Bump aws-sdk-s3 from 1.136.0 to 1.137.0 #1446
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| on: push | |
| name: Build | |
| env: | |
| IMAGE_TAG: ${{ github.sha }} | |
| IMAGE_ALIAS: latest | |
| ECR_REGISTRY: public.ecr.aws/somleng | |
| GHCR_REGISTRY: ghcr.io/somleng | |
| APP_IDENTIFIER: scfm | |
| ECS_CLUSTER: scfm | |
| jobs: | |
| build: | |
| name: Build | |
| runs-on: ubuntu-latest | |
| env: | |
| PGHOST: localhost | |
| PGUSER: postgres | |
| RAILS_ENV: test | |
| CI: true | |
| services: | |
| postgres: | |
| image: postgres | |
| env: | |
| POSTGRES_USER: postgres | |
| POSTGRES_PASSWORD: "" | |
| POSTGRES_HOST_AUTH_METHOD: trust | |
| ports: | |
| - 5432:5432 | |
| # needed because the postgres container does not provide a healthcheck | |
| options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Setup Ruby | |
| uses: ruby/setup-ruby@v1 | |
| with: | |
| bundler-cache: true | |
| - name: Setup Node | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version-file: ".tool-versions" | |
| cache: 'yarn' | |
| - name: Setup DB | |
| run: bundle exec rails db:create db:schema:load | |
| - name: Run Specs | |
| run: | | |
| bundle exec rails spec:prepare | |
| bundle exec rspec --format RspecApiDocumentation::ApiFormatter | |
| - name: Prepare Documentation Source | |
| if: github.ref == 'refs/heads/master' | |
| run: | | |
| cp -R doc/slate/source/* doc/api | |
| cp app/assets/images/scfm_logo.png doc/api/logo.png | |
| - name: Upload Documentation Source | |
| if: github.ref == 'refs/heads/master' | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: documentation_source | |
| path: doc/api | |
| build_documentation: | |
| name: Build Documentation | |
| runs-on: ubuntu-latest | |
| needs: build | |
| if: github.ref == 'refs/heads/master' | |
| steps: | |
| - name: Checkout Slate | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: main | |
| repository: slatedocs/slate | |
| - name: Setup Ruby | |
| uses: ruby/setup-ruby@v1 | |
| with: | |
| bundler-cache: true | |
| ruby-version: '3' | |
| - name: Download Documentation Source | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: documentation_source | |
| path: source | |
| - name: Prepare Slate | |
| run: | | |
| echo "@import 'overrides';" >> source/stylesheets/_variables.scss | |
| - name: Build API Documentation | |
| run: bundle exec middleman build | |
| - name: Upload API Documentation | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: api_documentation | |
| path: build | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }} | |
| role-skip-session-tagging: true | |
| role-duration-seconds: 3600 | |
| aws-region: ap-southeast-1 | |
| - name: Deploy API Documentation | |
| run: aws s3 sync --acl public-read --delete build s3://www.somleng.org/docs/scfm | |
| - name: Invalidate Cache | |
| run: aws cloudfront create-invalidation --distribution-id E3962XCJFZ0KB1 --paths /docs/scfm/\* | |
| build-packages: | |
| name: Build Packages | |
| runs-on: ubuntu-latest | |
| if: github.ref == 'refs/heads/master' | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| platform: ["amd64", "arm64"] | |
| needs: | |
| - build | |
| steps: | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }} | |
| role-skip-session-tagging: true | |
| role-duration-seconds: 3600 | |
| aws-region: ap-southeast-1 | |
| - name: Build image | |
| uses: aws-actions/aws-codebuild-run-build@v1 | |
| with: | |
| project-name: scfm-${{ matrix.platform }} | |
| buildspec-override: | | |
