ECR Private for Gateways (#751) #1249
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| on: push | |
| name: Switch | |
| env: | |
| CI: true | |
| APP_REPOSITORY_NAME: switch-app | |
| WEBSERVER_REPOSITORY_NAME: switch-webserver | |
| FREESWITCH_REPOSITORY_NAME: freeswitch | |
| FREESWITCH_EVENT_LOGGER_REPOSITORY_NAME: freeswitch-events | |
| jobs: | |
| build: | |
| name: Build | |
| runs-on: ubuntu-latest | |
| outputs: | |
| matrix: ${{ steps.set-deployment-matrix.outputs.matrix }} | |
| matrixLength: ${{ steps.set-deployment-matrix.outputs.matrixLength }} | |
| deployMatrix: ${{ steps.set-deployment-matrix.outputs.deployMatrix }} | |
| defaults: | |
| run: | |
| working-directory: components/app | |
| env: | |
| AHN_ENV: test | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Setup Ruby | |
| uses: ruby/setup-ruby@v1 | |
| with: | |
| working-directory: components/app | |
| bundler-cache: true | |
| - name: Run Specs | |
| run: | | |
| bundle exec rspec | |
| - name: Run FreeSWITCH tests | |
| working-directory: components/freeswitch | |
| run: | | |
| ./tests/tests.sh | |
| - name: Setup Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: "1.22.x" | |
| - name: Run tests | |
| working-directory: components/freeswitch_event_logger | |
| run: | | |
| go get . | |
| go test | |
| - name: Upload coverage to Codecov | |
| uses: codecov/codecov-action@v4 | |
| with: | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| - name: Set Deployment Matrix | |
| id: set-deployment-matrix | |
| run: | | |
| branchName=$(echo '${{ github.ref }}' | sed 's,refs/heads/,,g') | |
| matrixSource=$(cat << EOF | |
| [ | |
| { | |
| "identifier": "switch-staging", | |
| "environment": "staging", | |
| "branch": "develop", | |
| "friendly_image_tag": "beta", | |
| "image_tag": "stag-${{ github.sha }}", | |
| "ecs_service": "switch-staging", | |
| "ecs_cluster": "somleng-switch-staging" | |
| }, | |
| { | |
| "identifier": "switch", | |
| "environment": "production", | |
| "branch": "master", | |
| "friendly_image_tag": "latest", | |
| "image_tag": "prod-${{ github.sha }}", | |
| "ecs_service": "switch", | |
| "ecs_cluster": "somleng-switch" | |
| } | |
| ] | |
| EOF | |
| ) | |
| matrix=$(echo $matrixSource | jq --arg branchName "$branchName" 'map(. | select((.branch==$branchName)) )') | |
| echo "matrix={\"include\":$(echo $matrix)}" >> $GITHUB_OUTPUT | |
| echo "matrixLength=$(echo $matrix | jq length)" >> $GITHUB_OUTPUT | |
| echo "deployMatrix={\"region\":[\"ap-southeast-1\",\"us-east-1\"],\"include\":$(echo $matrix)}" >> $GITHUB_OUTPUT | |
| build-packages: | |
| name: Build Packages | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build | |
| if: needs.build.outputs.matrixLength > 0 | |
| strategy: | |
| matrix: ${{fromJson(needs.build.outputs.matrix)}} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Setup Ruby | |
| uses: ruby/setup-ruby@v1 | |
| - name: Configure AWS credentials | |
| id: aws-login | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }} | |
| role-skip-session-tagging: true | |
| role-duration-seconds: 3600 | |
| aws-region: ap-southeast-1 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.repository_owner }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Login to ECR | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ secrets.ECR_REGISTRY }} | |
| - name: Export Polly Voices | |
| run: | | |
| components/freeswitch/bin/export_tts_voices > components/freeswitch/conf/autoload_configs/tts_voices.xml | |
| - name: Build and push Nginx | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: components/nginx | |
| push: true | |
| platforms: linux/amd64,linux/arm64 | |
| cache-from: type=gha,scope=${{ matrix.identifier }}-nginx | |
| cache-to: type=gha,mode=max,scope=${{ matrix.identifier }}-nginx | |
| tags: | | |
| ${{ secrets.ECR_REGISTRY }}/${{ env.WEBSERVER_REPOSITORY_NAME }}:${{ matrix.image_tag }} | |
| ${{ secrets.GHCR_REGISTRY }}/${{ env.WEBSERVER_REPOSITORY_NAME }}:${{ matrix.friendly_image_tag }} | |
| - name: Build and push FreeSWITCH | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: components/freeswitch | |
| build-args: | |
| signalwire_token=${{ secrets.SIGNALWIRE_TOKEN }} | |
| push: true | |
| platforms: linux/amd64 | |
| cache-from: type=gha,scope=${{ matrix.identifier }}-freeswitch | |
