Add GitHub Actions deployment workflow for ECR-based App Runner deployment

hk-dev13 · hk-dev13 · commit 10fed6e51df1 · 2025-08-19T23:39:33.000+07:00
diff --git a/.github/workflows/deploy-apprunner.yml b/.github/workflows/deploy-apprunner.yml
@@ -0,0 +1,107 @@
+name: Deploy to AWS App Runner
+
+on:
+  workflow_dispatch:  # Manual trigger
+  push:
+    branches: [ main ]
+    paths-ignore:
+      - 'README.md'
+      - 'docs/**'
+
+env:
+  AWS_REGION: ap-southeast-2
+  ECR_REPOSITORY: permit-api
+  IMAGE_TAG: ${{ github.sha }}
+
+jobs:
+  deploy:
+    name: Build and Deploy to App Runner
+    runs-on: ubuntu-latest
+    
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+
+    - name: Configure AWS credentials
+      uses: aws-actions/configure-aws-credentials@v4
+      with:
+        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        aws-region: ${{ env.AWS_REGION }}
+
+    - name: Login to Amazon ECR
+      id: login-ecr
+      uses: aws-actions/amazon-ecr-login@v2
+
+    - name: Create ECR repository if not exists
+      run: |
+        aws ecr describe-repositories --repository-names $ECR_REPOSITORY --region $AWS_REGION || \
+        aws ecr create-repository --repository-name $ECR_REPOSITORY --region $AWS_REGION
+
+    - name: Build, tag, and push image to Amazon ECR
+      env:
+        ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
+      run: |
+        # Build Docker image
+        docker build -f Dockerfile.apprunner -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
+        docker build -f Dockerfile.apprunner -t $ECR_REGISTRY/$ECR_REPOSITORY:latest .
+        
+        # Push to ECR
+        docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
+        docker push $ECR_REGISTRY/$ECR_REPOSITORY:latest
+        
+        echo "Image URI: $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT
+
+    - name: Create apprunner.yaml for ECR deployment
+      run: |
+        cat > apprunner-ecr.yaml << EOF
+        version: 1.0
+        runtime: docker
+        build:
+          commands:
+            build:
+              - echo "Using pre-built Docker image"
+        run:
+          runtime-version: latest
+          command: python run_server.py
+          network:
+            port: 8000
+            env: PORT
+          env:
+            - name: FLASK_ENV
+              value: "production"
+            - name: FLASK_DEBUG  
+              value: "0"
+            - name: PORT
+              value: "8000"
+            - name: API_KEYS
+              value: "demo_basic_key:DemoBasic:basic,demo_premium_key:DemoPremium:premium"
+            - name: MASTER_API_KEY
+              value: "demo_master_key_12345"
+            - name: LOG_LEVEL
+              value: "INFO"
+        EOF
+
+    - name: Deploy to App Runner (if service exists)
+      env:
+        ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
+      run: |
+        # Check if App Runner service exists
+        SERVICE_ARN=$(aws apprunner list-services --query "ServiceSummaryList[?ServiceName=='permit-api-service'].ServiceArn | [0]" --output text --region $AWS_REGION)
+        
+        if [ "$SERVICE_ARN" != "None" ] && [ "$SERVICE_ARN" != "" ]; then
+          echo "Updating existing App Runner service..."
+          aws apprunner start-deployment --service-arn $SERVICE_ARN --region $AWS_REGION
+          echo "Deployment started for service: $SERVICE_ARN"
+        else
+          echo "No existing App Runner service found. Please create service manually using:"
+          echo "Image URI: $ECR_REGISTRY/$ECR_REPOSITORY:latest"
+        fi
+
+    - name: Output deployment info
+      env:
+        ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
+      run: |
+        echo "🚀 Deployment completed!"
+        echo "📦 Docker Image: $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG"
+        echo "🔗 Use this image URI in App Runner console: $ECR_REGISTRY/$ECR_REPOSITORY:latest"
diff --git a/QUICK_DEPLOY.md b/QUICK_DEPLOY.md
@@ -0,0 +1,86 @@
+# AWS App Runner Deployment via GitHub Actions
+
+## Quick Solution for GitHub Connection Issues
+
+Since AWS App Runner GitHub connection is experiencing loading issues, we can use **GitHub Actions + ECR deployment** as an alternative.
+
+### Step 1: Setup AWS Credentials in GitHub
+
+1. **Get AWS Access Keys:**
+   ```bash
+   # In AWS Console → IAM → Users → Your User → Security Credentials
+   # Create Access Key for CLI/SDK usage
+   ```
+
+2. **Add GitHub Secrets:**
+   - Go to: `https://github.com/hk-dev13/project-permit-api/settings/secrets/actions`
+   - Add these secrets:
+     - `AWS_ACCESS_KEY_ID`: Your AWS Access Key
+     - `AWS_SECRET_ACCESS_KEY`: Your AWS Secret Key
+
+### Step 2: Run GitHub Action
+
+1. **Go to GitHub Actions:**
+   - URL: `https://github.com/hk-dev13/project-permit-api/actions`
+   - Click on "Deploy to AWS App Runner" workflow
+   - Click "Run workflow" → "Run workflow"
+
+2. **The action will:**
+   - Build Docker image using `Dockerfile.apprunner`
+   - Push to Amazon ECR
+   - Provide image URI for App Runner
+
+### Step 3: Create App Runner Service with ECR
+
+After GitHub Action completes:
+
+1. **In AWS App Runner Console:**
+   - Create service
+   - Source: **"Container registry"**
+   - Provider: **Amazon ECR**
+   - Container image URI: *(from GitHub Action output)*
+   - Port: `8000`
+
+2. **Service Configuration:**
+   ```yaml
+   Service name: permit-api-service
+   CPU: 1 vCPU
+   Memory: 2 GB
+   Port: 8000
+   Environment variables:
+     FLASK_ENV: production
+     FLASK_DEBUG: 0
+     PORT: 8000
+   ```
+
+### Alternative: Manual ECR Push (if GitHub Actions fails)
+
+If you prefer manual deployment:
+
+```powershell
+# Install AWS CLI first if not installed
+choco install awscli -y
+
+# Configure AWS
+aws configure
+
+# Get account ID
+$AWS_ACCOUNT_ID = aws sts get-caller-identity --query Account --output text
+
+# Login to ECR (after Docker is installed)
+aws ecr get-login-password --region ap-southeast-2 | docker login --username AWS --password-stdin "$AWS_ACCOUNT_ID.dkr.ecr.ap-southeast-2.amazonaws.com"
+
+# Build and push (after Docker is ready)
+docker build -f Dockerfile.apprunner -t permit-api .
+docker tag permit-api "$AWS_ACCOUNT_ID.dkr.ecr.ap-southeast-2.amazonaws.com/permit-api:latest"
+docker push "$AWS_ACCOUNT_ID.dkr.ecr.ap-southeast-2.amazonaws.com/permit-api:latest"
+```
+
+## Next Steps
+
+1. **Setup GitHub Secrets** (AWS credentials)
+2. **Run GitHub Action** to build and push Docker image
+3. **Create App Runner service** using ECR image URI
+4. **Test deployment** once service is running
+
+This approach bypasses the GitHub connection loading issue completely!
