From dd5a962e0f64e76b987fdb851992e263cca25d86 Mon Sep 17 00:00:00 2001 From: domilulu Date: Mon, 9 Mar 2026 14:44:31 +0000 Subject: [PATCH 01/17] test deployment on dev --- .github/workflows/publish-ecr.yml | 114 +++++++++++++++++++++++++++++- 1 file changed, 112 insertions(+), 2 deletions(-) diff --git a/.github/workflows/publish-ecr.yml b/.github/workflows/publish-ecr.yml index 36cbd78..615ea45 100644 --- a/.github/workflows/publish-ecr.yml +++ b/.github/workflows/publish-ecr.yml @@ -1,4 +1,4 @@ -name: Publish Docker Image to AWS ECR +name: Publish Docker Image to AWS ECR, Deploy on Release on: pull_request: @@ -8,14 +8,24 @@ on: push: branches: - main + workflow_call: + inputs: + runner: + description: 'The runner to execute the workflow on' + default: 'ubuntu-latest' + required: false + type: string permissions: id-token: write contents: read + pull-requests: write jobs: build-and-push: - runs-on: ubuntu-latest + runs-on: ${{ inputs.runner }} + outputs: + build-and-push-log: ${{ steps.build-and-push.outcome }} environment: prometheon-access strategy: @@ -41,6 +51,7 @@ jobs: uses: aws-actions/amazon-ecr-login@v2 - name: Build and push Docker image (PR) + id: build-and-push if: github.event_name == 'pull_request' && matrix.env.name == 'dev' env: ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} @@ -51,6 +62,7 @@ jobs: docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG - name: Build and push Docker image (Main branch) + id: build-and-push if: github.event_name == 'push' && github.ref == 'refs/heads/main' && matrix.env.name == 'dev' env: ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} @@ -61,6 +73,7 @@ jobs: docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG - name: Build and push Docker image (Release) + id: build-and-push if: github.event_name == 'release' env: ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} @@ -69,3 +82,100 @@ jobs: run: | docker build -f Dockerfile.lambda -t $ECR_REGISTRY/$ECR_REPOSITORY:$VERSION_TAG . docker push $ECR_REGISTRY/$ECR_REPOSITORY:$VERSION_TAG + + + deploy-image: + name: upon release deploy image to dev environment, open PR to prod environment + needs: build-and-push + runs-on: ${{ inputs.runner }} + if: (needs.build-and-push.outputs.build-and-push-log == 'success') # && (github.event_name == 'release') + environment: prometheon-access + env: + VERSION_TAG: ${{ github.event.release.tag_name }} + + steps: + # ---------------------------------------------------------- + # Authenticate as GitHub App + # ---------------------------------------------------------- + - name: Authenticate as GitHub App + id: app-auth + uses: tibdex/github-app-token@v1 + with: + app_id: ${{ secrets.GH_APP_ID }} + private_key: ${{ secrets.GH_APP_PRIVATE_KEY }} + + # ---------------------------------------------------------- + # Checkout Terraform Repo using GitHub App Token + # ---------------------------------------------------------- + - name: Clone Terraform Repo + uses: actions/checkout@v4 + with: + repository: SFOE-prometheon/prometheon-drillcheck-${{ matrix.env.name }} + token: ${{ steps.app-auth.outputs.token }} + path: tf-repo + + # ---------------------------------------------------------- + # Update Version + # ---------------------------------------------------------- + - name: Update version in Terraform repo + run: | + cd tf-repo + sed -i "s/backend_app_version = \".