Version Packages (#1287) #1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI/CD Pipeline for Auth Backend (Production) | |
on: | |
push: | |
branches: | |
- main | |
paths: | |
- 'apps/auth-service/**' | |
jobs: | |
build_and_deploy: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v2 | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v1 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: ${{ secrets.AWS_REGION }} | |
- name: Read version from package.json | |
id: get_version | |
run: | | |
VERSION=$(cat apps/auth-service/package.json | jq -r '.version') | |
echo "VERSION=${VERSION}" >> $GITHUB_ENV | |
- name: Login to Amazon ECR | |
run: | | |
aws ecr get-login-password --region ${{ secrets.AWS_REGION }} | docker login --username AWS --password-stdin ${{ secrets.ECR_REGISTRY }} | |
- name: Check latest image version in ECR | |
id: check_version | |
run: | | |
LATEST_ECR_VERSION=$(aws ecr describe-images --repository-name ${{ secrets.ECR_REPOSITORY_AUTH_BACKEND_NAME }} --region ${{ secrets.AWS_REGION }} --query 'sort_by(imageDetails,& imagePushedAt)[-1].imageTags[0]' --output text) | |
if [ "$VERSION" == "$LATEST_ECR_VERSION" ]; then | |
echo "::set-output name=should_deploy::false" | |
else | |
echo "::set-output name=should_deploy::true" | |
fi | |
- name: Build Docker image | |
if: steps.check_version.outputs.should_deploy == 'true' | |
run: | | |
docker build -f apps/auth-service/Dockerfile --no-cache --progress=plain -t ${{ secrets.ECR_REGISTRY }}/${{ secrets.ECR_REPOSITORY_AUTH_BACKEND_NAME }}:$VERSION . | |
- name: Push Docker image to Amazon ECR | |
if: steps.check_version.outputs.should_deploy == 'true' | |
run: | | |
docker push ${{ secrets.ECR_REGISTRY }}/${{ secrets.ECR_REPOSITORY_AUTH_BACKEND_NAME }}:$VERSION | |
- name: Decode SSH Key | |
run: echo "${{ secrets.AWS_SSH_KEY }}" | base64 --decode > private_key.pem | |
- name: Set file permissions | |
run: chmod 600 private_key.pem | |
- name: Deploy to EC2 | |
if: steps.check_version.outputs.should_deploy == 'true' | |
run: | | |
ssh -o StrictHostKeyChecking=no -i private_key.pem ${{ secrets.AWS_EC2_USER_NAME }}@${{ secrets.AWS_EC2_HOST }} ' | |
export AWS_REGION=${{ secrets.AWS_REGION }} | |
export ECR_REGISTRY=${{ secrets.ECR_REGISTRY }} | |
export ECR_REPOSITORY_AUTH_BACKEND_NAME=${{ secrets.ECR_REPOSITORY_AUTH_BACKEND_NAME }} | |
aws ecr get-login-password --region $AWS_REGION | sudo docker login --username AWS --password-stdin $ECR_REGISTRY | |
LATEST_IMAGE_VERSION=$(aws ecr describe-images --repository-name $ECR_REPOSITORY_AUTH_BACKEND_NAME --region $AWS_REGION --query "sort_by(imageDetails,& imagePushedAt)[-1].imageTags[0]" --output text) | |
echo "Latest image version: $LATEST_IMAGE_VERSION" | |
cd nginx/ | |
sed -i -E "s|(auth-backend:)[0-9]+\.[0-9]+\.[0-9]+|\1$LATEST_IMAGE_VERSION|g" docker-compose.yml | |
if [ $? -eq 0 ]; then | |
echo "Image version updated successfully in docker-compose.yml." | |
else | |
echo "Failed to update image version in docker-compose.yml." | |
exit 1 | |
fi | |
sudo docker compose down auth-backend-service | |
sudo docker compose pull auth-backend-service | |
sudo docker compose up -d auth-backend-service | |
' |