ECR Private for Gateways (#751)

somleng · Sep 18, 2024 · 022e4a5 · 022e4a5
1 parent 8cb48d0
commit 022e4a5
Show file tree

Hide file tree

Showing 16 changed files with 247 additions and 205 deletions.
diff --git a/.github/workflows/cleanup-packages.yml b/.github/workflows/cleanup-packages.yml
@@ -0,0 +1,76 @@
+name: Cleanup Packages
+
+on:
+  schedule:
+    - cron: '0 0 * * *'
+
+jobs:
+  cleanup_packages:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/delete-package-versions@v5
+        with:
+          package-name: 's3-mpeg'
+          package-type: 'container'
+          delete-only-untagged-versions: 'true'
+
+      - uses: actions/delete-package-versions@v5
+        with:
+          package-name: 'switch-services'
+          package-type: 'container'
+          delete-only-untagged-versions: 'true'
+
+      - uses: actions/delete-package-versions@v5
+        with:
+          package-name: 'media-proxy'
+          package-type: 'container'
+          delete-only-untagged-versions: 'true'
+
+      - uses: actions/delete-package-versions@v5
+        with:
+          package-name: 'client-gateway'
+          package-type: 'container'
+          delete-only-untagged-versions: 'true'
+
+      - uses: actions/delete-package-versions@v5
+        with:
+          package-name: 'public-gateway'
+          package-type: 'container'
+          delete-only-untagged-versions: 'true'
+
+      - uses: actions/delete-package-versions@v5
+        with:
+          package-name: 'gateway'
+          package-type: 'container'
+          delete-only-untagged-versions: 'true'
+
+      - uses: actions/delete-package-versions@v5
+        with:
+          package-name: 'gateway-scheduler'
+          package-type: 'container'
+          delete-only-untagged-versions: 'true'
+
+      - uses: actions/delete-package-versions@v5
+        with:
+          package-name: 'switch-app'
+          package-type: 'container'
+          delete-only-untagged-versions: 'true'
+
+      - uses: actions/delete-package-versions@v5
+        with:
+          package-name: 'switch-webserver'
+          package-type: 'container'
+          delete-only-untagged-versions: 'true'
+
+      - uses: actions/delete-package-versions@v5
+        with:
+          package-name: 'freeswitch'
+          package-type: 'container'
+          delete-only-untagged-versions: 'true'
+
+      - uses: actions/delete-package-versions@v5
+        with:
+          package-name: 'freeswitch-events'
+          package-type: 'container'
+          delete-only-untagged-versions: 'true'
diff --git a/.github/workflows/client_gateway.yml b/.github/workflows/client_gateway.yml
@@ -1,6 +1,11 @@
 name: Client Gateway
 on: push
 
+env:
+  CI: true
+  GATEWAY_REPOSITORY_NAME: client-gateway
+  GATEWAY_SCHEDULER_REPOSITORY_NAME: gateway-scheduler
+
 jobs:
   integration_tests:
     uses: ./.github/workflows/integration_tests.yml
@@ -27,45 +32,34 @@ jobs:
             {
               "identifier": "client-gateway-staging",
               "branch": "develop",
-              "image_tag": "staging",
+              "friendly_image_tag": "beta",
+              "image_tag": "stag-${{ github.sha }}",
               "ecs_service": "client-gateway-staging",
               "ecs_cluster": "somleng-switch-staging"
             },
             {
               "identifier": "client-gateway",
               "branch": "master",
-              "image_tag": "latest",
+              "friendly_image_tag": "latest",
+              "image_tag": "prod-${{ github.sha }}",
               "ecs_service": "client-gateway",
               "ecs_cluster": "somleng-switch"
             }
           ]
           EOF
           )
           matrix=$(echo $matrixSource | jq --arg branchName "$branchName" 'map(. | select((.branch==$branchName)) )')
-          echo ::set-output name=matrix::{\"include\":$(echo $matrix)}\"
-          echo ::set-output name=matrixLength::$(echo $matrix | jq length)
+          echo "matrix={\"include\":$(echo $matrix)}" >> $GITHUB_OUTPUT
+          echo "matrixLength=$(echo $matrix | jq length)" >> $GITHUB_OUTPUT
 
