Skip to content

testing parameter store #9

testing parameter store

testing parameter store #9

Workflow file for this run

# This is a basic workflow to help you get started with Actions
name: Connect to an AWS role from a GitHub repository
# Controls when the action will run. Invokes the workflow on push events but only for the main branch
on:
push:
branches: [5165-cicd]
pull_request:
branches: [5165-cicd]
env:
ENVIRONMENT: development
AWS_REGION: ap-southeast-2 #MY_AWS_REGION # set this to your preferred AWS region, e.g. us-west-1
#ECR_REPOSITORY: #########.dkr.ecr.ap-southeast-2.amazonaws.com/aodn-v2 # set this to your Amazon ECR repository name
ECS_SERVICE: es-indexer-service #MY_ECS_SERVICE # set this to your Amazon ECS service name
ECS_CLUSTER: aodn-imos-v2 # set this to your Amazon ECS cluster name
ECS_TASK_DEFINITION: ./aodn-es-indexer-td.json #MY_ECS_TASK_DEFINITION # set this to the path to your Amazon ECS task definition
# file, e.g. .aws/task-definition.json
CONTAINER_NAME: aodn-es-indexer #MY_CONTAINER_NAME # set this to the name of the container in the
# containerDefinitions section of your task definition
#ROLE_ARN: arn:aws:iam::#########:role/tlc-ci-cd
name: development
# Permission can be added at job level or workflow level
permissions:
id-token: write # This is required for requesting the JWT
contents: read # This is required for actions/checkout
jobs:
AWS-ECR-ECS-Deploy:
runs-on: ubuntu-latest
environment: development
steps:
- name: Git clone the repository
uses: actions/checkout@v3
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ vars.ROLE_ARN }}
role-session-name: GitHub_to_AWS_via_FederatedOIDC
aws-region: ${{ env.AWS_REGION }}
# Hello from AWS: WhoAmI
- name: Sts GetCallerIdentity
run: |
aws sts get-caller-identity
- name: Get platform env vars from aws ssm parameter store
run: |
# Loop through all repository variables
VAR_LIST= aws ssm get-parameters-by-path --path "/core/es_indexer/dev_ecr_ecs_config/"
echo "$envvars=VAR_LIST" >> $GITHUB_OUTPUT
for var in "$($envvars | jq -r '.Parameters[]')"; do
name=$(echo $var | jq -r .Name)
value=$(echo $var | jq -r .Value)
done
# - name: Prepare
# id: prep
# run: |
# BRANCH=${GITHUB_REF##*/}
# TS=$(date +%s)
# REVISION=${GITHUB_SHA::8}
# BUILD_ID="${BRANCH}-${REVISION}-${TS}"
# LATEST_ID=canary
# if [[ $GITHUB_REF == refs/tags/* ]]; then
# BUILD_ID=${GITHUB_REF/refs\/tags\//}
# LATEST_ID=latest
# fi
# echo ::set-output name=BUILD_DATE::$(date -u +'%Y-%m-%dT%H:%M:%SZ')
# echo ::set-output name=BUILD_ID::${BUILD_ID}
# echo ::set-output name=LATEST_ID::${LATEST_ID} >> $GITHUB_OUTPUT
# - name: Checkout
# uses: actions/checkout@v3
# - name: Set up JDK 17
# uses: actions/setup-java@v3
# with:
# distribution: 'temurin'
# java-version: '17'
# cache: 'maven'
# - name: Login to Amazon ECR
# id: login-ecr
# uses: aws-actions/amazon-ecr-login@v2
# - name: Build and tag image
# id: build-image
# env:
# ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
# ECR_REPOSITORY: ${{ vars.ECR_REPOSITORY }}
# IMAGE_TAG: ${{ steps.prep.outputs.BUILD_ID }}
# LATEST_ID: ${{ steps.prep.outputs.LATEST_ID }}
# run: |
# # Build a docker container and
# # be deployed to ECS.
# # docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
# # echo "image=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT
# # aws ecr get-login-password --region ap-southeast-2 | docker login --username AWS --password-stdin $ACCOUNT_ID
# docker build -t $ECR_REPOSITORY:$IMAGE_TAG .
# echo "image=$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT
# - name: Run Trivy vulnerability scanner in docker mode
# uses: aquasecurity/trivy-action@master
# with:
# image-ref: ${{ steps.build-image.outputs.image }}
# format: 'table'
# severity: 'HIGH,CRITICAL'
# vuln-type: 'os,library'
# exit-code: 1
# ignore-unfixed: true
# continue-on-error: true
# - name: Push image to Amazon ECR
# id: push-image
# env:
# ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
# ECR_REPOSITORY: ${{ vars.ECR_REPOSITORY }}
# IMAGE_TAG: ${{ steps.prep.outputs.BUILD_ID }}
# LATEST_ID: ${{ steps.prep.outputs.LATEST_ID }}
# run: |
# # Build a docker container and
# # be deployed to ECS.
# # docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
# # echo "image=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT
# # aws ecr get-login-password --region ap-southeast-2 | docker login --username AWS --password-stdin $ACCOUNT_ID
# docker push $ECR_REPOSITORY:$IMAGE_TAG
# echo "image=$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT
# - name: Fill in the new image ID in the Amazon ECS task definition
# id: task-def
# uses: aws-actions/amazon-ecs-render-task-definition@v1
# with:
# task-definition: ${{ env.ECS_TASK_DEFINITION }}
# container-name: ${{ env.CONTAINER_NAME }}
# image: ${{ steps.push-image.outputs.image }}
# environment-variables: |
# GEONETWORK_HOST=${{ vars.GEONETWORK_HOST }}
# SERVER_PORT=${{ vars.SERVER_PORT }}
# ELASTICSEARCH_SERVERURL=${{ vars.ELASTICSEARCH_SERVERURL }}
# ELASTICSEARCH_APIKEY=${{ vars.ELASTICSEARCH_APIKEY }}
# APP_HTTP_AUTHTOKEN=${{ vars.APP_HTTP_AUTHTOKEN }}
# ELASTICSEARCH_INDEX_NAME=${{ vars.ELASTICSEARCH_INDEX_NAME }}
# IMAGE=${{ steps.push-image.outputs.image }}
# - name: Deploy Amazon ECS task definition
# uses: aws-actions/amazon-ecs-deploy-task-definition@v1
# with:
# task-definition: ${{ steps.task-def.outputs.task-definition }}
# service: ${{ env.ECS_SERVICE }}
# cluster: ${{ env.ECS_CLUSTER }}
# wait-for-service-stability: true