| cache-to: type=gha,mode=max,scope=${{ matrix.identifier }}-freeswitch | |
| tags: | | |
| ${{ secrets.ECR_REGISTRY }}/${{ env.FREESWITCH_REPOSITORY_NAME }}:${{ matrix.image_tag }} | |
| ${{ secrets.GHCR_REGISTRY }}/${{ env.FREESWITCH_REPOSITORY_NAME }}:${{ matrix.friendly_image_tag }} | |
| - name: Build and push FreeSWITCH Event Logger | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: components/freeswitch_event_logger | |
| push: true | |
| platforms: linux/amd64,linux/arm64 | |
| cache-from: type=gha,scope=${{ matrix.identifier }}-freeswitch-event-logger | |
| cache-to: type=gha,mode=max,scope=${{ matrix.identifier }}-freeswitch-event-logger | |
| tags: | | |
| ${{ secrets.ECR_REGISTRY }}/${{ env.FREESWITCH_EVENT_LOGGER_REPOSITORY_NAME }}:${{ matrix.image_tag }} | |
| ${{ secrets.GHCR_REGISTRY }}/${{ env.FREESWITCH_EVENT_LOGGER_REPOSITORY_NAME }}:${{ matrix.friendly_image_tag }} | |
| - name: Build and push Switch App | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: components/app | |
| push: true | |
| platforms: linux/amd64 | |
| cache-from: type=gha,scope=${{ matrix.identifier }} | |
| cache-to: type=gha,mode=max,scope=${{ matrix.identifier }} | |
| tags: | | |
| ${{ secrets.ECR_REGISTRY }}/${{ env.APP_REPOSITORY_NAME }}:${{ matrix.image_tag }} | |
| ${{ secrets.GHCR_REGISTRY }}/${{ env.APP_REPOSITORY_NAME }}:${{ matrix.friendly_image_tag }} | |
| deploy: | |
| name: Deploy | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build | |
| - build-packages | |
| strategy: | |
| matrix: ${{fromJSON(needs.build.outputs.deployMatrix)}} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Configure AWS credentials | |
| id: aws-login | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }} | |
| role-skip-session-tagging: true | |
| role-duration-seconds: 3600 | |
| aws-region: ${{ matrix.region }} | |
| - name: Get current task definition | |
| run: | | |
| aws ecs describe-task-definition --task-definition "${{ matrix.identifier }}" --query 'taskDefinition' > task-definition.json | |
| - name: Prepare Webserver task definition | |
| id: render-nginx-task-def | |
| uses: aws-actions/amazon-ecs-render-task-definition@v1 | |
| with: | |
| task-definition: task-definition.json | |
| container-name: nginx | |
| image: ${{ secrets.ECR_REGISTRY }}/${{ env.WEBSERVER_REPOSITORY_NAME }}:${{ matrix.image_tag }} | |
| - name: Prepare FreeSWITCH task definition | |
| id: render-freeswitch-task-def | |
| uses: aws-actions/amazon-ecs-render-task-definition@v1 | |
| with: | |
| task-definition: ${{ steps.render-nginx-task-def.outputs.task-definition }} | |
| container-name: freeswitch | |
| image: ${{ secrets.ECR_REGISTRY }}/${{ env.FREESWITCH_REPOSITORY_NAME }}:${{ matrix.image_tag }} | |
| - name: Prepare FreeSWITCH event logger task definition | |
| id: render-freeswitch-event-logger-task-def | |
| uses: aws-actions/amazon-ecs-render-task-definition@v1 | |
| with: | |
| task-definition: ${{ steps.render-freeswitch-task-def.outputs.task-definition }} | |
| container-name: freeswitch-event-logger | |
| image: ${{ secrets.ECR_REGISTRY }}/${{ env.FREESWITCH_EVENT_LOGGER_REPOSITORY_NAME }}:${{ matrix.image_tag }} | |
| - name: Prepare App task definition | |
| id: render-app-task-def | |
| uses: aws-actions/amazon-ecs-render-task-definition@v1 | |
| with: | |
| task-definition: ${{ steps.render-freeswitch-event-logger-task-def.outputs.task-definition }} | |
| container-name: app | |
| image: ${{ secrets.ECR_REGISTRY }}/${{ env.APP_REPOSITORY_NAME }}:${{ matrix.image_tag }} | |
| - name: Deploy Switch | |
| uses: aws-actions/amazon-ecs-deploy-task-definition@v2 | |
| with: | |
| task-definition: ${{ steps.render-app-task-def.outputs.task-definition }} | |
| service: ${{ matrix.ecs_service }} | |
| cluster: ${{ matrix.ecs_cluster }} | |
| wait-for-service-stability: true | |
| release: | |
| name: Release | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build | |
| - deploy | |
| strategy: | |
| matrix: ${{fromJson(needs.build.outputs.matrix)}} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Create Sentry release | |
| uses: getsentry/action-release@v1 | |
| env: | |
| SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} | |
| SENTRY_ORG: somleng | |
| SENTRY_PROJECT: somleng-switch | |
| with: | |
| environment: ${{ matrix.environment }} |