DataSpaceBackend/.github/workflows/deploy-to-ecs.yml at 8a39cbbf572f52e976596fe48c16a0a7c777d242 · CivicDataLab/DataSpaceBackend · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
name: Deploy to Amazon ECS

on:
  push:
    branches:
      - dev
  workflow_dispatch:

env:
  AWS_REGION: ${{ secrets.AWS_REGION }}
  ECR_REPOSITORY: ${{ secrets.ECR_REPOSITORY }}
  ECS_CLUSTER: ${{ secrets.ECS_CLUSTER }}
  ECS_EXECUTION_ROLE_ARN: ${{ secrets.ECS_EXECUTION_ROLE_ARN }}
  APP_NAME: dataspace
  APP_PORT: 8000
  DB_ENGINE: django.db.backends.postgresql
  DB_PORT: 5432
  DEBUG_MODE: "False"
  TELEMETRY_URL: http://otel-collector:4317
  CPU_UNITS: 256
  MEMORY_UNITS: 512
  SSM_PATH_PREFIX: /dataspace
  ENVIRONMENT: ${{ secrets.ENVIRONMENT || 'dev' }}

jobs:
  deploy-infrastructure:
    name: Deploy Infrastructure
    runs-on: ubuntu-latest
    environment: development
    if: github.event_name == 'workflow_dispatch' || contains(github.event.head_commit.modified, 'aws/cloudformation')

    steps:
      - name: Checkout
        uses: actions/checkout@v6

      - name: Configure AWS credentials
        uses: aws-actions/configure-aws-credentials@v5
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          aws-region: ${{ env.AWS_REGION }}

      - name: Deploy CloudFormation stack
        run: |
          aws cloudformation deploy \
            --template-file aws/cloudformation/dataspace-infrastructure.yml \
            --stack-name dataspace-${{ env.ENVIRONMENT }}-infrastructure \
            --parameter-overrides \
              Environment=${{ env.ENVIRONMENT }} \
              VpcId=${{ secrets.VPC_ID }} \
              SubnetIds=${{ secrets.SUBNET_IDS }} \
              DBUsername=${{ secrets.DB_USERNAME }} \
              DBPassword=${{ secrets.DB_PASSWORD }} \
              DBName=${{ secrets.DB_NAME }} \
              ElasticsearchPassword=${{ secrets.ELASTICSEARCH_PASSWORD }} \
              DjangoSecretKey=${{ secrets.DJANGO_SECRET_KEY }} \
            --capabilities CAPABILITY_IAM \
            --no-fail-on-empty-changeset

  deploy-app:
    name: Deploy Application
    runs-on: ubuntu-latest
    environment: development
    needs: deploy-infrastructure
    if: always() # Run even if infrastructure deployment is skipped

    steps:
      - name: Checkout
        uses: actions/checkout@v6

      - name: Configure AWS credentials
        uses: aws-actions/configure-aws-credentials@v5
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          aws-region: ${{ env.AWS_REGION }}

      - name: Login to Amazon ECR
        id: login-ecr
        uses: aws-actions/amazon-ecr-login@v2

      - name: Build, tag, and push image to Amazon ECR
        id: build-image
        env:
          ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
          IMAGE_TAG: ${{ github.sha }}
        run: |
          docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
          docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
          echo "image=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT

      - name: Download task definition and get EFS ID
        run: |
          aws ecs describe-task-definition --task-definition dataspace --query taskDefinition > aws/current-task-definition.json
          aws ecs describe-task-definition --task-definition dataspace-otel-collector --query taskDefinition > aws/current-otel-task-definition.json
          # Get the EFS ID from CloudFormation export
          EFS_ID=$(aws cloudformation list-exports --query "Exports[?Name=='dataspace-${{ env.ENVIRONMENT }}-MigrationsFileSystemId'].Value" --output text)
          echo "EFS_ID=$EFS_ID" >> $GITHUB_ENV

      - name: Update container image only
        id: task-def-app
        uses: aws-actions/amazon-ecs-render-task-definition@v1
        with:
          task-definition: aws/current-task-definition.json
          container-name: dataspace
          image: ${{ steps.build-image.outputs.image }}

      - name: Deploy main application ECS task definition
        uses: aws-actions/amazon-ecs-deploy-task-definition@v2
        with:
          task-definition: ${{ steps.task-def-app.outputs.task-definition }}
          service: ${{ secrets.ECS_SERVICE }}
          cluster: ${{ env.ECS_CLUSTER }}
          wait-for-service-stability: true

  deploy-otel:
    name: Deploy OpenTelemetry Collector
    runs-on: ubuntu-latest
    environment: development
    needs: deploy-app

    steps:
      - name: Checkout
        uses: actions/checkout@v6

      - name: Configure AWS credentials
        uses: aws-actions/configure-aws-credentials@v5
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          aws-region: ${{ env.AWS_REGION }}

      - name: Download current OpenTelemetry task definition
        id: download-otel-taskdef
        run: |
          aws ecs describe-task-definition \
            --task-definition dataspace-otel-collector \
            --query taskDefinition > aws/current-otel-task-definition.json
          cat aws/current-otel-task-definition.json

      - name: Deploy OpenTelemetry ECS task definition
        uses: aws-actions/amazon-ecs-deploy-task-definition@v2
        with:
          task-definition: aws/current-otel-task-definition.json
          service: ${{ secrets.ECS_OTEL_SERVICE }}
          cluster: ${{ env.ECS_CLUSTER }}
          wait-for-service-stability: true