Skip to content

Deployment

Deployment #1425

Workflow file for this run

name: Deployment
on:
workflow_dispatch:
inputs:
ref:
description: "Version to deploy"
required: true
mqtt_bridge_tag:
description: "MQTT bridge container tag to deploy"
required: true
permissions:
id-token: write
packages: write
env:
STACK_NAME: ${{ vars.STACK_NAME }}
AWS_REGION: ${{ vars.AWS_REGION }}
FORCE_COLOR: 3
JSII_SILENCE_WARNING_UNTESTED_NODE_VERSION: 1
REGISTRY: ghcr.io
API_DOMAIN_NAME: ${{ vars.API_DOMAIN_NAME }}
API_DOMAIN_ROUTE_53_ROLE_ARN: ${{ secrets.API_DOMAIN_ROUTE_53_ROLE_ARN }}
jobs:
print-inputs:
name: Print inputs
runs-on: ubuntu-24.04
steps:
- name: Print inputs
run: |
echo ref=${{ github.event.inputs.ref }}
echo mqtt_bridge_tag=${{ github.event.inputs.mqtt_bridge_tag }}
docker:
name: Push Docker images to ECR
runs-on: ubuntu-24.04
environment: production
strategy:
matrix:
image:
- mqtt-bridge
include:
- image: mqtt-bridge
tag: ${{ github.event.inputs.mqtt_bridge_tag }}
steps:
- name: Log in to the repo's container registry
uses: docker/login-action@1f36f5b7a2d2f7bfd524795fc966e6d88c37baa9
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Pull Docker image from repository registry
run: |
docker pull ${{ env.REGISTRY }}/${{ github.repository }}/${{ matrix.image }}:${{ matrix.tag }}
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.AWS_ROLE }}
aws-region: ${{ vars.AWS_REGION }}
- name: Get credentials for ECR
id: token
run: |
CREDS=$(aws ecr get-authorization-token | jq -r '.authorizationData[0].authorizationToken')
PARTS=($(echo $CREDS | tr ':' '\n'))
TOKEN=${PARTS[1]}
echo "token=$TOKEN" >> $GITHUB_OUTPUT
echo "::add-mask::$TOKEN"
- name: Get repository on ECR
id: repositoryUri
run: |
REPO_URI=$(aws ecr describe-repositories --repository-names ${{ env.STACK_NAME }}-${{ matrix.image }} | jq -r '.repositories[0].repositoryUri')
echo "repositoryUri=$REPO_URI" >> $GITHUB_OUTPUT
- name: Log in to the repo's container registry
uses: docker/login-action@1f36f5b7a2d2f7bfd524795fc966e6d88c37baa9
with:
registry: ${{ steps.repositoryUri.outputs.repositoryUri }}
username: AWS
password: ${{ steps.token.outputs.token }}
- name: Tag Docker image for ECR
run: |
docker tag ${{ env.REGISTRY }}/${{ github.repository }}/${{ matrix.image }}:${{ matrix.tag }} ${{ steps.repositoryUri.outputs.repositoryUri }}:${{ matrix.tag }}
- name: Check if Docker image exists on ECR
id: check-docker-image
continue-on-error: true
run: |
docker manifest inspect ${{ steps.repositoryUri.outputs.repositoryUri }}:${{ matrix.tag }}
- name: Push Docker image to ECR
if: steps.check-docker-image.outcome == 'failure'
run: |
docker push ${{ steps.repositoryUri.outputs.repositoryUri }}:${{ matrix.tag }}
deploy:
runs-on: ubuntu-24.04
environment: production
needs: docker
env:
FORCE_COLOR: 3
JSII_SILENCE_WARNING_UNTESTED_NODE_VERSION: 1
MQTT_BRIDGE_CONTAINER_TAG: ${{ github.event.inputs.mqtt_bridge_tag }}
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.event.inputs.ref }}
- name: Determine released version
id: version
run: |
git fetch --tags
VERSION=`git describe --abbrev=0 --tags --always | tr -d '\n'`
echo "VERSION=$VERSION" >> $GITHUB_ENV
- uses: actions/setup-node@v4
with:
node-version: "22.x"
cache: "npm"
- uses: actions/setup-go@v5
with:
go-version: "^1.21.6"
- name: Install dependencies
run: npm ci --no-audit
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.AWS_ROLE }}
aws-region: ${{ vars.AWS_REGION }}
- name: Show nRF Cloud Account
run: ./cli.sh show-nrfcloud-account nordic
- run: npx cdk diff
- name: Deploy solution stack
run: npx cdk deploy --all --require-approval never