Skip to content

Commit

Permalink
Merge pull request #4 from noisrucer/develop
Browse files Browse the repository at this point in the history 
⚙️ setting: Add CI/CD pipeline for prod
  • Loading branch information
@noisrucer
noisrucer authored Feb 11, 2024
2 parents 93d4217 + 95df682 commit 1755155
Show file tree
Hide file tree
Showing 2 changed files with 244 additions and 0 deletions.
138 changes: 138 additions & 0 deletions .aws/task-definition-prod.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,138 @@
{
"taskDefinitionArn": "arn:aws:ecs:ap-northeast-1:844790362879:task-definition/girok-server-prod:3",
"containerDefinitions": [
{
"name": "girok-server-prod",
"image": "844790362879.dkr.ecr.ap-northeast-1.amazonaws.com/girok-server-prod:latest",
"cpu": 0,
"portMappings": [
{
"name": "girok-server-prod-8080-tcp",
"containerPort": 8080,
"hostPort": 8080,
"protocol": "tcp",
"appProtocol": "http"
}
],
"essential": true,
"environment": [
{
"name": "DB_NAME",
"value": "girok_prod"
}
],
"environmentFiles": [],
"mountPoints": [],
"volumesFrom": [],
"secrets": [
{
"name": "DB_HOST",
"valueFrom": "arn:aws:ssm:ap-northeast-1:844790362879:parameter/DB_HOST"
},
{
"name": "DB_PASSWORD",
"valueFrom": "arn:aws:ssm:ap-northeast-1:844790362879:parameter/DB_PASSWORD"
},
{
"name": "DB_USERNAME",
"valueFrom": "arn:aws:ssm:ap-northeast-1:844790362879:parameter/DB_USERNAME"
},
{
"name": "JWT_ACCESS_TOKEN_EXPIRATION_MS",
"valueFrom": "arn:aws:ssm:ap-northeast-1:844790362879:parameter/JWT_ACCESS_TOKEN_EXPIRATION_MS"
},
{
"name": "JWT_REFRESH_TOKEN_EXPIRATION_MS",
"valueFrom": "arn:aws:ssm:ap-northeast-1:844790362879:parameter/JWT_REFRESH_TOKEN_EXPIRATION_MS"
},
{
"name": "JWT_SECRET",
"valueFrom": "arn:aws:ssm:ap-northeast-1:844790362879:parameter/JWT_SECRET"
},
{
"name": "MAILGUN_API_KEY",
"valueFrom": "arn:aws:ssm:ap-northeast-1:844790362879:parameter/MAILGUN_API_KEY"
},
{
"name": "MAILGUN_DOMAIN",
"valueFrom": "arn:aws:ssm:ap-northeast-1:844790362879:parameter/MAILGUN_DOMAIN"
},
{
"name": "SPRING_PROFILES_ACTIVE",
"valueFrom": "arn:aws:ssm:ap-northeast-1:844790362879:parameter/SPRING_PROFILES_ACTIVE"
},
{
"name": "VERIFICATION_EXPIRE_SECONDS",
"valueFrom": "arn:aws:ssm:ap-northeast-1:844790362879:parameter/VERIFICATION_EXPIRE_SECONDS"
}
],
"ulimits": [],
"logConfiguration": {
"logDriver": "awslogs",
"options": {
"awslogs-create-group": "true",
"awslogs-group": "/ecs/girok-server-prod",
"awslogs-region": "ap-northeast-1",
"awslogs-stream-prefix": "ecs"
},
"secretOptions": []
}
}
],
"family": "girok-server-prod",
"taskRoleArn": "arn:aws:iam::844790362879:role/girok-server-dev-role",
"executionRoleArn": "arn:aws:iam::844790362879:role/girok-server-dev-role",
"networkMode": "awsvpc",
"revision": 3,
"volumes": [],
"status": "ACTIVE",
"requiresAttributes": [
{
"name": "com.amazonaws.ecs.capability.logging-driver.awslogs"
},
{
"name": "ecs.capability.execution-role-awslogs"
},
{
"name": "com.amazonaws.ecs.capability.ecr-auth"
},
{
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.19"
},
{
"name": "com.amazonaws.ecs.capability.task-iam-role"
},
{
"name": "ecs.capability.execution-role-ecr-pull"
},
{
"name": "ecs.capability.secrets.ssm.environment-variables"
},
{
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.18"
},
{
"name": "ecs.capability.task-eni"
},
{
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.29"
}
],
"placementConstraints": [],
"compatibilities": [
"EC2",
"FARGATE"
],
"requiresCompatibilities": [
"FARGATE"
],
"cpu": "512",
"memory": "1024",
"runtimePlatform": {
"cpuArchitecture": "X86_64",
"operatingSystemFamily": "LINUX"
},
"registeredAt": "2024-02-11T17:55:36.545Z",
"registeredBy": "arn:aws:iam::844790362879:root",
"tags": []
}
106 changes: 106 additions & 0 deletions .github/workflows/prod.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,106 @@
# This workflow will build and push a new container image to Amazon ECR,
# and then will deploy a new task definition to Amazon ECS, when there is a push to the "main" branch.
#
# To use this workflow, you will need to complete the following set-up steps:
#
# 1. Create an ECR repository to store your images.
# For example: `aws ecr create-repository --repository-name my-ecr-repo --region us-east-2`.
# Replace the value of the `ECR_REPOSITORY` environment variable in the workflow below with your repository's name.
# Replace the value of the `AWS_REGION` environment variable in the workflow below with your repository's region.
#
# 2. Create an ECS task definition, an ECS cluster, and an ECS service.
# For example, follow the Getting Started guide on the ECS console:
# https://us-east-2.console.aws.amazon.com/ecs/home?region=us-east-2#/firstRun
# Replace the value of the `ECS_SERVICE` environment variable in the workflow below with the name you set for the Amazon ECS service.
# Replace the value of the `ECS_CLUSTER` environment variable in the workflow below with the name you set for the cluster.
#
# 3. Store your ECS task definition as a JSON file in your repository.
# The format should follow the output of `aws ecs register-task-definition --generate-cli-skeleton`.
# Replace the value of the `ECS_TASK_DEFINITION` environment variable in the workflow below with the path to the JSON file.
# Replace the value of the `CONTAINER_NAME` environment variable in the workflow below with the name of the container
# in the `containerDefinitions` section of the task definition.
#
# 4. Store an IAM user access key in GitHub Actions secrets named `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY`.
# See the documentation for each action used below for the recommended IAM policies for this IAM user,
# and best practices on handling the access key credentials.

