Deployment #1424
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deployment | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| ref: | |
| description: "Version to deploy" | |
| required: true | |
| mqtt_bridge_tag: | |
| description: "MQTT bridge container tag to deploy" | |
| required: true | |
| permissions: | |
| id-token: write | |
| packages: write | |
| env: | |
| STACK_NAME: ${{ vars.STACK_NAME }} | |
| AWS_REGION: ${{ vars.AWS_REGION }} | |
| FORCE_COLOR: 3 | |
| JSII_SILENCE_WARNING_UNTESTED_NODE_VERSION: 1 | |
| REGISTRY: ghcr.io | |
| API_DOMAIN_NAME: ${{ vars.API_DOMAIN_NAME }} | |
| API_DOMAIN_ROUTE_53_ROLE_ARN: ${{ secrets.API_DOMAIN_ROUTE_53_ROLE_ARN }} | |
| jobs: | |
| print-inputs: | |
| name: Print inputs | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - name: Print inputs | |
| run: | | |
| echo ref=${{ github.event.inputs.ref }} | |
| echo mqtt_bridge_tag=${{ github.event.inputs.mqtt_bridge_tag }} | |
| docker: | |
| name: Push Docker images to ECR | |
| runs-on: ubuntu-24.04 | |
| environment: production | |
| strategy: | |
| matrix: | |
| image: | |
| - mqtt-bridge | |
| include: | |
| - image: mqtt-bridge | |
| tag: ${{ github.event.inputs.mqtt_bridge_tag }} | |
| steps: | |
| - name: Log in to the repo's container registry | |
| uses: docker/login-action@1f36f5b7a2d2f7bfd524795fc966e6d88c37baa9 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Pull Docker image from repository registry | |
| run: | | |
| docker pull ${{ env.REGISTRY }}/${{ github.repository }}/${{ matrix.image }}:${{ matrix.tag }} | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: ${{ secrets.AWS_ROLE }} | |
| aws-region: ${{ vars.AWS_REGION }} | |
| - name: Get credentials for ECR | |
| id: token | |
| run: | | |
| CREDS=$(aws ecr get-authorization-token | jq -r '.authorizationData[0].authorizationToken') | |
| PARTS=($(echo $CREDS | tr ':' '\n')) | |
| TOKEN=${PARTS[1]} | |
| echo "token=$TOKEN" >> $GITHUB_OUTPUT | |
| echo "::add-mask::$TOKEN" | |
| - name: Get repository on ECR | |
| id: repositoryUri | |
| run: | | |
| REPO_URI=$(aws ecr describe-repositories --repository-names ${{ env.STACK_NAME }}-${{ matrix.image }} | jq -r '.repositories[0].repositoryUri') | |
| echo "repositoryUri=$REPO_URI" >> $GITHUB_OUTPUT | |
| - name: Log in to the repo's container registry | |
| uses: docker/login-action@1f36f5b7a2d2f7bfd524795fc966e6d88c37baa9 | |
| with: | |
| registry: ${{ steps.repositoryUri.outputs.repositoryUri }} | |
| username: AWS | |
| password: ${{ steps.token.outputs.token }} | |
| - name: Tag Docker image for ECR | |
| run: | | |
| docker tag ${{ env.REGISTRY }}/${{ github.repository }}/${{ matrix.image }}:${{ matrix.tag }} ${{ steps.repositoryUri.outputs.repositoryUri }}:${{ matrix.tag }} | |
| - name: Check if Docker image exists on ECR | |
| id: check-docker-image | |
| continue-on-error: true | |
| run: | | |
| docker manifest inspect ${{ steps.repositoryUri.outputs.repositoryUri }}:${{ matrix.tag }} | |
| - name: Push Docker image to ECR | |
| if: steps.check-docker-image.outcome == 'failure' | |
| run: | | |
| docker push ${{ steps.repositoryUri.outputs.repositoryUri }}:${{ matrix.tag }} | |
| deploy: | |
| runs-on: ubuntu-24.04 | |
| environment: production | |
| needs: docker | |
| env: | |
| FORCE_COLOR: 3 | |
| JSII_SILENCE_WARNING_UNTESTED_NODE_VERSION: 1 | |
| MQTT_BRIDGE_CONTAINER_TAG: ${{ github.event.inputs.mqtt_bridge_tag }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event.inputs.ref }} | |
| - name: Determine released version | |
| id: version | |
| run: | | |
| git fetch --tags | |
| VERSION=`git describe --abbrev=0 --tags --always | tr -d '\n'` | |
| echo "VERSION=$VERSION" >> $GITHUB_ENV | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: "22.x" | |
| cache: "npm" | |
| - uses: actions/setup-go@v5 | |
| with: | |
| go-version: "^1.21.6" | |
| - name: Install dependencies | |
| run: npm ci --no-audit | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: ${{ secrets.AWS_ROLE }} | |
| aws-region: ${{ vars.AWS_REGION }} | |
| - name: Show nRF Cloud Account | |
| run: ./cli.sh show-nrfcloud-account nordic | |
| - run: npx cdk diff | |
| - name: Deploy solution stack | |
| run: npx cdk deploy --all --require-approval never |