions/deploy-ecs-service/action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/deploy-ecs-service/action.yml b/.github/actions/deploy-ecs-service/action.yml index 0040d78..6e84a91 100644 --- a/.github/actions/deploy-ecs-service/action.yml +++ b/.github/actions/deploy-ecs-service/action.yml @@ -105,4 +105,4 @@ runs: run: | aws ecs wait services-stable \ --cluster ${{ inputs.CLUSTER_NAME }} \ - --services ${{ needs.service_list.outputs.service_list }} + --services ${{ steps.service_list.outputs.service_list }} From 2d2142aaa8e7bb9c0c93843d8082b784173ff1ec Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andri=20Mar=20Bj=C3=B6rgvinsson?= Date: Wed, 9 Apr 2025 13:18:22 +0000 Subject: [PATCH 09/16] Removing outputs and needs --- .github/actions/deploy-ecs-service/action.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.github/actions/deploy-ecs-service/action.yml b/.github/actions/deploy-ecs-service/action.yml index 6e84a91..2b88aa1 100644 --- a/.github/actions/deploy-ecs-service/action.yml +++ b/.github/actions/deploy-ecs-service/action.yml @@ -91,8 +91,6 @@ runs: - name: service list id: service_list if: ${{ inputs.SERVICES }} - outputs: - service_list: ${{ steps.service_list.outputs.service_list }} shell: bash run: | list=$(echo ${{ inputs.SERVICES }} | jq -r ' . |map(.name) | join(" ")') @@ -101,7 +99,6 @@ runs: - name: Wait for all stable shell: bash if: ${{ inputs.SERVICES }} - needs: service_list run: | aws ecs wait services-stable \ --cluster ${{ inputs.CLUSTER_NAME }} \ From 353afa9e2783ca1f67fa062168f2fec0626df770 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andri=20Mar=20Bj=C3=B6rgvinsson?= Date: Wed, 9 Apr 2025 13:24:34 +0000 Subject: [PATCH 10/16] Adding string around value echo --- .github/actions/deploy-ecs-service/action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/deploy-ecs-service/action.yml b/.github/actions/deploy-ecs-service/action.yml index 2b88aa1..0cd90cc 100644 --- a/.github/actions/deploy-ecs-service/action.yml +++ b/.github/actions/deploy-ecs-service/action.yml @@ -93,7 +93,7 @@ runs: if: ${{ inputs.SERVICES }} shell: bash run: | - list=$(echo ${{ inputs.SERVICES }} | jq -r ' . |map(.name) | join(" ")') + list=$(echo '${{ inputs.SERVICES }}' | jq -r ' . |map(.name) | join(" ")') echo service_list=${list} >> $GITHUB_OUTPUT' - name: Wait for all stable From f35d6eeafedb4dd2ad414314ba279ca721ca8875 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andri=20Mar=20Bj=C3=B6rgvinsson?= Date: Wed, 9 Apr 2025 13:30:05 +0000 Subject: [PATCH 11/16] fixing commas --- .github/actions/deploy-ecs-service/action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/deploy-ecs-service/action.yml b/.github/actions/deploy-ecs-service/action.yml index 0cd90cc..8c910ce 100644 --- a/.github/actions/deploy-ecs-service/action.yml +++ b/.github/actions/deploy-ecs-service/action.yml @@ -94,7 +94,7 @@ runs: shell: bash run: | list=$(echo '${{ inputs.SERVICES }}' | jq -r ' . |map(.name) | join(" ")') - echo service_list=${list} >> $GITHUB_OUTPUT' + echo 'service_list=${list}' >> $GITHUB_OUTPUT - name: Wait for all stable shell: bash From b24b61077f0a9fa2488a05ed1a8412945f04fb54 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andri=20Mar=20Bj=C3=B6rgvinsson?= Date: Wed, 9 Apr 2025 13:35:28 +0000 Subject: [PATCH 12/16] Adding debuging --- .github/actions/deploy-ecs-service/action.