-  deploy:
-    name: Deploy
+  build_packages:
+    name: Build Packages
     runs-on: ubuntu-latest
     needs:
       - integration_tests
       - build
 
     if: needs.build.outputs.matrixLength > 0
-    defaults:
-      run:
-        working-directory: components/gateway
-
-    env:
-      AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
-      AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-      AWS_DEFAULT_REGION: ap-southeast-1
-      ECR_PUBLIC_REGISTRY: public.ecr.aws
-      ECR_REPOSITORY: public.ecr.aws/somleng/client-gateway
-      OPENSIPS_SCHEDULER_ECR_REPOSITORY: public.ecr.aws/somleng/opensips-scheduler
-      GHCR_REPOSITORY: ghcr.io/somleng/client-gateway
-      IMAGE_TAG: ${{ github.sha }}
 
     strategy:
       matrix: ${{fromJson(needs.build.outputs.matrix)}}
@@ -85,12 +79,8 @@ jobs:
           role-duration-seconds: 3600
           aws-region: ap-southeast-1
 
-      - name: Login to AWS Public ECR
-        uses: docker/login-action@v3
-        with:
-          registry: ${{ env.ECR_PUBLIC_REGISTRY }}
-        env:
-          AWS_REGION: us-east-1
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
 
       - name: Login to GitHub Container Registry
         uses: docker/login-action@v3
@@ -99,11 +89,10 @@ jobs:
           username: ${{ github.repository_owner }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
+      - name: Login to ECR
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ secrets.ECR_REGISTRY }}
 
       - name: Build and push Client Gateway
         uses: docker/build-push-action@v6
@@ -115,29 +104,50 @@ jobs:
           cache-from: type=gha,scope=${{ matrix.identifier }}
           cache-to: type=gha,mode=max,scope=${{ matrix.identifier }}
           tags: |
-            ${{ env.ECR_REPOSITORY }}:${{ matrix.image_tag }}
-            ${{ env.ECR_REPOSITORY }}:${{ env.IMAGE_TAG }}
-            ${{ env.GHCR_REPOSITORY }}:${{ matrix.image_tag }}
+            ${{ secrets.ECR_REGISTRY }}/${{ env.GATEWAY_REPOSITORY_NAME }}:${{ matrix.image_tag }}
+            ${{ secrets.GHCR_REGISTRY }}/${{ env.GATEWAY_REPOSITORY_NAME }}:${{ matrix.friendly_image_tag }}
+
+  deploy:
+    name: Deploy
+    runs-on: ubuntu-latest
+    needs:
+      - build
+      - build_packages
+
+    strategy:
+      matrix: ${{fromJson(needs.build.outputs.matrix)}}
+
+    steps:
+      - name: Configure AWS credentials
+        id: aws-login
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
+          role-skip-session-tagging: true
+          role-duration-seconds: 3600
+          aws-region: ap-southeast-1
 
       - name: Get current task definition
         run: |
           aws ecs describe-task-definition --task-definition "${{ matrix.identifier }}" --query 'taskDefinition' > task-definition.json
 
-      - name: Prepare task definition with OpenSIPS scheduler
+      - name: Prepare task definition with Gateway Scheduler
         id: render-opensips-scheduler-task-def
         uses: aws-actions/amazon-ecs-render-task-definition@v1
         with:
-          task-definition: components/gateway/task-definition.json
+          task-definition: task-definition.json
           container-name: opensips_scheduler
-          image: ${{ env.OPENSIPS_SCHEDULER_ECR_REPOSITORY }}:${{ env.IMAGE_TAG }}
+          image: ${{ secrets.ECR_REGISTRY }}/${{ env.GATEWAY_SCHEDULER_REPOSITORY_NAME }}:${{ matrix.image_tag }}
 
       - name: Prepare task definition
         id: render-task-def
         uses: aws-actions/amazon-ecs-render-task-definition@v1
         with:
           task-definition: ${{ steps.render-opensips-scheduler-task-def.outputs.task-definition }}
           container-name: client_gateway
-          image: ${{ env.ECR_REPOSITORY }}:${{ env.IMAGE_TAG }}
+          image: ${{ secrets.ECR_REGISTRY }}/${{ env.GATEWAY_REPOSITORY_NAME }}:${{ matrix.image_tag }}
 
       - name: Deploy
         uses: aws-actions/amazon-ecs-deploy-task-definition@v2

diff --git a/.github/workflows/gateway_commons.yml b/.github/workflows/gateway_commons.yml
@@ -1,5 +1,8 @@
 name: Gateway Commons
 on: push
+env:
+  GATEWAY_REPOSITORY_NAME: gateway
+  GATEWAY_SCHEDULER_REPOSITORY_NAME: gateway-scheduler
 
 jobs:
   build:
@@ -19,12 +22,14 @@ jobs:
             {
               "identifier": "gateway-commons-staging",
               "branch": "develop",
-              "image_tag": "staging"
+              "friendly_image_tag": "beta",
+              "image_tag": "stag-${{ github.sha }}"
             },
             {
               "identifier": "gateway-commons",
               "branch": "master",
-              "image_tag": "latest"
+              "friendly_image_tag": "latest",
+              "image_tag": "prod-${{ github.sha }}"
             }
           ]
           EOF
@@ -33,34 +38,22 @@ jobs:
           echo "matrix={\"include\":$(echo $matrix)}" >> $GITHUB_OUTPUT
           echo "matrixLength=$(echo $matrix | jq length)" >> $GITHUB_OUTPUT
 
