pagopa · batdevis · Nov 5, 2024 · Nov 5, 2024 · Nov 5, 2024
@@ -0,0 +1,166 @@
+name: Deploy Chatbot
+
+on:
+  push:
+    branches: ['main']
+    # Run only if there are at least one change matching the following paths
+    paths:
+      - 'apps/chatbot/**'
+      - '.github/workflows/deploy_chatbot.yaml'
+
+  workflow_dispatch:
+    inputs:
+      environment:
+        description: 'The environment used as target'
+        type: choice
+        required: true
+        default: dev
+        options:
+          - dev
+          - prod
+      logLevel:
+        description: 'Log level'
+        required: true
+        default: 'warning'
+        type: choice
+        options:
+          - warning
+
+defaults:
+  run:
+    shell: bash
+    working-directory: apps/chatbot
+
+permissions:
+  id-token: write   # This is required for requesting the JWT
+  contents: read    # This is required for actions/checkout
+
+jobs:
+
+  cd_deploy_chatbot:
+    name: Build and push Chatbot API lambda image (on ${{ matrix.environment }})
+    if: github.event_name == 'push' && github.event.ref == 'refs/heads/main'
+    runs-on: ubuntu-latest
+    continue-on-error: false
+    strategy:
+      matrix:
+        environment: [ 'dev' ]
+    environment: ${{ matrix.environment }}
+
+    concurrency:
+      group: ${{ github.workflow }}-${{ matrix.environment }}
+      cancel-in-progress: false
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
+
+      - name: Configure AWS Credentials
+        uses: ./.github/actions/configure-aws-credentials
+        with:
+          aws_region: ${{ env.AWS_REGION || 'eu-south-1' }}
+          role_to_assume: ${{ secrets.IAM_ROLE_DEPLOY_CHATBOT }}
+
+      - name: Login to Amazon ECR
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@062b18b96a7aff071d4dc91bc00c4c1a7945b076 # v2.0.1
+
+      - name: Build Push and Tag
+        # Enabling the "continue on error" option allows for a manual rollback
+        # to be performed in case of any issues. Without this option, the step
+        # will fail if the image already exists in the Elastic Container
+        # Registry (ECR). However, by activating this option, the deployment
+        # process will proceed to the next steps even if the ECR image already
+        # exists
+        continue-on-error: true
+        uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
+        env:
+          ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
+          ECR_REPOSITORY: chatbot
+          IMAGE_TAG: ${{ github.sha }}
+        with:
+            context: apps/chatbot
+            file: docker/app.Dockerfile
+            push: true
+            tags: ${{ env.ECR_REGISTRY }}/${{ env.ECR_REPOSITORY }}:${{ env.IMAGE_TAG }}
+            provenance: false
+
+      - name: Generate task-definition file
+        run: aws ecs describe-task-definition --task-definition chatbot-task-def --query taskDefinition > task-definition.json
+
+      - name: Update ImageTag in task-definition
+        id: task-def
+        uses: aws-actions/amazon-ecs-render-task-definition@4225e0b507142a2e432b018bc3ccb728559b437a # v1.2.0
+        with:
+           task-definition: apps/chatbot/task-definition.json
+           container-name: chatbot-docker
+           image: ${{ steps.login-ecr.outputs.registry }}/strapi:${{ github.sha }}
+
+      - name: Deploy new ECS task definition
+        uses: aws-actions/amazon-ecs-deploy-task-definition@df9643053eda01f169e64a0e60233aacca83799a # v1.4.11
+        with:
+            task-definition: ${{ steps.task-def.outputs.task-definition }}
+            service: chatbot-ecs
+            cluster: chatbot-ecs-cluster
+
+  manual_deploy:
+    name: Build and push Chatbot API lambda image (manual trigger) - (${{ inputs.environment }})
+    if: github.event_name == 'workflow_dispatch'
+    runs-on: ubuntu-latest
+    continue-on-error: false
+    environment: ${{ inputs.environment }}
+
+    concurrency:
+      group: ${{ github.workflow }}-${{ inputs.environment }}
+      cancel-in-progress: false
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
+
+      - name: Configure AWS Credentials
+        uses: ./.github/actions/configure-aws-credentials
+        with:
+          aws_region: ${{ env.AWS_REGION || 'eu-south-1' }}
+          role_to_assume: ${{ secrets.IAM_ROLE_DEPLOY_CHATBOT }}
+
+      - name: Login to Amazon ECR
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@062b18b96a7aff071d4dc91bc00c4c1a7945b076 # v2.0.1
+
+      - name: Build Push and Tag
+        # Enabling the "continue on error" option allows for a manual rollback
+        # to be performed in case of any issues. Without this option, the step
+        # will fail if the image already exists in the Elastic Container
+        # Registry (ECR). However, by activating this option, the deployment
+        # process will proceed to the next steps even if the ECR image already
+        # exists
+        continue-on-error: true
+        uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
+        env:
+          ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
+          ECR_REPOSITORY: chatbot
+          IMAGE_TAG: ${{ github.sha }}
+        with:
+            context: apps/chatbot
+            push: true
+            tags: ${{ env.ECR_REGISTRY }}/${{ env.ECR_REPOSITORY }}:${{ env.IMAGE_TAG }}
+            provenance: false
+
+      - name: Generate task-definition file
+        run: aws ecs describe-task-definition --task-definition chatbot-task-def --query taskDefinition > task-definition.json
+
+      - name: Update ImageTag in task-definition
+        id: task-def
+        uses: aws-actions/amazon-ecs-render-task-definition@4225e0b507142a2e432b018bc3ccb728559b437a # v1.2.0
+        with:
+           task-definition: apps/chatbot/task-definition.json
+           container-name: chatbot-docker
+           image: ${{ steps.login-ecr.outputs.registry }}/strapi:${{ github.sha }}
+
+      - name: Deploy new ECS task definition
+        uses: aws-actions/amazon-ecs-deploy-task-definition@df9643053eda01f169e64a0e60233aacca83799a # v1.4.11
+        with:
+            task-definition: ${{ steps.task-def.outputs.task-definition }}
+            service: chatbot-ecs
+            cluster: chatbot-ecs-cluster
@@ -1,4 +1,4 @@
-## ECR Container Registry for CMS Strapi
+## ECR Container Registry for Chatbot
 module "ecr" {
   source = "git::https://github.com/terraform-aws-modules/terraform-aws-ecr.git?ref=9f4b587846551110b0db199ea5599f016570fefe" # v1.6.0
 
@@ -22,4 +22,4 @@ module "ecr" {
       }
     ]
   })
-}
+}
@@ -90,4 +90,18 @@ module "iam_role_bedrock_logging" {
     "bedrock.amazonaws.com"
   ]
   role_requires_mfa = false
-}
+}
+
+###############################################################################
+#                Define IAM Role to use on chatbot deploy                     #
+###############################################################################
+resource "aws_iam_role" "deploy_chatbot" {
+  name               = "GitHubActionDeployChatbot"
+  description        = "Role to assume to deploy the chatbot"
+  assume_role_policy = data.aws_iam_policy_document.deploy_github.json
+}
+
+resource "aws_iam_role_policy_attachment" "deploy_chatbot" {
+  role       = aws_iam_role.deploy_chatbot.name
+  policy_arn = aws_iam_policy.deploy_chatbot.arn
+}