feat: auto deploy dev

magi-sche-org · Feb 25, 2024 · 42cd302 · 42cd302
1 parent 881fb27
commit 42cd302
Show file tree

Hide file tree

Showing 3 changed files with 181 additions and 0 deletions.
diff --git a/.github/workflows/deploy_dev.yaml b/.github/workflows/deploy_dev.yaml
@@ -0,0 +1,112 @@
+name: Build and Push Docker Image
+
+on:
+  push:
+    branches:
+      - develop
+env:
+  ENV: dev
+  AWS_REGION: ap-northeast-1
+  AWS_ACCOUNT_ID: 905418376731
+
+jobs:
+  build-and-push:
+    outputs:
+      ecr_image_name: ${{ steps.set_outputs.outputs.ecr_image_name }}
+    runs-on: ubuntu-latest
+    permissions:
+      packages: write
+      id-token: write
+      contents: read
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: configure aws credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: arn:aws:iam::905418376731:role/magische-${{ env.ENV }}-webfront-deploy
+          aws-region: ${{ env.AWS_REGION }}
+
+      - name: login to ecr
+        uses: aws-actions/amazon-ecr-login@v1
+        id: login-ecr
+
+      - id: set_env
+        name: set env
+        run: |
+          echo "image_tag=build-$(date +%Y%m%d)-${{ github.sha }}" >> $GITHUB_OUTPUT
+          echo "ecr_repository_name=${{ steps.login-ecr.outputs.registry }}/magische-${{ env.ENV }}-webfront" >> $GITHUB_OUTPUT
+
+      - id: set_outputs
+        name: set outputs
+        run: |
+          echo "ecr_image_name=${{ steps.set_env.outputs.ecr_repository_name }}:${{ steps.set_env.outputs.image_tag }}" >> $GITHUB_OUTPUT
+
+      - uses: docker/metadata-action@v5
+        id: meta
+        with:
+          images: |
+            ghcr.io/${{ github.repository }}
+            ${{ steps.set_env.outputs.ecr_repository_name }}
+          tags: |
+            type=raw,value=${{ steps.set_env.outputs.image_tag }}
+            type=raw,value=latest
+
+      - name: Build and push
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          file: ./Dockerfile
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          target: deploy
+          platforms: linux/amd64,linux/arm64
+
+  deploy:
+    permissions:
+      id-token: write
+      contents: read
+    needs: [build-and-push]
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: configure aws credentials
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          role-to-assume: arn:aws:iam::905418376731:role/magische-${{ env.ENV }}-webfront-deploy
+          aws-region: ${{ env.AWS_REGION }}
+
+      - uses: kayac/ecspresso@v2
+        with:
+          version-file: ./infra/ecs/.ecspresso-version
+
+      - working-directory: ./infra/ecs
+        run: |
+          ecspresso deploy --config ecspresso.yml
+        env:
+          AWS_REGION: ${{ env.AWS_REGION }}
+          AWS_ACCOUNT_ID: ${{ env.AWS_ACCOUNT_ID }}
+          ENV: ${{ env.ENV }}
+          IMAGE_NAME: ${{ needs.build-and-push.outputs.ecr_image_name }}
+          CPU: 256
+          MEMORY: 512
+          CPU_ARCHITECTURE: ARM64
+          API_ENDPOINT: https://api.dev.magi-sche.net
diff --git a/infra/ecs/ecs-task-def.jsonnet b/infra/ecs/ecs-task-def.jsonnet
@@ -0,0 +1,61 @@
+{
+  containerDefinitions: [
+    {
+      cpu: 0,
+      essential: true,
+      image: '{{ must_env `IMAGE_NAME` }}',
+      logConfiguration: {
+        logDriver: 'awslogs',
+        options: {
+          'awslogs-group': '/ecs/magische-{{ must_env `ENV` }}-webfront-server',
+          'awslogs-region': '{{ must_env `AWS_REGION` }}',
+          'awslogs-stream-prefix': 'magische-{{ must_env `ENV` }}-webfront-server',
+        },
+      },
+      name: 'magische-{{ must_env `ENV` }}-webfront',
+      portMappings: [
+        {
+          appProtocol: '',
+          containerPort: 3000,
+          hostPort: 3000,
+          protocol: 'tcp',
+        },
+      ],
+      environment: [
+        {
+          name: 'NEXT_PUBLIC_GO_ENDPOINT',
+          value: '{{ must_env `API_ENDPOINT` }}',
+        },
+      ],
+    },
+  ],
+  cpu: '{{ must_env `CPU` }}',
+  executionRoleArn: 'arn:aws:iam::905418376731:role/magische-{{ must_env `ENV` }}-webfront-server-task-exec',
+  family: 'magische-{{ must_env `ENV` }}-webfront',
+  ipcMode: '',
+  memory: '{{ must_env `MEMORY` }}',
+  networkMode: 'awsvpc',
+  pidMode: '',
+  requiresCompatibilities: [
+    'FARGATE',
+  ],
+  runtimePlatform: {
+    cpuArchitecture: '{{ must_env `CPU_ARCHITECTURE` }}',
+    operatingSystemFamily: 'LINUX',
+  },
+  tags: [
+    {
+      key: 'Env',
+      value: '{{ must_env `ENV` }}',
+    },
+    {
+      key: 'Service',
+      value: 'webfront',
+    },
+    {
+      key: 'Name',
+      value: 'magische-{{ must_env `ENV` }}-webfront-server',
+    },
+  ],
+  taskRoleArn: 'arn:aws:iam::905418376731:role/magische-{{ must_env `ENV` }}-webfront-server-task',
+}
diff --git a/infra/ecs/ecspresso.jsonnet b/infra/ecs/ecspresso.jsonnet
@@ -0,0 +1,8 @@
+{
+  region: 'ap-northeast-1',
+  cluster: 'magische-{{ must_env `ENV` }}',
+  service: 'magische-{{ must_env `ENV` }}-webfront',
+  service_definition: '',
+  task_definition: 'ecs-task-def.jsonnet',
+  timeout: '10m0s',
+}