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/actions/deploy-ecs-service/action.yml b/.github/actions/deploy-ecs-service/action.yml index 8c910ce..d266815 100644 --- a/.github/actions/deploy-ecs-service/action.yml +++ b/.github/actions/deploy-ecs-service/action.yml @@ -94,6 +94,7 @@ runs: shell: bash run: | list=$(echo '${{ inputs.SERVICES }}' | jq -r ' . |map(.name) | join(" ")') + echo 'service_list=${list}' echo 'service_list=${list}' >> $GITHUB_OUTPUT - name: Wait for all stable From fa07812103945738b59d9ea92b1f7bfe3c1c6e4f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andri=20Mar=20Bj=C3=B6rgvinsson?= Date: Wed, 9 Apr 2025 13:39:41 +0000 Subject: [PATCH 13/16] Removing strings --- .github/actions/deploy-ecs-service/action.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/actions/deploy-ecs-service/action.yml b/.github/actions/deploy-ecs-service/action.yml index d266815..200174b 100644 --- a/.github/actions/deploy-ecs-service/action.yml +++ b/.github/actions/deploy-ecs-service/action.yml @@ -94,8 +94,8 @@ runs: shell: bash run: | list=$(echo '${{ inputs.SERVICES }}' | jq -r ' . |map(.name) | join(" ")') - echo 'service_list=${list}' - echo 'service_list=${list}' >> $GITHUB_OUTPUT + echo service_list=${list} + echo service_list=${list} >> $GITHUB_OUTPUT - name: Wait for all stable shell: bash From 705bf88ed0410b6bba18242b569ea38b34acbedb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andri=20Mar=20Bj=C3=B6rgvinsson?= Date: Fri, 11 Apr 2025 15:26:21 +0000 Subject: [PATCH 14/16] Default dockerfile --- .github/actions/build-and-push-image/action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/build-and-push-image/action.yml b/.github/actions/build-and-push-image/action.yml index 6e76f23..98b7b30 100644 --- a/.github/actions/build-and-push-image/action.yml +++ b/.github/actions/build-and-push-image/action.yml @@ -88,7 +88,7 @@ runs: tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} context: ${{ inputs.WORKING_DIRECTORY }} - file: ${{ inputs.WORKING_DIRECTORY }}/${{ inputs.DOCKERFILE }} + file: ${{ inputs.WORKING_DIRECTORY }}/${{ inputs.DOCKERFILE || 'Dockerfile' }} - name: 🏗️ Build and push images with custom script if: ${{ inputs.CUSTOM_BUILD_SCRIPT }} From a98dc8894e9231c6931ee1239841afb312e3deb5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andri=20Mar=20Bj=C3=B6rgvinsson?= Date: Tue, 22 Apr 2025 11:35:46 +0000 Subject: [PATCH 15/16] REmoving unused input --- .github/workflows/main-deploy.yml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/.github/workflows/main-deploy.yml b/.github/workflows/main-deploy.yml index f2692fc..390340e 100644 --- a/.github/workflows/main-deploy.yml +++ b/.github/workflows/main-deploy.yml @@ -53,11 +53,6 @@ on: description: "Resources to apply before main deploy" type: string default: "[]" - terraform_path: - type: string - description: "The path to the terraform files" - required: false - default: "terraform" force_new_deployment: description: "Force a new deployment even if the image tag is the same as the current deployment. E.g. latest" type: boolean From 4b3eb030dfd070c58af2d94fe8c437977c38dcc6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andri=20Mar=20Bj=C3=B6rgvinsson?