-  deploy:
-    name: Deploy Gateway Commons
+  build-packages:
+    name: Build Packages
     runs-on: ubuntu-latest
-    needs:
-      - build
-
     if: needs.build.outputs.matrixLength > 0
 
-    env:
-      AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
-      AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-      AWS_DEFAULT_REGION: ap-southeast-1
-      ECR_PUBLIC_REGISTRY: public.ecr.aws
-      GATEWAY_ECR_REPOSITORY: public.ecr.aws/somleng/gateway
-      GATEWAY_GHCR_REPOSITORY: ghcr.io/somleng/gateway
-      OPENSIPS_SCHEDULER_ECR_REPOSITORY: public.ecr.aws/somleng/opensips-scheduler
-      OPENSIPS_SCHEDULER_GHCR_REPOSITORY: ghcr.io/somleng/opensips-scheduler
-      IMAGE_TAG: ${{ github.sha }}
-
     strategy:
       matrix: ${{fromJson(needs.build.outputs.matrix)}}
 
+    needs:
+      - build
+
     steps:
       - name: Checkout
         uses: actions/checkout@v4
 
       - name: Configure AWS credentials
-        id: aws-login
         uses: aws-actions/configure-aws-credentials@v4
         with:
           aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
@@ -70,12 +63,8 @@ jobs:
           role-duration-seconds: 3600
           aws-region: ap-southeast-1
 
-      - name: Login to AWS Public ECR
-        uses: docker/login-action@v3
-        with:
-          registry: ${{ env.ECR_PUBLIC_REGISTRY }}
-        env:
-          AWS_REGION: us-east-1
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
 
       - name: Login to GitHub Container Registry
         uses: docker/login-action@v3
@@ -84,34 +73,31 @@ jobs:
           username: ${{ github.repository_owner }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
+      - name: Login to ECR
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ secrets.ECR_REGISTRY }}
 
-      - name: Build and push OpenSIPS Scheduler
+      - name: Build and push Gateway Scheduler
         uses: docker/build-push-action@v6
         with:
           context: components/opensips_scheduler
           push: true
-          platforms: linux/amd64
-          cache-from: type=gha,scope=${{ matrix.identifier }}-opensips-scheduler
-          cache-to: type=gha,mode=max,scope=${{ matrix.identifier }}-opensips-scheduler
+          platforms: linux/amd64,linux/arm64
+          cache-from: type=gha,scope=${{ matrix.identifier }}-gateway-scheduler
+          cache-to: type=gha,mode=max,scope=${{ matrix.identifier }}-gateway-scheduler
           tags: |
-            ${{ env.OPENSIPS_SCHEDULER_ECR_REPOSITORY }}:${{ matrix.image_tag }}
-            ${{ env.OPENSIPS_SCHEDULER_ECR_REPOSITORY }}:${{ env.IMAGE_TAG }}
-            ${{ env.OPENSIPS_SCHEDULER_GHCR_REPOSITORY }}:${{ matrix.image_tag }}
+            ${{ secrets.ECR_REGISTRY }}/${{ env.GATEWAY_SCHEDULER_REPOSITORY_NAME }}:${{ matrix.image_tag }}
+            ${{ secrets.GHCR_REGISTRY }}/${{ env.GATEWAY_SCHEDULER_REPOSITORY_NAME }}:${{ matrix.friendly_image_tag }}
 
-      - name: Build and push OpenSIPS Bootstrap
+      - name: Build and push Gateway
         uses: docker/build-push-action@v6
         with:
           context: components/gateway
           target: bootstrap
           push: true
           platforms: linux/amd64
-          cache-from: type=gha,scope=${{ matrix.identifier }}-bootstrap
-          cache-to: type=gha,mode=max,scope=${{ matrix.identifier }}-bootstrap
+          cache-from: type=gha,scope=${{ matrix.identifier }}-gateway
+          cache-to: type=gha,mode=max,scope=${{ matrix.identifier }}-gateway
           tags: |
-            ${{ env.GATEWAY_ECR_REPOSITORY }}:bootstrap
-            ${{ env.GATEWAY_GHCR_REPOSITORY }}:bootstrap
+            ${{ secrets.GHCR_REGISTRY }}/${{ env.GATEWAY_REPOSITORY_NAME }}:bootstrap