add(ci): job to generate and store certificates for kcoid4vci in ci-c… #5
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: ci/cd-kcoid4vci | |
| on: | |
| push: | |
| branches: | |
| - main | |
| - develop | |
| - ci/build | |
| env: | |
| REGISTRY: 917848404243.dkr.ecr.eu-central-1.amazonaws.com | |
| IMAGE_NAME: kcoid4vci | |
| ECS_SERVICE: kcoid4vci | |
| ECS_CLUSTER: kcoid4vci | |
| ECS_TASK_DEFINITION: .aws/task-definition.json | |
| CONTAINER_NAME: "app" | |
| jobs: | |
| generate_certificates: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Generate Key and Certificate | |
| run: | | |
| openssl ecparam -genkey -name prime256v1 -out private_key.pem | |
| openssl ec -in private_key.pem -pubout -out public_key.pem | |
| openssl req -x509 -new -nodes -key private_key.pem -sha256 -days 365 -out certificate.crt -config cert-config.txt | |
| - name: Store Certificate in GitHub Secret | |
| run: | | |
| echo "::add-secret name=PRIVATE_KEY::$(cat private_key.pem)" | |
| echo "::add-secret name=PUBLIC_KEY::$(cat public_key.pem)" | |
| echo "::add-secret name=CERTIFICATE::$(cat certificate.crt)" | |
| build-deliver: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| packages: write | |
| contents: read | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v1 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: ${{ secrets.AWS_REGION }} | |
| - name: Login to Amazon ECR | |
| id: login-ecr | |
| uses: aws-actions/amazon-ecr-login@v1 | |
| - name: Docker meta | |
| id: meta | |
| uses: docker/metadata-action@v3 | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
| - name: Build and push Docker image | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| file: ./Dockerfile | |
| push: true | |
| tags: ${{ steps.meta.outputs.tags }} | |
| - name: Upload image to ECR | |
| uses: appleboy/docker-ecr-action@master | |
| with: | |
| access_key: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| secret_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| repo: ${{ env.IMAGE_NAME }} | |
| registry: ${{ env.REGISTRY }} | |
| region: ${{ secrets.AWS_REGION }} | |
| - name: Fill in the new image ID in the Amazon ECS task definition | |
| id: task-def | |
| uses: aws-actions/amazon-ecs-render-task-definition@c804dfbdd57f713b6c079302a4c01db7017a36fc | |
| with: | |
| task-definition: ${{ env.ECS_TASK_DEFINITION }} | |
| container-name: ${{ env.CONTAINER_NAME }} | |
| image: ${{ steps.login-ecr.outputs.registry }}/${{ env.IMAGE_NAME }} | |
| - name: Deploy Amazon ECS task definition | |
| uses: aws-actions/amazon-ecs-deploy-task-definition@df9643053eda01f169e64a0e60233aacca83799a | |
| with: | |
| task-definition: ${{ steps.task-def.outputs.task-definition }} | |
| service: ${{ env.ECS_SERVICE }} | |
| cluster: ${{ env.ECS_CLUSTER }} | |
| wait-for-service-stability: true |