fix: ci pipeline (#228)

* fix: build & deploy ci/cd

* added aws creds to gh action

* updating ci config

* fix config

* syntax fix

* fixing sts token issue

* added permissions

* typo fixed

* ecs deploy fix

* syntax fix

* ecs task def updated

* typo fix

* testing tags var

* testing tags var

* gh action workflow completed

Author: priom

.github/workflows/build_prod.yml renamed to .github/workflows/build-deploy-prod.yml

@@ -1,33 +1,44 @@
 # Copyright 2020 ChainSafe Systems
 # SPDX-License-Identifier: LGPL-3.0-only
 
-name: Build & Push Docker Image to AWS ECR
+name: Build & Deploy PROD
 
 on:
   push:
-    branches:
-      - main
+    tags:
+      - 'v*'
+  workflow_dispatch:
 
 env:
   AWS_REGION: ${{ secrets.AWS_REGION }}
   AWS_ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID }}
-  AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
-  AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
   ECR_REPO: ${{ secrets.AWS_ECR_REPO }}
-
+  ECS_CLUSTER: ${{ secrets.AWS_ECS_CLUSTER }}
+  ECS_SERVICE: ${{ secrets.AWS_ECS_SERVICE }}
+  ENVIRONMENT: PROD
+  
 jobs:
   build:
-    name: build_prod
+    name: build_deploy_prod
     runs-on: ubuntu-latest
+    permissions:
+          id-token: write
+          contents: write
 
     steps:
       # download the source code into the runner
       - name: checkout
         uses: actions/checkout@v2
-
-      - name: short sha
+      
+      - name: Set output
         id: vars
-        run: echo "::set-output name=sha::$(git rev-parse --short HEAD)"
+        run: echo ::set-output name=tag::${GITHUB_REF#refs/*/}
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          role-to-assume: arn:aws:iam::${{ env.AWS_ACCOUNT_ID }}:role/github-actions-role
+          aws-region: ${{ env.AWS_REGION }}
 
       # gather metadata from git & github actions to reference in docker
       - name: git & github metadata
@@ -48,5 +59,15 @@ jobs:
           file: ./Dockerfile
           push: true
           tags: |
-            ${{ env.AWS_ACCOUNT_ID }}.dkr.ecr.${{ env.AWS_REGION }}.amazonaws.com/${{ env.AWS_ECR_REPO }}:latest
-            ${{ env.AWS_ACCOUNT_ID }}.dkr.ecr.${{ env.AWS_REGION }}.amazonaws.com/${{ env.AWS_ECR_REPO }}:${{ steps.vars.outputs.sha }}
+            ${{ env.AWS_ACCOUNT_ID }}.dkr.ecr.${{ env.AWS_REGION }}.amazonaws.com/${{ env.ECR_REPO }}:latest
+            ${{ env.AWS_ACCOUNT_ID }}.dkr.ecr.${{ env.AWS_REGION }}.amazonaws.com/${{ env.ECR_REPO }}:${{ steps.vars.outputs.tag }}
+        
+      # deploy to AWS ECS
+      - name: Deploy to Amazon ECS
+        uses: aws-actions/amazon-ecs-deploy-task-definition@v1
+        with:
+          task-definition: infra/aws-ecs/task_definition_${{ env.ENVIRONMENT }}.json
+          service: ${{ env.ECS_SERVICE }}
+          cluster: ${{ env.ECS_CLUSTER }}
+          wait-for-service-stability: true
+          

.github/workflows/deploy_prod.yml

@@ -3,7 +3,7 @@
     "containerDefinitions": [
         {
             "name": "nodewatch-prod-container",
-            "image": "381177214925.dkr.ecr.us-east-2.amazonaws.com/nodewatch-prod-ecr:v1.3.1",
+            "image": "381177214925.dkr.ecr.us-east-2.amazonaws.com/nodewatch-prod-ecr",
             "cpu": 256,
             "portMappings": [
                 {