*\"/backend_app_version = \"${{ env.VERSION_TAG }}\"/" deploy.auto.tfvars + + # ---------------------------------------------------------- + # Commit & Push/PR based on environment + # ---------------------------------------------------------- + - name: Create branch and commit changes + run: | + cd tf-repo + git config user.name "GitHub Actions" + git config user.email "noreply@github.com" + git checkout -b deploy/backend-${{ env.VERSION_TAG }} + git add deploy.auto.tfvars + git commit -m "Deploy backend version ${{ env.VERSION_TAG }}" + + + # - name: Push to main (Dev environment) + # if: matrix.env.name == 'dev' + # run: | + # cd tf-repo + # git push origin deploy/backend-${{ env.VERSION_TAG }}:main + # git push origin --delete deploy/backend-${{ env.VERSION_TAG }} + # env: + # GITHUB_TOKEN: ${{ steps.app-auth.outputs.token }} + + - name: Create PR (DEV TEST environment) + if: matrix.env.name == 'dev' + run: | + cd tf-repo + git push origin deploy/backend-${{ env.VERSION_TAG }} + gh pr create \ + --base main \ + --head deploy/backend-${{ env.VERSION_TAG }} \ + --title "Deploy backend version ${{ env.VERSION_TAG }} to dev" \ + --body "Automated deployment PR for backend version ${{ env.VERSION_TAG }}" + env: + GITHUB_TOKEN: ${{ steps.app-auth.outputs.token }} + + + # - name: Push to main (Dev environment) + # if: matrix.env.name == 'dev' + # run: | + # cd tf-repo + # git push origin deploy/backend-${{ env.VERSION_TAG }}:main + # git push origin --delete deploy/backend-${{ env.VERSION_TAG }} + # env: + # GITHUB_TOKEN: ${{ steps.app-auth.outputs.token }} + + # - name: Create PR (Prod environment) + # if: matrix.env.name == 'prod' + # run: | + # cd tf-repo + # git push origin deploy/backend-${{ env.VERSION_TAG }} + # gh pr create \ + # --base main \ + # --head deploy/backend-${{ env.VERSION_TAG }} \ + # --title "Deploy backend version ${{ env.VERSION_TAG }} to prod" \ + # --body "Automated deployment PR for backend version ${{ env.VERSION_TAG }}" + # env: + # GITHUB_TOKEN: ${{ steps.app-auth.outputs.token }} \ No newline at end of file From 6c532b72dcc65725c6a9cc7cae74d6fc79aee31b Mon Sep 17 00:00:00 2001 From: domilulu Date: Mon, 9 Mar 2026 14:48:52 +0000 Subject: [PATCH 02/17] update var name --- .github/workflows/publish-ecr.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/publish-ecr.yml b/.github/workflows/publish-ecr.yml index 615ea45..edf7dea 100644 --- a/.github/workflows/publish-ecr.yml +++ b/.github/workflows/publish-ecr.yml @@ -22,7 +22,7 @@ permissions: pull-requests: write jobs: - build-and-push: + build-and-push-job: runs-on: ${{ inputs.runner }} outputs: build-and-push-log: ${{ steps.build-and-push.outcome }} @@ -86,9 +86,9 @@ jobs: deploy-image: name: upon release deploy image to dev environment, open PR to prod environment - needs: build-and-push + needs: build-and-push-run runs-on: ${{ inputs.runner }} - if: (needs.build-and-push.outputs.build-and-push-log == 'success') # && (github.event_name == 'release') + if: (needs.build-and-push-run.outputs.build-and-push-log == 'success') # && (github.event_name == 'release') environment: prometheon-access env: VERSION_TAG: ${{ github.event.release.tag_name }} From 6e7ca79d91cf1863487e0df838835e66a3a94d64 Mon Sep 17 00:00:00 2001 From: domilulu Date: Mon, 9 Mar 2026 14:55:21 +0000 Subject: [PATCH 03/17] correct logs --- .github/workflows/publish-ecr.yml | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/.github/workflows/publish-ecr.yml b/.github/workflows/publish-ecr.yml index edf7dea..bafd167 100644 --- a/.github/workflows/publish-ecr.yml +++ b/.github/workflows/publish-ecr.yml @@ -22,10 +22,11 @@ permissions: pull-requests: write jobs: - build-and-push-job: + build-and-push: runs-on: ${{ inputs.runner }} outputs: - build-and-push-log: ${{ steps.build-and-push.outcome }} + pr-log: ${{ steps.build-and-push-pr.outcome }} #TESTS ONLY + release-log: ${{ steps.build-and-push-release.outcome }} environment: prometheon-access strategy: @@ -51,7 +52,7 @@ jobs: uses: aws-actions/amazon-ecr-login@v2 - name: Build and push Docker image (PR) - id: build-and-push + id: build-and-push-pr if: github.event_name == 'pull_request' && matrix.env.name == 'dev' env: ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} @@ -62,7 +63,6 @@ jobs: docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG - name: Build and push Docker image (Main branch) - id: build-and-push if: github.event_name == 'push' && github.ref == 'refs/heads/main' && matrix.env.name == 'dev' env: ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} @@ -73,7 +73,7 @@ jobs: docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG - name: Build and push Docker image (Release) - id: build-and-push + id: build-and-push-release if: github.event_name == 'release' env: ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} @@ -86,9 +86,10 @@ jobs: deploy-image: name: upon release deploy image to dev environment, open PR to prod environment - needs: build-and-push-run + needs: build-and-push runs-on: ${{ inputs.runner }} - if: (needs.build-and-push-run.outputs.build-and-push-log == 'success') # && (github.event_name == 'release') + if: (needs.build-and-push.outputs.pr-log == 'success') # TESTS ONLY + # if: (needs.build-and-push.outputs.release-log == 'success') # && (github.event_name == 'release') environment: prometheon-access env: VERSION_TAG: ${{ github.event.release.tag_name }} From 0814e51e1514b651514f5891f683f0d284630f35 Mon Sep 17 00:00:00 2001 From: domilulu Date: Mon, 9 Mar 2026 14:59:41 +0000 Subject: [PATCH 04/17] parametrize runner --- .github/workflows/publish-ecr.yml | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/.github/workflows/publish-ecr.yml b/.github/workflows/publish-ecr.yml index bafd167..957ff02 100644 --- a/.github/workflows/publish-ecr.yml +++ b/.github/workflows/publish-ecr.yml @@ -1,13 +1,6 @@ name: Publish Docker Image to AWS ECR, Deploy on Release on: - pull_request: - types: [opened, synchronize] - release: - types: [published] - push: - branches: - - main workflow_call: inputs: runner: @@ -15,6 +8,14 @@ on: default: 'ubuntu-latest' required: false type: string + pull_request: + types: [opened, synchronize] + release: + types: [published] + push: + branches: + - main + permissions: id-token: write From 86dc7fbec4d12a388d4b266b125956135e01b2dd Mon Sep 17 00:00:00 2001 From: domilulu Date: Mon, 9 Mar 2026 15:01:19 +0000 Subject: [PATCH 05/17] plain text --- .github/workflows/publish-ecr.yml | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/.github/workflows/publish-ecr.yml b/.github/workflows/publish-ecr.yml index 957ff02..80ca793 100644 --- a/.github/workflows/publish-ecr.yml +++ b/.github/workflows/publish-ecr.yml @@ -1,13 +1,6 @@ name: Publish Docker Image to AWS ECR, Deploy on Release on: - workflow_call: - inputs: - runner: - description: 'The runner to execute the workflow on' - default: 'ubuntu-latest' - required: false - type: string pull_request: types: [opened, synchronize] release: @@ -24,7 +17,7 @@ permissions: jobs: build-and-push: - runs-on: ${{ inputs.runner }} + runs-on: ubuntu-latest outputs: pr-log: ${{ steps.build-and-push-pr.outcome }} #TESTS ONLY release-log: ${{ steps.build-and-push-release.outcome }} @@ -88,7 +81,7 @@ jobs: deploy-image: name: upon release deploy image to dev environment, open PR to prod environment needs: build-and-push - runs-on: ${{ inputs.runner }} + runs-on: ubuntu-latest if: (needs.build-and-push.outputs.pr-log == 'success') # TESTS ONLY # if: (needs.build-and-push.outputs.release-log == 'success') # && (github.event_name == 'release') environment: prometheon-access From 17abb298193b39c7dbee6d55f15ea6db7468269a Mon Sep 17 00:00:00 2001 From: domilulu <162573224+domilulu@users.noreply.github.com> Date: Tue, 10 Mar 2026 15:42:07 +0100 Subject: [PATCH 06/17] add owner --- .github/workflows/publish-ecr.