CI/CD setup

.github/workflows/aws.yml

@@ -0,0 +1,104 @@
+name: Deploy to Amazon ECS
+
+on:
+  push:
+    branches: ["main", "release-*"]
+  #pull_request:
+  # The branches below must be a subset of the branches above
+  #branches: [ "main" ]
+
+env:
+  AWS_REGION: ${{ github.ref == 'refs/heads/main' && 'us-east-1' || github.ref == 'refs/heads/release-*' && 'ap-south-1' }}
+  ECR_REPOSITORY: sunbird-serve-need # set this to your Amazon ECR repository name
+  ECS_SERVICE: sunbird-serve-need # set this to your Amazon ECS service name
+  ECS_CLUSTER: ${{ github.ref == 'refs/heads/main' && 'ecs-staging' || github.ref == 'refs/heads/release-*' && 'ecs-production' }}
+  ECS_TASK_DEFINITION:
+    .github/workflows/task-definition.json # set this to the path to your Amazon ECS task definition
+    # file, e.g. .aws/task-definition.json
+  CONTAINER_NAME:
+    sunbird-serve-need # set this to the name of the container in the
+    # containerDefinitions section of your task definition
+  SHELL_SCRIPT_NAME: .github/workflows/create-json.sh
+  PYTHON_FILE_NAME: .github/workflows/replace-secrets.py
+
+permissions:
+  contents: read
+  id-token: write
+
+jobs:
+  deploy:
+    name: Deploy
+    runs-on: ubuntu-latest
+    #environment: ${{ github.ref == 'refs/heads/main' && 'stage-' || github.ref == 'refs/heads/release-*' && ''  }}
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Set environment variables for the "release-*" branch
+        run: |
+          if [ "${GITHUB_REF##*/}" = "release-*" ]; then
+            echo "Setting environment variables for release-* branch"
+            echo "environment=stage-" >> $GITHUB_ENV
+          else
+            echo "release-* branch not detected. No environment variables to set."
+          fi
+
+      - name: Shell script to create JSON
+        run: |
+          chmod +x ${{ env.SHELL_SCRIPT_NAME }}
+          ${{ env.SHELL_SCRIPT_NAME }}
+        shell: bash
+
+      - name: Dump older task definition
+        env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        run: |
+          aws ecs describe-task-definition --region ${{ env.AWS_REGION }} --task-definition ${{ env.ECS_SERVICE }} --query taskDefinition > .github/workflows/task-definition.json
+          aws ecs list-clusters --region ${{ env.AWS_REGION }}
+          cat .github/workflows/task-definition.json
+
+      - name: Python to update TD
+        run: python ${{ env.PYTHON_FILE_NAME }}
+
+      - name: Print new task definition
+        run: |
+          cat .github/workflows/task-definition.json
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: ${{ env.AWS_REGION }}
+
+      - name: Login to Amazon ECR
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@v1
+
+      - name: Build, tag, and push image to Amazon ECR
+        id: build-image
+        env:
+          ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
+          IMAGE_TAG: ${{ github.sha }}
+        run: |
+          docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
+          docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
+          echo "image=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT
+
+      - name: Fill in the new image ID in the Amazon ECS task definition
+        id: task-def
+        uses: aws-actions/amazon-ecs-render-task-definition@v1
+        with:
+          task-definition: ${{ env.ECS_TASK_DEFINITION }}
+          container-name: ${{ env.CONTAINER_NAME }}
+          image: ${{ steps.build-image.outputs.image }}
+
+      - name: Deploy Amazon ECS task definition
+        uses: aws-actions/amazon-ecs-deploy-task-definition@v1
+        with:
+          task-definition: ${{ steps.task-def.outputs.task-definition }}
+          service: ${{ env.ECS_SERVICE }}
+          cluster: ${{ env.ECS_CLUSTER }}
+          wait-for-service-stability: false

.github/workflows/create-json.sh

@@ -0,0 +1,36 @@
+#/bin/bash
+account_id=049302583731
+if [ -f /tmp/__secrets.json ] ; then
+rm -f /tmp/__secrets.json 
+fi
+
+branch_name=${GITHUB_REF#refs/heads/}
+echo $branch_name
+
+if [ "$branch_name" == "main" ] ; then
+prefix=stage
+#region="ap-south-1"
+elif [ "$branch_name" == "release" ] ; then
+prefix=prod
+#region=us-east-1
+fi
+printf '{
+	 "secrets": [' > /tmp/__secrets.json
+
+
+for line in `cat .${prefix}env`
+do
+  key=$line
+  if [[ -z "$line" || "$line" =~ ^[[:space:]]*# ]]; then
+    continue
+  fi
+          echo "{
+                 "'"name"'": "'"'$key'"'",
+                 "'"valueFrom"'": "'"'"arn:aws:ssm:ap-south-1:$account_id:parameter/$key"'"'"
+                }," >> /tmp/__secrets.json
+done
+sed '$ s/,$//'  /tmp/__secrets.json > .github/workflows/secrets.json
+
+echo ']}' >> .github/workflows/secrets.json
+
+cat .github/workflows/secrets.json

.github/workflows/replace-secrets.py

@@ -0,0 +1,44 @@
+import json
+
+original_taskdef = ".github/workflows/task-definition.json"
+secrets_array = ".github/workflows/secrets.json"
+
+
+with open(original_taskdef, 'r') as file:
+    task_definition = json.load(file)
+
+    for item in task_definition:
+        if "containerDefinitions" in item:
+            containerDefinitions = task_definition['containerDefinitions']
+            for item in containerDefinitions:
+                if "secrets" in item:
+                    print("secret block exists")
+                    # print(json.dumps(containerDefinitions[0]['secrets'], indent=4)) # if want to print
+
+
+with open(secrets_array, 'r') as new_file:
+    new_data = json.load(new_file)
+    new_secrets = new_data['secrets']
+    # print(json.dumps(new_secrets, indent=4))
+
+# __task_definition = task_definition["taskDefinition"]
+# __secrets_to_replace = __task_definition["containerDefinitions"]
+# secrets_to_replace = __secrets_to_replace[0]["secrets"]
+# __secrets_to_replace[0]["secrets"] = new_secrets
+
+
+__secrets_to_replace = task_definition['containerDefinitions']
+secrets_to_replace = __secrets_to_replace[0]['secrets']
+__secrets_to_replace[0]['secrets'] = new_secrets
+
+# task_definition['secrets'] = new_secrets		#replace old secrets block with new_secrets
+
+
+print(json.dumps(task_definition, indent=4))
+
+
+# writing to new file
+with open(".github/workflows/task-definition.json", 'w') as outfile:
+    json.dump(task_definition, outfile, indent=4)
+
+print("Updated JSON has been written to new_task_definition.json file.")

.prodenv

@@ -0,0 +1 @@
+test

.stageenv

@@ -0,0 +1 @@
+test