Skip to content

Commit

Permalink
workflow updated with platform vars from ssm param store
Browse files Browse the repository at this point in the history
  • Loading branch information
@priyaranjanpatil
priyaranjanpatil committed Dec 4, 2023
1 parent 7a07d1e commit 206053d
Showing 1 changed file with 96 additions and 100 deletions.
196 changes: 96 additions & 100 deletions .github/workflows/github-actions.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,23 +53,19 @@ jobs:
- name: Retrieve Parameters - ssm parameter store
id: getParameters
run: |
# Replace 'YourPath' with your specific path in Parameter Store
# Replace '--path' with your specific path from Parameter Store
parameters=$(aws ssm get-parameters-by-path --path "/core/es_indexer/dev_ecr_ecs_config/" --recursive --query 'Parameters[*].[Name,Value]' --output json)
echo "$parameters" > parameters.json
echo "::set-output name=parameters_json::$parameters"
- name: Display Retrieved Parameters
run: cat parameters.json

- name: Process Parameters
- name: Process Parameters - ssm parameter store
run: |
parameters=$(cat parameters.json)
# Loop through the JSON array of parameters using jq
for row in $(echo "${parameters}" | jq -r '.[] | @base64'); do
_jq() {
echo "${row}" | base64 --decode | jq -r "${1}"
}
name=$(_jq '.[0]')
value=$(_jq '.[1]')
Expand All @@ -91,106 +87,106 @@ jobs:
fi
done
- name: Print new env var values
- name: Print new env var values - ssm parameter store
run: |
printf '%s\n' "$ECR_REPOSITORY"
printf '%s\n' "$ECS_CLUSTER"
printf '%s\n' "$ECS_SERVICE"
printf '%s\n' "$CONTAINER_NAME"
# - name: Prepare
# id: prep
# run: |
# BRANCH=${GITHUB_REF##*/}
# TS=$(date +%s)
# REVISION=${GITHUB_SHA::8}
# BUILD_ID="${BRANCH}-${REVISION}-${TS}"
# LATEST_ID=canary
# if [[ $GITHUB_REF == refs/tags/* ]]; then
# BUILD_ID=${GITHUB_REF/refs\/tags\//}
# LATEST_ID=latest
# fi
# echo ::set-output name=BUILD_DATE::$(date -u +'%Y-%m-%dT%H:%M:%SZ')
# echo ::set-output name=BUILD_ID::${BUILD_ID}
# echo ::set-output name=LATEST_ID::${LATEST_ID} >> $GITHUB_OUTPUT

# - name: Checkout
# uses: actions/checkout@v3
- name: Prepare
id: prep
run: |
BRANCH=${GITHUB_REF##*/}
TS=$(date +%s)
REVISION=${GITHUB_SHA::8}
BUILD_ID="${BRANCH}-${REVISION}-${TS}"
LATEST_ID=canary
if [[ $GITHUB_REF == refs/tags/* ]]; then
BUILD_ID=${GITHUB_REF/refs\/tags\//}
LATEST_ID=latest
fi
echo ::set-output name=BUILD_DATE::$(date -u +'%Y-%m-%dT%H:%M:%SZ')
echo ::set-output name=BUILD_ID::${BUILD_ID}
echo ::set-output name=LATEST_ID::${LATEST_ID} >> $GITHUB_OUTPUT
- name: Checkout
uses: actions/checkout@v3

# - name: Set up JDK 17
# uses: actions/setup-java@v3
# with:
# distribution: 'temurin'
# java-version: '17'
# cache: 'maven'
- name: Set up JDK 17
uses: actions/setup-java@v3
with:
distribution: 'temurin'
java-version: '17'
cache: 'maven'

# - name: Login to Amazon ECR
# id: login-ecr
# uses: aws-actions/amazon-ecr-login@v2

# - name: Build and tag image
# id: build-image
# env:
# ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
# ECR_REPOSITORY: ${{ vars.ECR_REPOSITORY }}
# IMAGE_TAG: ${{ steps.prep.outputs.BUILD_ID }}
# LATEST_ID: ${{ steps.prep.outputs.LATEST_ID }}
# run: |
# # Build a docker container and
# # be deployed to ECS.
# # docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
# # echo "image=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT
# # aws ecr get-login-password --region ap-southeast-2 | docker login --username AWS --password-stdin $ACCOUNT_ID
# docker build -t $ECR_REPOSITORY:$IMAGE_TAG .
# echo "image=$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT

# - name: Run Trivy vulnerability scanner in docker mode
# uses: aquasecurity/trivy-action@master
# with:
# image-ref: ${{ steps.build-image.outputs.image }}
# format: 'table'
# severity: 'HIGH,CRITICAL'
# vuln-type: 'os,library'
# exit-code: 1
# ignore-unfixed: true
# continue-on-error: true
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2