name: Development CI/CD Pipeline

on:
push:
branches: [ "main" ]

env:
AWS_REGION: ap-northeast-1 # set this to your preferred AWS region, e.g. us-west-1
ECR_REPOSITORY: girok-server-prod # set this to your Amazon ECR repository name
ECS_SERVICE: girok-server-prod # set this to your Amazon ECS service name
ECS_CLUSTER: GirokServerCluster # set this to your Amazon ECS cluster name
ECS_TASK_DEFINITION: .aws/task-definition-prod.json # set this to the path to your Amazon ECS task definition
# file, e.g. .aws/task-definition.json
CONTAINER_NAME: girok-server-prod # set this to the name of the container in the
# containerDefinitions section of your task definition

permissions:
contents: read

jobs:
deploy:
name: Deploy
runs-on: ubuntu-latest
environment: production

steps:
- name: Checkout
uses: actions/checkout@v3

- name: Set up JDK 17
uses: actions/setup-java@v3
with:
java-version: '17'
distribution: 'temurin'

- name: Run chmod to make gradlew executable
run: chmod +x ./gradlew

- name: Build with Gradle
run: ./gradlew build

- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ env.AWS_REGION }}

- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1

- name: Build, tag, and push image to Amazon ECR
id: build-image
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
IMAGE_TAG: ${{ github.sha }}
run: |
# Build a docker container and
# push it to ECR so that it can
# be deployed to ECS.
docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
echo "image=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT
- name: Fill in the new image ID in the Amazon ECS task definition
id: task-def
uses: aws-actions/amazon-ecs-render-task-definition@v1
with:
task-definition: ${{ env.ECS_TASK_DEFINITION }}
container-name: ${{ env.CONTAINER_NAME }}
image: ${{ steps.build-image.outputs.image }}

- name: Deploy Amazon ECS task definition
uses: aws-actions/amazon-ecs-deploy-task-definition@v1
with:
task-definition: ${{ steps.task-def.outputs.task-definition }}
service: ${{ env.ECS_SERVICE }}
cluster: ${{ env.ECS_CLUSTER }}
wait-for-service-stability: true

0 comments on commit 1755155

Please sign in to comment.