-
Notifications
You must be signed in to change notification settings - Fork 9
134 lines (109 loc) · 3.85 KB
/
cd-prod.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
name: CD - Production
on:
workflow_dispatch:
env:
AWS_REGION: ap-northeast-2
ECS_CLUSTER: Codedang-Api
permissions: # permissions to the job (for the OpenID Connection)
id-token: write
contents: read
jobs:
# TODO: trigger Amplify deployment
build-client-api:
name: Build client-api image
runs-on: ubuntu-latest
steps:
- name: Setup Docker Buildx
uses: docker/setup-buildx-action@v3
- uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.AWS_ROLE_FOR_ECR_PUSH }}
aws-region: ${{ env.AWS_REGION }}
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
- name: Build and push image
uses: docker/build-push-action@v5
with:
file: ./apps/backend/Dockerfile
push: true
build-args: 'target=client'
tags: ${{ steps.login-ecr.outputs.registry }}/codedang-client-api:latest
build-admin-api:
name: Build admin-api image
runs-on: ubuntu-latest
steps:
- name: Setup Docker Buildx
uses: docker/setup-buildx-action@v3
- uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.AWS_ROLE_FOR_ECR_PUSH }}
aws-region: ${{ env.AWS_REGION }}
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
- name: Build and push image
uses: docker/build-push-action@v5
with:
file: ./apps/backend/Dockerfile
push: true
build-args: 'target=admin'
tags: ${{ steps.login-ecr.outputs.registry }}/codedang-admin-api:latest
build-iris:
name: Build iris Docker image
runs-on: ubuntu-latest
steps:
- name: Setup Docker Buildx
uses: docker/setup-buildx-action@v3
- uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.AWS_ROLE_FOR_ECR_PUSH }}
aws-region: ${{ env.AWS_REGION }}
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
- name: Build and push image (iris)
uses: docker/build-push-action@v5
with:
push: true
context: '{{defaultContext}}:apps/iris'
tags: ${{ steps.login-ecr.outputs.registry }}/codedang-iris:latest
deploy:
name: Deploy
runs-on: ubuntu-latest
needs: [build-client-api, build-admin-api, build-iris]
environment: production
defaults:
run:
shell: bash
steps:
- uses: actions/checkout@v4
- uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.AWS_ROLE_FOR_DEPLOY }}
aws-region: ${{ env.AWS_REGION }}
- name: Trigger Amplify Frontend Build
run: curl -X POST -d {} "${{ secrets.AMPLIFY_WEBHOOK }}" -H "Content-Type:application/json"
- uses: hashicorp/setup-terraform@v3
with:
terraform_version: 1.5.2
- name: Create Terraform variable file
working-directory: ./apps/infra/deploy
run: |
echo "$TFVARS" >> terraform.tfvars
echo "$OAUTH_GITHUB" >> terraform.tfvars
echo "$OAUTH_KAKAO" >> terraform.tfvars
env:
TFVARS: ${{ secrets.TFVARS }}
OAUTH_GITHUB: ${{ secrets.OAUTH_GITHUB }}
OAUTH_KAKAO: ${{ secrets.OAUTH_KAKAO }}
- name: Terraform Init
working-directory: ./apps/infra/deploy
run: terraform init -upgrade
# TODO: plan in the other job, and reuse the plan file
- name: Terraform Plan
working-directory: ./apps/infra/deploy
run: terraform plan -target=module.codedang-infra -input=false
- name: Terraform Apply
working-directory: ./apps/infra/deploy
run: terraform apply -target=module.codedang-infra -auto-approve -input=false