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/publish-ecr.yml b/.github/workflows/publish-ecr.yml index 80ca793..6e35ef1 100644 --- a/.github/workflows/publish-ecr.yml +++ b/.github/workflows/publish-ecr.yml @@ -94,10 +94,11 @@ jobs: # ---------------------------------------------------------- - name: Authenticate as GitHub App id: app-auth - uses: tibdex/github-app-token@v1 + uses: tibdex/github-app-token@v2 with: app_id: ${{ secrets.GH_APP_ID }} private_key: ${{ secrets.GH_APP_PRIVATE_KEY }} + owner: SFOE-Prometheon # ---------------------------------------------------------- # Checkout Terraform Repo using GitHub App Token @@ -173,4 +174,4 @@ jobs: # --title "Deploy backend version ${{ env.VERSION_TAG }} to prod" \ # --body "Automated deployment PR for backend version ${{ env.VERSION_TAG }}" # env: - # GITHUB_TOKEN: ${{ steps.app-auth.outputs.token }} \ No newline at end of file + # GITHUB_TOKEN: ${{ steps.app-auth.outputs.token }} From 2f1fffab040f9686124ff2efacb5930a19822eaf Mon Sep 17 00:00:00 2001 From: domilulu <162573224+domilulu@users.noreply.github.com> Date: Tue, 10 Mar 2026 15:47:56 +0100 Subject: [PATCH 07/17] use actions/create-token --- .github/workflows/publish-ecr.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish-ecr.yml b/.github/workflows/publish-ecr.yml index 6e35ef1..46a554d 100644 --- a/.github/workflows/publish-ecr.yml +++ b/.github/workflows/publish-ecr.yml @@ -94,7 +94,7 @@ jobs: # ---------------------------------------------------------- - name: Authenticate as GitHub App id: app-auth - uses: tibdex/github-app-token@v2 + uses: actions/create-github-app-token@v2 with: app_id: ${{ secrets.GH_APP_ID }} private_key: ${{ secrets.GH_APP_PRIVATE_KEY }} From 8d9d55117edc79952fc17fa4530b8d27473d77bd Mon Sep 17 00:00:00 2001 From: domilulu <162573224+domilulu@users.noreply.github.com> Date: Tue, 10 Mar 2026 15:50:00 +0100 Subject: [PATCH 08/17] syntax --- .github/workflows/publish-ecr.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/publish-ecr.yml b/.github/workflows/publish-ecr.yml index 46a554d..690bff2 100644 --- a/.github/workflows/publish-ecr.yml +++ b/.github/workflows/publish-ecr.yml @@ -96,8 +96,8 @@ jobs: id: app-auth uses: actions/create-github-app-token@v2 with: - app_id: ${{ secrets.GH_APP_ID }} - private_key: ${{ secrets.GH_APP_PRIVATE_KEY }} + app-id: ${{ secrets.GH_APP_ID }} + private-key: ${{ secrets.GH_APP_PRIVATE_KEY }} owner: SFOE-Prometheon # ---------------------------------------------------------- From 5f10aff6e3f41107cbfb3f297c06f9a82178e45a Mon Sep 17 00:00:00 2001 From: domilulu <162573224+domilulu@users.noreply.github.com> Date: Tue, 10 Mar 2026 15:54:22 +0100 Subject: [PATCH 09/17] default ref --- .github/workflows/publish-ecr.