From ac173113a1c9f7bde3d5a8c9e21902a58d956a23 Mon Sep 17 00:00:00 2001
From: Nischal Shrestha <39024181+nischalstha9@users.noreply.github.com>
Date: Thu, 13 Jun 2024 13:00:22 +0545
Subject: [PATCH] Add CICD to Deploy to NAXA ECS (#4)

* CI: add ci to recreate on AWS

* CI: fix: permissions added for OIDC

* CI: fix: spec in ECS Service

* CI: fix: spec definition in ECS Service

* CI: use secrets

* Optimized for main branch
---
 .github/workflows/build_and_deploy.yml | 87 ++++++++++++++++++++++++++
 1 file changed, 87 insertions(+)
 create mode 100644 .github/workflows/build_and_deploy.yml

diff --git a/.github/workflows/build_and_deploy.yml b/.github/workflows/build_and_deploy.yml
new file mode 100644
index 00000000..6201146a
--- /dev/null
+++ b/.github/workflows/build_and_deploy.yml
@@ -0,0 +1,87 @@
+name: Build and Deploy Drone Tasking Manager
+
+on:
+  push:
+    branches:
+      - main
+  workflow_dispatch:
+
+permissions:
+  id-token: write
+  contents: read
+
+env:
+  AWS_REGION: ap-south-1
+  ECR_REGISTRY: 685797548389.dkr.ecr.ap-south-1.amazonaws.com
+  ECR_REPOSITORY: dtmweb
+
+jobs:
+  build:
+    name: Build Docker image
+    runs-on: ubuntu-latest
+    environment:
+      name: ${{ github.ref_name }}
+    steps:
+      - name: Clone repository
+        uses: actions/checkout@v3
+        with:
+          ref: ${{ github.ref_name }}
+
+      - name: Setup AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          audience: sts.amazonaws.com
+          aws-region: ${{ env.AWS_REGION }}
+          role-session-name: GH-Actions-${{ github.run_id }}-${{ github.run_attempt }}
+          role-to-assume: ${{ secrets.AWS_OIDC_ROLE_ARN }}
+
+      - name: Login to Amazon ECR
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@v1
+
+      - name: Build and Push Docker Image
+        id: build-image
+        run: |
+          docker build -f ./src/backend/Dockerfile -t ${{ env.ECR_REGISTRY }}/${{ env.ECR_REPOSITORY }}:${{ github.ref_name }} .
+          docker push ${{ env.ECR_REGISTRY }}/${{ env.ECR_REPOSITORY }}:${{ github.ref_name }}
+
+      - name: Image Digest
+        run: echo ImageDigest:${{ steps.build-image.outputs.imageDigest }}
+
+  deploy_to_ecs:
+    name: Deploy to ECS
+    needs:
+      - build
+    runs-on: ubuntu-latest
+    environment:
+      name: ${{ github.ref_name }}
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      - name: Setup AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          audience: sts.amazonaws.com
+          aws-region: ${{ env.AWS_REGION }}
+          role-session-name: GH-Actions-${{ github.run_id }}-${{ github.run_attempt }}
+          role-to-assume: ${{ secrets.AWS_OIDC_ROLE_ARN }}
+
+      - name: Get Web App task definition
+        id: get-web-app-task-definition
+        shell: bash
+        run: |
+          TASK_DEFINITION_ARN=$(aws ecs describe-task-definition --task-definition fastapi-tdf --region ${{ env.AWS_REGION }} --query 'taskDefinition.taskDefinitionArn')
+          echo "TASK_DEFINITION_ARN=${TASK_DEFINITION_ARN}" >> $GITHUB_OUTPUT
+
+      - name: ECS Service
+        uses: scribd/amazon-ecs-service-action@v1
+        with:
+          force-new-deployment: true
+          spec: |
+            {
+              "taskDefinition": ${{ steps.get-web-app-task-definition.outputs.TASK_DEFINITION_ARN }},
+              "cluster": "${{ secrets.ECS_CLUSTER_NAME }}",
+              "serviceName": "${{ secrets.ECS_SERVICE_NAME }}"
+            }
+          wait-until-deployment-complete: true