| version: 0.2 | |
| phases: | |
| install: | |
| commands: | |
| # Temp fix: Remove this install phase. See: https://github.com/aws/aws-codebuild-docker-images/pull/642 | |
| - export BUILDX_VERSION=$(curl --silent "https://api.github.com/repos/docker/buildx/releases/latest" |jq -r .tag_name) | |
| - curl -JLO "https://github.com/docker/buildx/releases/download/$BUILDX_VERSION/buildx-$BUILDX_VERSION.linux-${{ matrix.platform }}" | |
| - mkdir -p ~/.docker/cli-plugins | |
| - mv "buildx-$BUILDX_VERSION.linux-${{ matrix.platform }}" ~/.docker/cli-plugins/docker-buildx | |
| - chmod +x ~/.docker/cli-plugins/docker-buildx | |
| build: | |
| steps: | |
| - name: Build | |
| run: | | |
| aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws | |
| export DOCKER_BUILDKIT=1 | |
| docker build --cache-from ${{ env.ECR_REGISTRY }}/scfm:${{ env.IMAGE_ALIAS }}-${{ matrix.platform }} --tag ${{ env.ECR_REGISTRY }}/scfm:${{ env.IMAGE_ALIAS }}-${{ matrix.platform }} --push . | |
| docker build --cache-from ${{ env.ECR_REGISTRY }}/scfm-nginx:${{ env.IMAGE_ALIAS }}-${{ matrix.platform }} --tag ${{ env.ECR_REGISTRY }}/scfm-nginx:${{ env.IMAGE_ALIAS }}-${{ matrix.platform }} --push docker/nginx | |
| build-manifest: | |
| name: Build Manifest | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build-packages | |
| steps: | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }} | |
| role-skip-session-tagging: true | |
| role-duration-seconds: 3600 | |
| aws-region: ap-southeast-1 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Build Manifest | |
| run: | | |
| aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws | |
| declare -a platforms=("amd64" "arm64") | |
| declare -a components=("scfm" "scfm-nginx") | |
| for component in "${components[@]}" | |
| do | |
| source_images=$(printf "${{ env.ECR_REGISTRY }}/$component:${{ env.IMAGE_ALIAS }}-%s " "${platforms[@]}") | |
| docker buildx imagetools create -t ${{ env.ECR_REGISTRY }}/$component:${{ env.IMAGE_ALIAS }} -t ${{ env.ECR_REGISTRY }}/$component:${{ env.IMAGE_TAG }} $source_images | |
| done | |
| # Do this step in Github Actions because pushing to Github from AWS CodeBuild is slow | |
| publish_images: | |
| name: Publish Images | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build-packages | |
| steps: | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.repository_owner }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Publish Images | |
| run: | | |
| declare -a platforms=("amd64" "arm64") | |
| declare -a components=("scfm" "scfm-nginx") | |
| for platform in "${platforms[@]}" | |
| do | |
| for component in "${components[@]}" | |
| do | |
| docker image pull ${{ env.ECR_REGISTRY }}/$component:${{ env.IMAGE_ALIAS }}-$platform | |
| docker tag ${{ env.ECR_REGISTRY }}/$component:${{ env.IMAGE_ALIAS }}-$platform ${{ env.GHCR_REGISTRY }}/$component:${{ env.IMAGE_ALIAS }}-$platform | |
| docker push ${{ env.GHCR_REGISTRY }}/$component:${{ env.IMAGE_ALIAS }}-$platform | |
| done | |
| done | |
| for component in "${components[@]}" | |
| do | |
| source_images=$(printf "${{ env.GHCR_REGISTRY }}/$component:${{ env.IMAGE_ALIAS }}-%s " "${platforms[@]}") | |
| docker buildx imagetools create -t ${{ env.GHCR_REGISTRY }}/$component:${{ env.IMAGE_ALIAS }} $source_images | |
| done | |
| deploy: | |
| name: Deploy | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build-manifest | |
| steps: | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }} | |
| role-skip-session-tagging: true | |
