-
Notifications
You must be signed in to change notification settings - Fork 1
153 lines (141 loc) · 5.46 KB
/
deploy_container_image.yml
File metadata and controls
153 lines (141 loc) · 5.46 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
name: Deploy container image to kubernetes cluster
on:
workflow_call:
inputs:
aws_ecr_iam_role_name:
description: 'IAM role name for ECR push'
type: string
required: false
aws_eks_iam_role_name:
description: 'IAM role name for EKS access'
type: string
required: false
aws_region:
description: 'AWS region'
type: string
required: false
default: 'eu-west-1'
deploy:
description: 'Deploy to kubernetes cluster'
type: boolean
required: false
default: true
service_name:
description: 'Service name'
type: string
required: true
environment:
description: 'Environment to deploy to'
type: string
required: true
image:
description: 'Image to deploy'
type: string
required: true
image_tag_prefix:
description: 'Image tag prefix'
type: string
required: false
deployment_name:
description: 'Kubernetes deployment name'
type: string
required: true
container_name:
description: 'Container name within specified deployment'
type: string
required: true
kubectl_version:
description: 'kubectl version'
type: string
required: false
default: 'v1.23.4'
secrets:
aws_account_id:
description: 'AWS account ID'
required: true
temporary_registry_token:
description: 'GitHub token'
required: true
eks_cluster_name:
description: 'EKS cluster name'
required: true
outputs:
image:
description: 'Image name and tag'
value: ${{ jobs.deploy.outputs.image }}
jobs:
deploy:
runs-on: ubuntu-latest
environment: ${{ inputs.environment}}
permissions:
packages: read
contents: read
id-token: write
outputs:
image: ${{ steps.set_outputs.outputs.image }}
steps:
- name: Set unique image tag
id: set-image-tag
run: |
echo "image_tag=nightly-$(date +%Y%m%d%H%m%S)" >> $GITHUB_ENV
- name: Configure AWS credentials
id: aws-config
uses: aws-actions/configure-aws-credentials@d979d5b3a71173a29b74b5b88418bfda9437d885 # v6.1.1
with:
role-to-assume: arn:aws:iam::${{ secrets.aws_account_id }}:role/${{ inputs.aws_ecr_iam_role_name }}
role-duration-seconds: 900
role-session-name: GithubActionsRoleSession
aws-region: ${{ inputs.aws_region }}
mask-aws-account-id: true
- name: Login to AWS ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@fa648b43de3d4d023bcb3f89ed6940096949c419 # v2.1.5
with:
mask-password: 'true'
- name: Login to temporary registry
id: login-ghcr
uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.temporary_registry_token }}
- name: Push image to ECR
uses: akhilerm/tag-push-action@f35ff2cb99d407368b5c727adbcc14a2ed81d509 # v2.2.0
with:
src: ${{ inputs.image }}
dst: |
${{ steps.aws-config.outputs.aws-account-id }}.dkr.ecr.eu-west-1.amazonaws.com/flowforge/${{ inputs.service_name }}:${{ inputs.image_tag_prefix }}nightly
${{ steps.aws-config.outputs.aws-account-id }}.dkr.ecr.eu-west-1.amazonaws.com/flowforge/${{ inputs.service_name }}:${{ inputs.image_tag_prefix }}${{ env.image_tag }}
- name: Configure AWS credentials for EKS interaction
if: ${{fromJson( inputs.deploy )}}
uses: aws-actions/configure-aws-credentials@d979d5b3a71173a29b74b5b88418bfda9437d885 # v6.1.1
with:
role-to-assume: arn:aws:iam::${{ steps.aws-config.outputs.aws-account-id }}:role/${{ inputs.aws_eks_iam_role_name }}
role-duration-seconds: 900
role-session-name: GithubActionsRoleSession
aws-region: ${{ inputs.aws_region }}
- name: Setup kubectl
if: ${{fromJson( inputs.deploy )}}
uses: azure/setup-kubectl@829323503d1be3d00ca8346e5391ca0b07a9ab0d # v5.1.0
with:
version: ${{ inputs.kubectl_version }}
- name: Configure kubectl
if: ${{fromJson( inputs.deploy )}}
run: |
aws eks update-kubeconfig --region eu-west-1 --name ${{ secrets.eks_cluster_name }}
- name: Update image and wait for deployment to finish
if: ${{fromJson( inputs.deploy )}}
id: update-image
timeout-minutes: 5
run: |
kubectl -n default set image deployment/${{ inputs.deployment_name }} ${{ inputs.container_name }}=${{ steps.aws-config.outputs.aws-account-id }}.dkr.ecr.eu-west-1.amazonaws.com/flowforge/${{ inputs.service_name }}:${{ env.image_tag }}
kubectl -n default rollout status deployment/${{ inputs.deployment_name }}
- name: Rollback failed deployment
if: ${{ failure() && steps.update-image.conclusion == 'failure' && fromJson(inputs.deploy) }}
run: |
kubectl -n default rollout undo deployment/${{ inputs.deployment_name }}
kubectl -n default rollout status deployment/${{ inputs.deployment_name }}
- name: Set workflow outputs
id: set_outputs
run: |
echo "image=${{ inputs.service_name }}:${{ inputs.image_tag_prefix }}${{ env.image_tag }}" >> $GITHUB_OUTPUT