= Date: Mon, 26 May 2025 14:10:05 +0000 Subject: [PATCH 16/16] Adding global release --- .../release-deploy-mono-tf-global.yml | 113 ++++++++++++++++++ 1 file changed, 113 insertions(+) create mode 100644 .github/workflows/release-deploy-mono-tf-global.yml diff --git a/.github/workflows/release-deploy-mono-tf-global.yml b/.github/workflows/release-deploy-mono-tf-global.yml new file mode 100644 index 0000000..3157d30 --- /dev/null +++ b/.github/workflows/release-deploy-mono-tf-global.yml @@ -0,0 +1,113 @@ +name: 🚀 Release +on: + workflow_call: + inputs: + aws_region: + required: false + default: eu-west-1 + type: string + github_ci_ecr_role_arn: + required: true + type: string + deploy_to_staging: + required: false + type: boolean + default: true + deploy_to_prod: + required: false + type: boolean + default: true + github_ci_role_prod_arn: + required: false + type: string + github_ci_role_staging_arn: + required: false + type: string + terraform_version: + description: "Terraform version" + type: string + default: "1.9.8" + services: + required: false + type: string + description: 'Services names when deploying multiple services. Should be a list of objects with keys "directory" and "name" e.g. [{"directory": "core", "name": "apro-core-service"}]' + cluster_name_staging: + required: true + type: string + cluster_name_prod: + required: true + type: string + pre_applied_resources: + description: "Resources to apply before main deploy" + type: string + default: "[]" + +permissions: + id-token: write # Required f. IAM Token + contents: write + +jobs: + version-tag: + name: 🔖 Version tag image + strategy: + matrix: + include: ${{ fromJSON(inputs.services) }} + runs-on: ubuntu-latest + steps: + - name: 📁 Checkout + uses: actions/checkout@v4 + + - name: 🔖 Version tag image + uses: aproorg/github-workflows/.github/actions/retag-docker-image@main + with: + AWS_REGION: ${{ inputs.aws_region }} + AWS_ROLE_ARN: ${{ inputs.github_ci_ecr_role_arn }} + ECR_REPOSITORY: ${{ matrix.ecr_repository }} + ECR_REPOSITORIES: ${{ matrix.ecr_repositories }} + VERSION_TAG: ${{ github.event.release.tag_name }} + + deploy-to-staging: + name: "🚀 Deploy to staging" + environment: staging + if: ${{ inputs.deploy_to_staging == true }} + needs: + - version-tag + runs-on: ubuntu-latest + steps: + - name: 📁 Checkout + uses: actions/checkout@v4 + + - name: 🚀 Deploy to staging + uses: aproorg/github-workflows/.github/actions/deploy-ecs-service@kistill + with: + AWS_REGION: ${{ inputs.aws_region }} + AWS_DEPLOYMENT_ROLE: ${{ inputs.github_ci_role_staging_arn }} + ENVIRONMENT: staging + IMAGE_TAG: ${{ github.event.release.tag_name }} + TERRAFORM_VERSION: ${{ inputs.terraform_version }} + SERVICES: ${{ inputs.services }} + CLUSTER_NAME: ${{ inputs.cluster_name_staging }} + PRE_APPLIED_RESOURCES: ${{ inputs.pre_applied_resources }} + + deploy-to-prod: + name: "🚀 Deploy to prod" + environment: prod + if: ${{ inputs.deploy_to_prod == true }} + needs: + - version-tag + runs-on: ubuntu-latest + steps: + - name: 📁 Checkout + uses: actions/checkout@v4 + + - name: 🚀 Deploy to prod + uses: aproorg/github-workflows/.github/actions/deploy-ecs-service@kistill + with: + AWS_REGION: ${{inputs.aws_region}} + AWS_DEPLOYMENT_ROLE: ${{ inputs.github_ci_role_prod_arn }} + ENVIRONMENT: prod + IMAGE_TAG: ${{ github.event.release.tag_name }} + TERRAFORM_VERSION: ${{ inputs.terraform_version }} + SERVICES: ${{ inputs.services }} + CLUSTER_NAME: ${{ inputs.cluster_name_prod }} + PRE_APPLIED_RESOURCES: ${{ inputs.pre_applied_resources }}