- name: Build and tag image
id: build-image
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
ECR_REPOSITORY: ${{ vars.ECR_REPOSITORY }}
IMAGE_TAG: ${{ steps.prep.outputs.BUILD_ID }}
LATEST_ID: ${{ steps.prep.outputs.LATEST_ID }}
run: |
# Build a docker container and
# be deployed to ECS.
# docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
# echo "image=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT
# aws ecr get-login-password --region ap-southeast-2 | docker login --username AWS --password-stdin $ACCOUNT_ID
docker build -t $ECR_REPOSITORY:$IMAGE_TAG .
echo "image=$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT
- name: Run Trivy vulnerability scanner in docker mode
uses: aquasecurity/trivy-action@master
with:
image-ref: ${{ steps.build-image.outputs.image }}
format: 'table'
severity: 'HIGH,CRITICAL'
vuln-type: 'os,library'
exit-code: 1
ignore-unfixed: true
continue-on-error: true

# - name: Push image to Amazon ECR
# id: push-image
# env:
# ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
# ECR_REPOSITORY: ${{ vars.ECR_REPOSITORY }}
# IMAGE_TAG: ${{ steps.prep.outputs.BUILD_ID }}
# LATEST_ID: ${{ steps.prep.outputs.LATEST_ID }}
# run: |
# # Build a docker container and
# # be deployed to ECS.
# # docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
# # echo "image=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT
# # aws ecr get-login-password --region ap-southeast-2 | docker login --username AWS --password-stdin $ACCOUNT_ID
# docker push $ECR_REPOSITORY:$IMAGE_TAG
# echo "image=$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT

# - name: Fill in the new image ID in the Amazon ECS task definition
# id: task-def
# uses: aws-actions/amazon-ecs-render-task-definition@v1
# with:
# task-definition: ${{ env.ECS_TASK_DEFINITION }}
# container-name: ${{ env.CONTAINER_NAME }}
# image: ${{ steps.push-image.outputs.image }}
# environment-variables: |
# GEONETWORK_HOST=${{ vars.GEONETWORK_HOST }}
# SERVER_PORT=${{ vars.SERVER_PORT }}
# ELASTICSEARCH_SERVERURL=${{ vars.ELASTICSEARCH_SERVERURL }}
# ELASTICSEARCH_APIKEY=${{ vars.ELASTICSEARCH_APIKEY }}
# APP_HTTP_AUTHTOKEN=${{ vars.APP_HTTP_AUTHTOKEN }}
# ELASTICSEARCH_INDEX_NAME=${{ vars.ELASTICSEARCH_INDEX_NAME }}
# IMAGE=${{ steps.push-image.outputs.image }}

# - name: Deploy Amazon ECS task definition
# uses: aws-actions/amazon-ecs-deploy-task-definition@v1
# with:
# task-definition: ${{ steps.task-def.outputs.task-definition }}
# service: ${{ env.ECS_SERVICE }}
# cluster: ${{ env.ECS_CLUSTER }}
# wait-for-service-stability: true
- name: Push image to Amazon ECR
id: push-image
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
ECR_REPOSITORY: ${{ vars.ECR_REPOSITORY }}
IMAGE_TAG: ${{ steps.prep.outputs.BUILD_ID }}
LATEST_ID: ${{ steps.prep.outputs.LATEST_ID }}
run: |
# Build a docker container and
# be deployed to ECS.
# docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
# echo "image=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT
# aws ecr get-login-password --region ap-southeast-2 | docker login --username AWS --password-stdin $ACCOUNT_ID
docker push $ECR_REPOSITORY:$IMAGE_TAG
echo "image=$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT
- name: Fill in the new image ID in the Amazon ECS task definition
id: task-def
uses: aws-actions/amazon-ecs-render-task-definition@v1
with:
task-definition: ${{ env.ECS_TASK_DEFINITION }}
container-name: ${{ env.CONTAINER_NAME }}
image: ${{ steps.push-image.outputs.image }}
environment-variables: |
GEONETWORK_HOST=${{ vars.GEONETWORK_HOST }}
SERVER_PORT=${{ vars.SERVER_PORT }}
ELASTICSEARCH_SERVERURL=${{ vars.ELASTICSEARCH_SERVERURL }}
ELASTICSEARCH_APIKEY=${{ vars.ELASTICSEARCH_APIKEY }}
APP_HTTP_AUTHTOKEN=${{ vars.APP_HTTP_AUTHTOKEN }}
ELASTICSEARCH_INDEX_NAME=${{ vars.ELASTICSEARCH_INDEX_NAME }}
IMAGE=${{ steps.push-image.outputs.image }}
- name: Deploy Amazon ECS task definition
uses: aws-actions/amazon-ecs-deploy-task-definition@v1
with:
task-definition: ${{ steps.task-def.outputs.task-definition }}
service: ${{ env.ECS_SERVICE }}
cluster: ${{ env.ECS_CLUSTER }}
wait-for-service-stability: true

0 comments on commit 206053d

Please sign in to comment.