diff --git a/.github/workflows/cd-server.yaml b/.github/workflows/cd-server.yaml index 1b4bba94b4..295d3c4c47 100644 --- a/.github/workflows/cd-server.yaml +++ b/.github/workflows/cd-server.yaml @@ -15,28 +15,31 @@ on: required: true type: string description: Provide tag (Eg:v3.14.0) - +permissions: + id-token: write + contents: write + packages: read + actions: read env: - SERVICE_NAME: conductor-server + SERVICE_NAME: conductor AWS_REGION: "ap-south-1" - + HELM_CHART_NAME: "application-helm-chart" jobs: prepare-env: name: Prepare Env - runs-on: 'ubuntu-latest' + runs-on: "ubuntu-latest" timeout-minutes: 2 outputs: AWS_ROLE: ${{ steps.vars.outputs.AWS_ROLE }} ENV: ${{ steps.vars.outputs.ENV }} PROJECT_PREFIX: ${{ steps.vars.outputs.PROJECT_PREFIX }} - ECS_CLUSTER: ${{ steps.set_env.outputs.ECS_CLUSTER }} - ECS_SERVICE: ${{ steps.set_env.outputs.ECS_SERVICE }} - TASK_DEFINITION: ${{ steps.set_env.outputs.TASK_DEFINITION }} - CONTAINER_NAME: ${{ steps.set_env.outputs.CONTAINER_NAME }} + K8S_CLUSTER: ${{ steps.set_env.outputs.K8S_CLUSTER }} ECR_REPOSITORY: ${{ steps.set_env.outputs.ECR_REPOSITORY }} + ENVIRONMENT_BUCKET: ${{ steps.set_env.outputs.ENVIRONMENT_BUCKET }} SLACK_WEBHOOK_URL: ${{ steps.vars.outputs.SLACK_WEBHOOK_URL }} - + AWS_ACCOUNT_ID: ${{ steps.vars.outputs.AWS_ACCOUNT_ID}} + steps: - id: vars shell: bash @@ -45,7 +48,7 @@ jobs: ENV=${{ github.event.inputs.environment }} IMAGE_TAG=${{ github.event.inputs.tag }} echo $BRANCH - + if [ -z "$ENV" ] then case $BRANCH in @@ -67,17 +70,20 @@ jobs: then echo "AWS_ROLE=PRD_AWS_ROLE" >> $GITHUB_OUTPUT echo "PROJECT_PREFIX=sirn-prd-mb" >> $GITHUB_OUTPUT - echo "SLACK_WEBHOOK_URL=PRD_SLACK_WEBHOOK_URL" >> $GITHUB_OUTPUT + echo "SLACK_WEBHOOK_URL=PRD_SLACK_WEBHOOK_URL" >> $GITHUB_OUTPUT + echo "AWS_ACCOUNT_ID=PRD_AWS_ACCOUNT_ID" >> $GITHUB_OUTPUT elif [ $ENV == 'stg' ] then echo "AWS_ROLE=STG_AWS_ROLE" >> $GITHUB_OUTPUT echo "PROJECT_PREFIX=sirn-stg-mb" >> $GITHUB_OUTPUT - echo "SLACK_WEBHOOK_URL=DEV_SLACK_WEBHOOK_URL" >> $GITHUB_OUTPUT + echo "SLACK_WEBHOOK_URL=DEV_SLACK_WEBHOOK_URL" >> $GITHUB_OUTPUT + echo "AWS_ACCOUNT_ID=NON_PRD_AWS_ACCOUNT_ID" >> $GITHUB_OUTPUT elif [ $ENV == 'dev' ] then echo "AWS_ROLE=DEV_AWS_ROLE" >> $GITHUB_OUTPUT echo "PROJECT_PREFIX=sirn-dev-mb" >> $GITHUB_OUTPUT echo "SLACK_WEBHOOK_URL=DEV_SLACK_WEBHOOK_URL" >> $GITHUB_OUTPUT + echo "AWS_ACCOUNT_ID=NON_PRD_AWS_ACCOUNT_ID" >> $GITHUB_OUTPUT else echo "Branch not configured!" exit 1 @@ -89,34 +95,27 @@ jobs: id: set_env run: | PROJECT_PREFIX=${{ steps.vars.outputs.PROJECT_PREFIX }} - echo "ECR_REPOSITORY=$PROJECT_PREFIX-ecr-$SERVICE_NAME" >> $GITHUB_OUTPUT - echo "ECS_CLUSTER=$PROJECT_PREFIX-ecs-cluster" >> $GITHUB_OUTPUT - echo "ECS_SERVICE=$PROJECT_PREFIX-svc-$SERVICE_NAME" >> $GITHUB_OUTPUT - echo "TASK_DEFINITION=$PROJECT_PREFIX-td-$SERVICE_NAME" >> $GITHUB_OUTPUT - echo "CONTAINER_NAME=$PROJECT_PREFIX-cntr-$SERVICE_NAME" >> $GITHUB_OUTPUT + echo "K8S_CLUSTER=$PROJECT_PREFIX-prime" >> $GITHUB_OUTPUT + echo "ENVIRONMENT_BUCKET=$PROJECT_PREFIX-s3-environment" >> $GITHUB_OUTPUT echo ":seedling: Branch:${GITHUB_REF#refs/heads/}" >> $GITHUB_STEP_SUMMARY - + echo "ECR_REPOSITORY=$PROJECT_PREFIX-ecr-conductor-server" >> $GITHUB_OUTPUT + # Deploy Conductor UI Image to ECS - deploy-server-image: - name: Deploy Server Image - runs-on: 'ubuntu-latest' - timeout-minutes: 20 + deploy-to-k8s: + name: Deploy to k8s + runs-on: ubuntu-latest + container: + image: public.ecr.aws/kvsiren-dev/pipeline/helm-deploy:latest + timeout-minutes: 15 permissions: id-token: write pull-requests: write contents: read - needs: prepare-env + needs: + - prepare-env env: - AWS_ROLE: ${{ needs.prepare-env.outputs.AWS_ROLE }} - ENV: ${{ needs.prepare-env.outputs.ENV }} - PROJECT_PREFIX: ${{needs.prepare-env.outputs.PROJECT_PREFIX}} - ECR_REPOSITORY: ${{needs.prepare-env.outputs.ECR_REPOSITORY}} - IMAGE_TAG: ${{ github.event.inputs.tag }} - ECS_CLUSTER: ${{ needs.prepare-env.outputs.ECS_CLUSTER }} - ECS_SERVICE: ${{ needs.prepare-env.outputs.ECS_SERVICE }} - TASK_DEFINITION: ${{ needs.prepare-env.outputs.TASK_DEFINITION }} - CONTAINER_NAME: ${{ needs.prepare-env.outputs.CONTAINER_NAME }} - + AWS_ACCOUNT_ID: ${{ needs.prepare-env.outputs.AWS_ACCOUNT_ID }} + ECR_REPOSITORY: ${{ needs.prepare-env.outputs.ECR_REPOSITORY }} steps: - name: Checkout code from action uses: actions/checkout@v2 @@ -124,33 +123,24 @@ jobs: - name: Configure AWS credentials uses: aws-actions/configure-aws-credentials@v4 with: - role-to-assume: ${{ secrets[env.AWS_ROLE] }} + role-to-assume: arn:aws:iam::${{ vars[env.AWS_ACCOUNT_ID] }}:role/github-actions aws-region: ${{ env.AWS_REGION }} - - name: Amazon ECR Login - id: login-ecr - uses: aws-actions/amazon-ecr-login@v1.7.0 + - name: Deploy to Kubernetes + shell: bash + run: | + aws eks update-kubeconfig --name ${{ needs.prepare-env.outputs.K8S_CLUSTER }} + aws s3 cp s3://${{ needs.prepare-env.outputs.ENVIRONMENT_BUCKET }}/helm/${{ env.SERVICE_NAME }}/values.yaml ./values.yaml + cat ./values.yaml + aws ecr get-login-password --region ${{ env.AWS_REGION }} | helm registry login --username AWS --password-stdin ${{ vars[env.AWS_ACCOUNT_ID] }}.dkr.ecr.