mirror/formbricks
1
0
Fork 0
mirror of https://github.com/formbricks/formbricks.git synced 2026-04-19 11:11:05 -05:00
Code Issues Packages Projects Releases 162 Wiki Activity

Update ecs-deployment.yml

Browse Source
This commit is contained in:
Sudhanshu Pandey
2024-02-01 13:47:39 -05:00
committed by GitHub
parent 63eb80463d
commit ea7a793a29
1 changed files with 71 additions and 65 deletions
Download Patch File Download Diff File Expand all files Collapse all files

136
.github/workflows/ecs-deployment.yml vendored
View File

@@ -67,71 +67,77 @@ jobs:
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
# Build and push Docker image with Buildx
# https://github.com/docker/build-push-action
- name: Build and push Docker image
id: build-and-push
uses: depot/build-push-action@v1
env:
NEXT_PUBLIC_SENTRY_DSN: ${{ secrets.NEXT_PUBLIC_SENTRY_DSN }}
with:
project: tw0fqmsx3c
token: ${{ secrets.DEPOT_PROJECT_TOKEN }}
context: .
file: ./apps/web/Dockerfile
platforms: linux/amd64,linux/arm64
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max
build-args: |
NEXTAUTH_SECRET=${{ env.NEXTAUTH_SECRET }}
DATABASE_URL=${{ env.DATABASE_URL }}
ENCRYPTION_KEY=${{ env.ENCRYPTION_KEY }}
NEXT_PUBLIC_SENTRY_DSN=${{ env.NEXT_PUBLIC_SENTRY_DSN }}
# This will only write to the public Rekor transparency log when the Docker
# repository is public to avoid leaking data. If you would like to publish
# transparency data even for private images, pass --force to cosign below.
# https://github.com/sigstore/cosign
- name: Sign the published Docker image
env:
# https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable
TAGS: ${{ steps.meta.outputs.tags }}
DIGEST: ${{ steps.build-and-push.outputs.digest }}
# This step uses the identity token to provision an ephemeral certificate
# against the sigstore community Fulcio instance.
run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST}
deploy:
needs: build
runs-on: ubuntu-latest
steps:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.AWS_REGION }}
- name: Download task definition
- name: Test tags Mani.
id: meta2
run: |
aws ecs describe-task-definition --task-definition prod-webapp-ecs-service --query taskDefinition > task-definition.json
echo "Docker image tags: ${{ steps.meta.outputs.tags }}"
- name: Fill in the new image ID in the Amazon ECS task definition
id: task-def
uses: aws-actions/amazon-ecs-render-task-definition@v1
with:
task-definition: task-definition.json
container-name: prod-webapp-container
image: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:main
# # Build and push Docker image with Buildx
# # https://github.com/docker/build-push-action
# - name: Build and push Docker image
# id: build-and-push
# uses: depot/build-push-action@v1
# env: m
# NEXT_PUBLIC_SENTRY_DSN: ${{ secrets.NEXT_PUBLIC_SENTRY_DSN }}
# with:
# project: tw0fqmsx3c
# token: ${{ secrets.DEPOT_PROJECT_TOKEN }}
# context: .
# file: ./apps/web/Dockerfile
# platforms: linux/amd64,linux/arm64
# push: true
# tags: ${{ steps.meta.outputs.tags }}
# labels: ${{ steps.meta.outputs.labels }}
# cache-from: type=gha
# cache-to: type=gha,mode=max
# build-args: |
# NEXTAUTH_SECRET=${{ env.NEXTAUTH_SECRET }}
# DATABASE_URL=${{ env.DATABASE_URL }}
# ENCRYPTION_KEY=${{ env.ENCRYPTION_KEY }}
# NEXT_PUBLIC_SENTRY_DSN=${{ env.NEXT_PUBLIC_SENTRY_DSN }}
# # This will only write to the public Rekor transparency log when the Docker
# # repository is public to avoid leaking data. If you would like to publish
# # transparency data even for private images, pass --force to cosign below.
# # https://github.com/sigstore/cosign
# - name: Sign the published Docker image
# env:
# # https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable
# TAGS: ${{ steps.meta.outputs.tags }}
# DIGEST: ${{ steps.build-and-push.outputs.digest }}
# # This step uses the identity token to provision an ephemeral certificate
# # against the sigstore community Fulcio instance.
# run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST}
# deploy:
# needs: build
# runs-on: ubuntu-latest
# steps:
# - name: Configure AWS credentials
# uses: aws-actions/configure-aws-credentials@v1
# with:
# aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
# aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
# aws-region: ${{ secrets.AWS_REGION }}
# - name: Download task definition
# run: |
# aws ecs describe-task-definition --task-definition prod-webapp-ecs-service --query taskDefinition > task-definition.json
- name: Deploy Amazon ECS task definition
uses: aws-actions/amazon-ecs-deploy-task-definition@v1
with:
task-definition: ${{ steps.task-def.outputs.task-definition }}
service: prod-webapp-ecs-service
cluster: prod-core-infra-ecs-cluster
wait-for-service-stability: true
# - name: Fill in the new image ID in the Amazon ECS task definition
# id: task-def
# uses: aws-actions/amazon-ecs-render-task-definition@v1
# with:
# task-definition: task-definition.json
# container-name: prod-webapp-container
# image: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:main
# - name: Deploy Amazon ECS task definition
# uses: aws-actions/amazon-ecs-deploy-task-definition@v1
# with:
# task-definition: ${{ steps.task-def.outputs.task-definition }}
# service: prod-webapp-ecs-service
# cluster: prod-core-infra-ecs-cluster
# wait-for-service-stability: true