| role-duration-seconds: 3600 | |
| aws-region: ap-southeast-1 | |
| - name: Get current webserver task definition | |
| run: | | |
| aws ecs describe-task-definition --task-definition ${{ env.APP_IDENTIFIER }}-webserver --query 'taskDefinition' > task-definition.json | |
| - name: Inject new NGINX image into webserver task definition | |
| id: render-nginx-task-def | |
| uses: aws-actions/amazon-ecs-render-task-definition@v1 | |
| with: | |
| task-definition: task-definition.json | |
| container-name: nginx | |
| image: ${{ env.ECR_REGISTRY }}/scfm-nginx:${{ env.IMAGE_TAG }} | |
| - name: Inject new APP image into webserver task definition | |
| id: render-webserver-task-def | |
| uses: aws-actions/amazon-ecs-render-task-definition@v1 | |
| with: | |
| task-definition: ${{ steps.render-nginx-task-def.outputs.task-definition }} | |
| container-name: app | |
| image: ${{ env.ECR_REGISTRY }}/scfm:${{ env.IMAGE_TAG }} | |
| - name: Get current worker task definition | |
| run: | | |
| aws ecs describe-task-definition --task-definition ${{ env.APP_IDENTIFIER }}-worker --query 'taskDefinition' > task-definition.json | |
| - name: Inject new APP image into worker task definition | |
| id: render-worker-task-def | |
| uses: aws-actions/amazon-ecs-render-task-definition@v1 | |
| with: | |
| task-definition: task-definition.json | |
| container-name: worker | |
| image: ${{ env.ECR_REGISTRY }}/scfm:${{ env.IMAGE_TAG }} | |
| - name: Get current worker (Fargate) task definition | |
| run: | | |
| aws ecs describe-task-definition --task-definition ${{ env.APP_IDENTIFIER }}-worker-fargate --query 'taskDefinition' > task-definition.json | |
| - name: Inject new APP image into Fargate worker task definition | |
| id: render-fargate-worker-task-def | |
| uses: aws-actions/amazon-ecs-render-task-definition@v1 | |
| with: | |
| task-definition: task-definition.json | |
| container-name: worker | |
| image: ${{ env.ECR_REGISTRY }}/scfm:${{ env.IMAGE_TAG }} | |
| - name: Register Fargate task definition | |
| uses: aws-actions/amazon-ecs-deploy-task-definition@v1 | |
| with: | |
| task-definition: ${{ steps.render-fargate-worker-task-def.outputs.task-definition }} | |
| - name: Run DB Migrate using Fargate | |
| run: | | |
| network_configuration=$(aws ecs describe-services --cluster ${{ env.ECS_CLUSTER }} --service ${{ env.APP_IDENTIFIER }}-worker --query 'services[0]' | jq 'with_entries(select([.key] | inside(["networkConfiguration"])))') | |
| run_task_params=$(echo $network_configuration | jq '.startedBy = "db_migrate_ci" | .cluster = "${{ env.ECS_CLUSTER }}" | .launchType = "FARGATE" | .taskDefinition = "${{ env.APP_IDENTIFIER }}-worker-fargate" | .overrides.containerOverrides[0].name = "worker" | .overrides.containerOverrides[0].command = ["bundle", "exec", "rails", "db:migrate"]' | jq -r tostring) | |
| aws ecs run-task --cli-input-json $run_task_params | |
| - name: Deploy Webserver | |
| uses: aws-actions/amazon-ecs-deploy-task-definition@v1 | |
| with: | |
| task-definition: ${{ steps.render-webserver-task-def.outputs.task-definition }} | |
| service: ${{ env.APP_IDENTIFIER }}-webserver | |
| cluster: ${{ env.ECS_CLUSTER }} | |
| wait-for-service-stability: true | |
| - name: Deploy Worker | |
| uses: aws-actions/amazon-ecs-deploy-task-definition@v1 | |
| with: | |
| task-definition: ${{ steps.render-worker-task-def.outputs.task-definition }} | |
| service: ${{ env.APP_IDENTIFIER }}-worker | |
| cluster: ${{ env.ECS_CLUSTER }} | |
| wait-for-service-stability: true |