-
-
Notifications
You must be signed in to change notification settings - Fork 6
140 lines (129 loc) · 4.8 KB
/
cd-ecs.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
name: |-
CD - Deploy to ECS with Spacelift
Deploy Docker image to ECS with Spacelift
### Usage
```yaml
name: Deploy
on:
push:
branches: [ main ]
jobs:
cd:
uses: cloudposse/github-actions-workflows/.github/workflows/cd-ecs.yml@main
with:
image: registry.hub.docker.com/library/nginx
tag: latest
repository: $\{\{ github.event.repository.name \}\}
environment: dev
spacelift-organization: $\{\{ inputs.spacelift-organization \}\}
secrets:
secret-outputs-passphrase: "$\{\{ secrets.secret-outputs-passphrase \}\}"
github-private-actions-pat: "$\{\{ secrets.github-private-actions-pat \}\}"
spacelift-api-key-id: "$\{\{ secrets.spacelift-api-key-id \}\}"
spacelift-api-key-secret: "$\{\{ secrets.spacelift-api-key-secret \}\}"
```
on:
workflow_call:
inputs:
image:
description: "Docker Image to deploy"
required: true
type: string
tag:
description: "Docker Image tag to deploy"
required: true
type: string
repository:
description: "Repository name (ex. example for repo acme/example)"
required: true
type: string
app:
description: "Application name. Used with monorepo pattern when there are several applications in the repo"
required: false
type: string
environment:
description: "Environment name deploy to"
type: string
required: true
spacelift-organization:
description: "Spacelift organization name"
type: string
required: true
matrix-step-name:
description: "Matrix step name - matrix output workaround. [Read more](https://github.com/cloudposse/github-action-matrix-outputs-write#introduction)"
required: false
type: string
matrix-key:
description: "Matrix key - matrix output workaround. [Read more](https://github.com/cloudposse/github-action-matrix-outputs-write#introduction)"
required: false
type: string
runs-on:
description: "Overrides job runs-on setting (json-encoded list)"
type: string
required: false
default: '["ubuntu-latest"]'
secrets:
secret-outputs-passphrase:
description: "Passphrase to encrypt/decrypt secret outputs with gpg. For more information [read](https://github.com/cloudposse/github-action-secret-outputs)"
required: true
github-private-actions-pat:
description: "Github PAT allow to pull private repos"
required: true
spacelift-api-key-id:
description: "Spacelift API Key ID"
required: true
spacelift-api-key-secret:
description: "Spacelift API Key Secret"
required: true
permissions:
id-token: write
contents: read
jobs:
deploy:
runs-on: ${{ fromJSON(inputs.runs-on) }}
environment:
name: ${{ inputs.environment }}
url: ${{ steps.deploy.outputs.webapp-url }}
steps:
- uses: cloudposse/[email protected]
id: image
with:
secret: ${{ secrets.secret-outputs-passphrase }}
op: decode
in: ${{ inputs.image }}
- name: Checkout
uses: actions/checkout@v4
- name: Environment Info
uses: cloudposse/[email protected]
id: environment
with:
implementation_repository: cloudposse/actions-private
implementation_path: 'ecs-environments'
implementation_ref: main
implementation_github_pat: ${{ secrets.github-private-actions-pat }}
environment: ${{ inputs.environment }}
namespace: ${{ inputs.environment }}
repository: ${{ inputs.repository }}
application: ${{ inputs.app }}
- name: Configure AWS Credentials
uses: aws-actions/[email protected]
with:
aws-region: ${{ steps.environment.outputs.region }}
role-to-assume: ${{ steps.environment.outputs.role }}
role-skip-session-tagging: true
- name: Deploy
uses: cloudposse/[email protected]
id: deploy
with:
stack: ${{ steps.environment.outputs.cluster }}
region: ${{ steps.environment.outputs.region }}
ssm-path: ${{ steps.environment.outputs.ssm-path }}
namespace: ${{ steps.environment.outputs.namespace }}
image: ${{ steps.image.outputs.out }}
image-tag: ${{ inputs.tag }}
operation: deploy
debug: false
github_token: ${{ secrets.github-private-actions-pat }}
organization: ${{ inputs.spacelift-organization }}
api_key_id: ${{ secrets.spacelift-api-key-id }}
api_key_secret: ${{ secrets.spacelift-api-key-secret }}