diff --git a/.github/workflows/cd-pipeline.yml b/.github/workflows/cd-pipeline.yml index a7a1961558..9f9533e8a0 100644 --- a/.github/workflows/cd-pipeline.yml +++ b/.github/workflows/cd-pipeline.yml @@ -104,19 +104,12 @@ jobs: deploy-to-staging-test: needs: create-and-post-tag - runs-on: ubuntu-latest - steps: - - name: test tag value - run: | - echo 'The tag for deployment will be ${{ needs.create-and-post-tag.outputs.newVersion }}' - # uses: ./.github/workflows/deployment.yml # needs to be deployment.yml with tag for proper reporting in Datadog - # with: - # environment: staging - # ref: release - # lambdaDeploy: true - # secrets: inherit - # with: - # newVersion: ${{ }} + uses: ./.github/workflows/deployment.yml + with: + environment: staging + ref: ${{ needs.create-and-post-tag.outputs.newVersion }} # deploy tag not SHA for Datadog reporting + lambdaDeploy: true + secrets: inherit create-release-notes: needs: create-and-post-tag diff --git a/.github/workflows/deployment.yml b/.github/workflows/deployment.yml index a3d90cdb47..9415b5868c 100644 --- a/.github/workflows/deployment.yml +++ b/.github/workflows/deployment.yml @@ -19,174 +19,175 @@ jobs: - uses: actions/checkout@v4 with: ref: ${{ inputs.ref }} - - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4.0.2 - with: - aws-access-key-id: ${{ secrets.VAEC_AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.VAEC_AWS_SECRET_ACCESS_KEY }} - aws-region: us-gov-west-1 - role-to-assume: ${{ secrets.VAEC_DEPLOY_ROLE }} - role-skip-session-tagging: true - role-duration-seconds: 1800 - - - name: Login to VAEC ECR - id: login-ecr-vaec - uses: aws-actions/amazon-ecr-login@v2 - with: - mask-password: 'true' - - - name: Render migration task definition - id: render - uses: aws-actions/amazon-ecs-render-task-definition@v1 - with: - task-definition: ./cd/application-deployment/${{ inputs.environment }}/vaec-db-migrations-task-definition.json - container-name: ${{ inputs.environment }}-notification-api-db-migrations - image: ${{ steps.login-ecr-vaec.outputs.registry }}/notification_api:${{ inputs.ref }}_${{ inputs.environment}} - environment-variables: | - DD_VERSION=${{ inputs.ref }} - docker-labels: | - VERSION=${{ inputs.ref }} - - - name: Register migration task definition - id: register - run: | - echo "arn=$(aws ecs register-task-definition --cli-input-json file://${{ steps.render.outputs.task-definition}} | jq -r '.taskDefinition.taskDefinitionArn')" >> $GITHUB_OUTPUT - - - name: Run migration task - run: | - bash ./scripts/run_ci_migrations.sh -c ${{ inputs.environment }}-notification-cluster -e ${{ inputs.environment }} -t ${{ steps.register.outputs.arn }} - - deploy-api: - runs-on: ubuntu-latest - environment: ${{ inputs.environment }} - needs: [run-migrations] - steps: - - uses: actions/checkout@v4 - with: - ref: ${{ inputs.ref }} - - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4.0.2 - with: - aws-access-key-id: ${{ secrets.VAEC_AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.VAEC_AWS_SECRET_ACCESS_KEY }} - aws-region: us-gov-west-1 - role-to-assume: ${{ secrets.VAEC_DEPLOY_ROLE }} - role-skip-session-tagging: true - role-duration-seconds: 1800 + run: echo "will be checking out tag ${{ inputs.ref }}" + + # - name: Configure AWS Credentials + # uses: aws-actions/configure-aws-credentials@v4.0.2 + # with: + # aws-access-key-id: ${{ secrets.VAEC_AWS_ACCESS_KEY_ID }} + # aws-secret-access-key: ${{ secrets.VAEC_AWS_SECRET_ACCESS_KEY }} + # aws-region: us-gov-west-1 + # role-to-assume: ${{ secrets.VAEC_DEPLOY_ROLE }} + # role-skip-session-tagging: true + # role-duration-seconds: 1800 + + # - name: Login to VAEC ECR + # id: login-ecr-vaec + # uses: aws-actions/amazon-ecr-login@v2 + # with: + # mask-password: 'true' + + # - name: Render migration task definition + # id: render + # uses: aws-actions/amazon-ecs-render-task-definition@v1 + # with: + # task-definition: ./cd/application-deployment/${{ inputs.environment }}/vaec-db-migrations-task-definition.json + # container-name: ${{ inputs.environment }}-notification-api-db-migrations + # image: ${{ steps.login-ecr-vaec.outputs.registry }}/notification_api:${{ inputs.ref }}_${{ inputs.environment}} + # environment-variables: | + # DD_VERSION=${{ inputs.ref }} + # docker-labels: | + # VERSION=${{ inputs.ref }} + + # - name: Register migration task definition + # id: register + # run: | + # echo "arn=$(aws ecs register-task-definition --cli-input-json file://${{ steps.render.outputs.task-definition}} | jq -r '.taskDefinition.taskDefinitionArn')" >> $GITHUB_OUTPUT + + # - name: Run migration task + # run: | + # bash ./scripts/run_ci_migrations.sh -c ${{ inputs.environment }}-notification-cluster -e ${{ inputs.environment }} -t ${{ steps.register.outputs.arn }} + + # deploy-api: + # runs-on: ubuntu-latest + # environment: ${{ inputs.environment }} + # needs: [run-migrations] + # steps: + # - uses: actions/checkout@v4 + # with: + # ref: ${{ inputs.ref }} + + # - name: Configure AWS Credentials + # uses: aws-actions/configure-aws-credentials@v4.0.2 + # with: + # aws-access-key-id: ${{ secrets.VAEC_AWS_ACCESS_KEY_ID }} + # aws-secret-access-key: ${{ secrets.VAEC_AWS_SECRET_ACCESS_KEY }} + # aws-region: us-gov-west-1 + # role-to-assume: ${{ secrets.VAEC_DEPLOY_ROLE }} + # role-skip-session-tagging: true + # role-duration-seconds: 1800 - - name: Login to VAEC ECR - id: login-ecr-vaec - uses: aws-actions/amazon-ecr-login@v2 - with: - mask-password: 'true' - - - name: Render API task definition - id: render-api-container - uses: aws-actions/amazon-ecs-render-task-definition@v1 - with: - task-definition: ./cd/application-deployment/${{ inputs.environment }}/vaec-api-task-definition.json - container-name: notification-api - image: ${{ steps.login-ecr-vaec.outputs.registry }}/notification_api:${{ inputs.ref }}_${{ inputs.environment}} - environment-variables: | - DD_VERSION=${{ inputs.ref }} - docker-labels: | - VERSION=${{ inputs.ref }} - - - name: Deploy API task definition to Fargate - uses: aws-actions/amazon-ecs-deploy-task-definition@v1 - with: - task-definition: ${{ steps.render-api-container.outputs.task-definition }} - service: ${{ inputs.environment }}-notification-api-service - cluster: ${{ inputs.environment }}-notification-cluster - wait-for-service-stability: true - - deploy-celery: - runs-on: ubuntu-latest - needs: [run-migrations] - steps: - - uses: actions/checkout@v4 - with: - ref: ${{ inputs.ref }} - - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4.0.2 - with: - aws-access-key-id: ${{ secrets.VAEC_AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.VAEC_AWS_SECRET_ACCESS_KEY }} - aws-region: us-gov-west-1 - role-to-assume: ${{ secrets.VAEC_DEPLOY_ROLE }} - role-skip-session-tagging: true - role-duration-seconds: 1800 + # - name: Login to VAEC ECR + # id: login-ecr-vaec + # uses: aws-actions/amazon-ecr-login@v2 + # with: + # mask-password: 'true' + + # - name: Render API task definition + # id: render-api-container + # uses: aws-actions/amazon-ecs-render-task-definition@v1 + # with: + # task-definition: ./cd/application-deployment/${{ inputs.environment }}/vaec-api-task-definition.json + # container-name: notification-api + # image: ${{ steps.login-ecr-vaec.outputs.registry }}/notification_api:${{ inputs.ref }}_${{ inputs.environment}} + # environment-variables: | + # DD_VERSION=${{ inputs.ref }} + # docker-labels: | + # VERSION=${{ inputs.ref }} + + # - name: Deploy API task definition to Fargate + # uses: aws-actions/amazon-ecs-deploy-task-definition@v1 + # with: + # task-definition: ${{ steps.render-api-container.outputs.task-definition }} + # service: ${{ inputs.environment }}-notification-api-service + # cluster: ${{ inputs.environment }}-notification-cluster + # wait-for-service-stability: true + + # deploy-celery: + # runs-on: ubuntu-latest + # needs: [run-migrations] + # steps: + # - uses: actions/checkout@v4 + # with: + # ref: ${{ inputs.ref }} + + # - name: Configure AWS Credentials + # uses: aws-actions/configure-aws-credentials@v4.0.2 + # with: + # aws-access-key-id: ${{ secrets.VAEC_AWS_ACCESS_KEY_ID }} + # aws-secret-access-key: ${{ secrets.VAEC_AWS_SECRET_ACCESS_KEY }} + # aws-region: us-gov-west-1 + # role-to-assume: ${{ secrets.VAEC_DEPLOY_ROLE }} + # role-skip-session-tagging: true + # role-duration-seconds: 1800 - - name: Login to VAEC ECR - id: login-ecr-vaec - uses: aws-actions/amazon-ecr-login@v2 - with: - mask-password: 'true' - - - name: Render celery task definition - id: render-celery-container - uses: aws-actions/amazon-ecs-render-task-definition@v1 - with: - task-definition: ./cd/application-deployment/${{ inputs.environment }}/vaec-celery-task-definition.json - container-name: notification-celery - image: ${{ steps.login-ecr-vaec.outputs.registry }}/notification_api:${{ inputs.ref }}_${{ inputs.environment}} - environment-variables: | - DD_VERSION=${{ inputs.ref }} - docker-labels: | - VERSION=${{ inputs.ref }} - - - name: Deploy celery task definition to Fargate - uses: aws-actions/amazon-ecs-deploy-task-definition@v1 - with: - task-definition: ${{ steps.render-celery-container.outputs.task-definition }} - service: ${{ inputs.environment }}-notification-celery-service - cluster: ${{ inputs.environment }}-notification-cluster - wait-for-service-stability: true - - deploy-celery-beat: - runs-on: ubuntu-latest - needs: [run-migrations] - steps: - - uses: actions/checkout@v4 - with: - ref: ${{ inputs.ref }} - - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4.0.2 - with: - aws-access-key-id: ${{ secrets.VAEC_AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.VAEC_AWS_SECRET_ACCESS_KEY }} - aws-region: us-gov-west-1 - role-to-assume: ${{ secrets.VAEC_DEPLOY_ROLE }} - role-skip-session-tagging: true - role-duration-seconds: 1800 - - - name: Login to VAEC ECR - id: login-ecr-vaec - uses: aws-actions/amazon-ecr-login@v2 - with: - mask-password: 'true' - - - name: Render celery beat task definition - id: render-celery-beat-container - uses: aws-actions/amazon-ecs-render-task-definition@v1 - with: - task-definition: ./cd/application-deployment/${{ inputs.environment }}/vaec-celery-beat-task-definition.json - container-name: notification-celery-beat - image: ${{ steps.login-ecr-vaec.outputs.registry }}/notification_api:${{ inputs.ref }}_${{ inputs.environment}} - environment-variables: | - DD_VERSION=${{ inputs.ref }} - docker-labels: | - VERSION=${{ inputs.ref }} - - - name: Deploy celery beat task definition to Fargate - uses: aws-actions/amazon-ecs-deploy-task-definition@v1 - with: - task-definition: ${{ steps.render-celery-beat-container.outputs.task-definition }} - service: ${{ inputs.environment }}-notification-celery-beat-service - cluster: ${{ inputs.environment }}-notification-cluster - wait-for-service-stability: true + # - name: Login to VAEC ECR + # id: login-ecr-vaec + # uses: aws-actions/amazon-ecr-login@v2 + # with: + # mask-password: 'true' + + # - name: Render celery task definition + # id: render-celery-container + # uses: aws-actions/amazon-ecs-render-task-definition@v1 + # with: + # task-definition: ./cd/application-deployment/${{ inputs.environment }}/vaec-celery-task-definition.json + # container-name: notification-celery + # image: ${{ steps.login-ecr-vaec.outputs.registry }}/notification_api:${{ inputs.ref }}_${{ inputs.environment}} + # environment-variables: | + # DD_VERSION=${{ inputs.ref }} + # docker-labels: | + # VERSION=${{ inputs.ref }} + + # - name: Deploy celery task definition to Fargate + # uses: aws-actions/amazon-ecs-deploy-task-definition@v1 + # with: + # task-definition: ${{ steps.render-celery-container.outputs.task-definition }} + # service: ${{ inputs.environment }}-notification-celery-service + # cluster: ${{ inputs.environment }}-notification-cluster + # wait-for-service-stability: true + + # deploy-celery-beat: + # runs-on: ubuntu-latest + # needs: [run-migrations] + # steps: + # - uses: actions/checkout@v4 + # with: + # ref: ${{ inputs.ref }} + + # - name: Configure AWS Credentials + # uses: aws-actions/configure-aws-credentials@v4.0.2 + # with: + # aws-access-key-id: ${{ secrets.VAEC_AWS_ACCESS_KEY_ID }} + # aws-secret-access-key: ${{ secrets.VAEC_AWS_SECRET_ACCESS_KEY }} + # aws-region: us-gov-west-1 + # role-to-assume: ${{ secrets.VAEC_DEPLOY_ROLE }} + # role-skip-session-tagging: true + # role-duration-seconds: 1800 + + # - name: Login to VAEC ECR + # id: login-ecr-vaec + # uses: aws-actions/amazon-ecr-login@v2 + # with: + # mask-password: 'true' + + # - name: Render celery beat task definition + # id: render-celery-beat-container + # uses: aws-actions/amazon-ecs-render-task-definition@v1 + # with: + # task-definition: ./cd/application-deployment/${{ inputs.environment }}/vaec-celery-beat-task-definition.json + # container-name: notification-celery-beat + # image: ${{ steps.login-ecr-vaec.outputs.registry }}/notification_api:${{ inputs.ref }}_${{ inputs.environment}} + # environment-variables: | + # DD_VERSION=${{ inputs.ref }} + # docker-labels: | + # VERSION=${{ inputs.ref }} + + # - name: Deploy celery beat task definition to Fargate + # uses: aws-actions/amazon-ecs-deploy-task-definition@v1 + # with: + # task-definition: ${{ steps.render-celery-beat-container.outputs.task-definition }} + # service: ${{ inputs.environment }}-notification-celery-beat-service + # cluster: ${{ inputs.environment }}-notification-cluster + # wait-for-service-stability: true