${{ env.AWS_REGION }}.amazonaws.com - - name: Check if image tag exists in ECR - id: check-image-existence - run: | - if aws ecr describe-images --repository-name "${{ env.ECR_REPOSITORY }}" --region "${{ env.AWS_REGION }}" --image-ids imageTag="${{ env.IMAGE_TAG }}" 2>&1 | grep -q "imageTag"; then - echo "Image tag $IMAGE_TAG exists in ECR" - else - echo "Error: Image tag $IMAGE_TAG does not exist in ECR" - exit 1 - fi + # Construct base Helm command + HELM_CMD="helm upgrade --install ${{ env.SERVICE_NAME }} oci://${{ vars[env.AWS_ACCOUNT_ID] }}.dkr.ecr.${{ env.AWS_REGION }}.amazonaws.com/${{ env.HELM_CHART_NAME }} \ + --namespace ${{ needs.prepare-env.outputs.ENV }} \ + --values values.yaml \ + --set default.image.repository='${{ vars[env.AWS_ACCOUNT_ID] }}.dkr.ecr.${{ env.AWS_REGION }}.amazonaws.com/${{ env.ECR_REPOSITORY }}' \ + --set default.image.tag='${{ github.event.inputs.tag }}'" - - name: Deploy backend - id: deploy_backend - uses: ./.github/actions/deploy-ecs - env: - APP_IMAGE: ${{ steps.login-ecr.outputs.registry }}/${{ env.ECR_REPOSITORY }}:${{ env.IMAGE_TAG }} - with: - aws-region : ${{ env.AWS_REGION }} - aws-role: ${{ secrets[env.AWS_ROLE] }} - task-definition: ${{ env.TASK_DEFINITION }} - container-name: ${{ env.CONTAINER_NAME }} - ecs-service: ${{ env.ECS_SERVICE }} - ecs-cluster: ${{ env.ECS_CLUSTER }} - image: ${{ env.APP_IMAGE }} \ No newline at end of file + # Run the Helm command + echo "Running: $HELM_CMD" + eval $HELM_CMD diff --git a/.github/workflows/ci-server-.yaml b/.github/workflows/ci-server-.yaml index 52d570d7e0..4cce9dae38 100644 --- a/.github/workflows/ci-server-.yaml +++ b/.github/workflows/ci-server-.yaml @@ -29,7 +29,6 @@ jobs: AWS_ROLE: ${{ steps.vars.outputs.AWS_ROLE }} ENV: ${{ steps.vars.outputs.ENV }} PROJECT_PREFIX: ${{ steps.vars.outputs.PROJECT_PREFIX }} - ECS_CLUSTER: ${{ steps.set_env.outputs.ECS_CLUSTER }} ECR_REPOSITORY: ${{ steps.set_env.outputs.ECR_REPOSITORY }} ENVIRONMENT_BUCKET: ${{ steps.set_env.outputs.ENVIRONMENT_BUCKET }} SLACK_WEBHOOK_URL: ${{ steps.vars.outputs.SLACK_WEBHOOK_URL }} @@ -88,7 +87,6 @@ jobs: id: set_env run: | PROJECT_PREFIX=${{ steps.vars.outputs.PROJECT_PREFIX }} - echo "ECS_CLUSTER=$PROJECT_PREFIX-ecs-cluster" >> $GITHUB_OUTPUT echo "ECR_REPOSITORY=$PROJECT_PREFIX-ecr-$SERVICE_NAME" >> $GITHUB_OUTPUT echo "ENVIRONMENT_BUCKET=$PROJECT_PREFIX-s3-environment" >> $GITHUB_OUTPUT echo ":seedling: Branch:${GITHUB_REF#refs/heads/}" >> $GITHUB_STEP_SUMMARY @@ -133,10 +131,6 @@ jobs: role-to-assume: ${{ secrets[env.AWS_ROLE] }} aws-region: ${{ env.AWS_REGION }} - - name: Download S3 file - run: | - aws s3 cp s3://${PROJECT_PREFIX}-s3-environment/conductor-server/conductor-server.properties ./docker/server/config/conductor-server.properties - - name: Amazon ECR Login id: login-ecr uses: aws-actions/amazon-ecr-login@v1.7.0