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/publish-ecr.yml b/.github/workflows/publish-ecr.yml index 690bff2..72255de 100644 --- a/.github/workflows/publish-ecr.yml +++ b/.github/workflows/publish-ecr.yml @@ -107,6 +107,7 @@ jobs: uses: actions/checkout@v4 with: repository: SFOE-prometheon/prometheon-drillcheck-${{ matrix.env.name }} + ref: main token: ${{ steps.app-auth.outputs.token }} path: tf-repo From 42b45a57460a6bf4f299aafdc43a04cbc95509f8 Mon Sep 17 00:00:00 2001 From: domilulu <162573224+domilulu@users.noreply.github.com> Date: Tue, 10 Mar 2026 16:15:12 +0100 Subject: [PATCH 10/17] use matrix for deployment --- .github/workflows/publish-ecr.yml | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/.github/workflows/publish-ecr.yml b/.github/workflows/publish-ecr.yml index 72255de..f381a42 100644 --- a/.github/workflows/publish-ecr.yml +++ b/.github/workflows/publish-ecr.yml @@ -78,8 +78,8 @@ jobs: docker push $ECR_REGISTRY/$ECR_REPOSITORY:$VERSION_TAG - deploy-image: - name: upon release deploy image to dev environment, open PR to prod environment + deploy-image: + name: Deploy image needs: build-and-push runs-on: ubuntu-latest if: (needs.build-and-push.outputs.pr-log == 'success') # TESTS ONLY @@ -87,6 +87,12 @@ jobs: environment: prometheon-access env: VERSION_TAG: ${{ github.event.release.tag_name }} + + strategy: + matrix: + env: + - name: dev + # - name: prod steps: # ---------------------------------------------------------- From 455d0c1831b221027ffec0c63936c651d0c5c4e5 Mon Sep 17 00:00:00 2001 From: domilulu <162573224+domilulu@users.noreply.github.com> Date: Tue, 10 Mar 2026 16:20:28 +0100 Subject: [PATCH 11/17] fix typo --- .github/workflows/publish-ecr.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish-ecr.yml b/.github/workflows/publish-ecr.yml index f381a42..f576c07 100644 --- a/.github/workflows/publish-ecr.yml +++ b/.github/workflows/publish-ecr.yml @@ -123,7 +123,7 @@ jobs: - name: Update version in Terraform repo run: | cd tf-repo - sed -i "s/backend_app_version = \".*\"/backend_app_version = \"${{ env.VERSION_TAG }}\"/" deploy.auto.tfvars + sed -i "s/backend_app_version = \".*\"/backend_app_version = \"${{ env.VERSION_TAG }}\"/" deploy.auto.tfvars.json # ---------------------------------------------------------- # Commit & Push/PR based on environment From bb595cf810f030715b56aa9b2bd04fba83f91869 Mon Sep 17 00:00:00 2001 From: domilulu <162573224+domilulu@users.noreply.github.com> Date: Tue, 10 Mar 2026 16:25:43 +0100 Subject: [PATCH 12/17] test tag --- .github/workflows/publish-ecr.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/publish-ecr.yml b/.github/workflows/publish-ecr.yml index f576c07..a77b1e7 100644 --- a/.github/workflows/publish-ecr.yml +++ b/.github/workflows/publish-ecr.yml @@ -86,7 +86,8 @@ jobs: # if: (needs.build-and-push.outputs.release-log == 'success') # && (github.event_name == 'release') environment: prometheon-access env: - VERSION_TAG: ${{ github.event.release.tag_name }} + VERSION_TAG: test #TESTS ONLY + # VERSION_TAG: ${{ github.event.release.tag_name }} strategy: matrix: @@ -134,7 +135,7 @@ jobs: git config user.name "GitHub Actions" git config user.email "noreply@github.com" git checkout -b deploy/backend-${{ env.VERSION_TAG }} - git add deploy.auto.tfvars + git add deploy.auto.tfvars.json git commit -m "Deploy backend version ${{ env.VERSION_TAG }}" From c88973721cf3655755ba895bce204c580d2e4daa Mon Sep 17 00:00:00 2001 From: domilulu <162573224+domilulu@users.noreply.github.com> Date: Wed, 11 Mar 2026 08:47:33 +0100 Subject: [PATCH 13/17] correct regex --- .github/workflows/publish-ecr.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish-ecr.yml b/.github/workflows/publish-ecr.yml index a77b1e7..7d3d322 100644 --- a/.github/workflows/publish-ecr.yml +++ b/.github/workflows/publish-ecr.yml @@ -124,7 +124,7 @@ jobs: - name: Update version in Terraform repo run: | cd tf-repo - sed -i "s/backend_app_version = \".*\"/backend_app_version = \"${{ env.VERSION_TAG }}\"/" deploy.auto.tfvars.json + sed -i "s/\"backend_app_version\": \".*\"/\"backend_app_version\": \"${{ env.VERSION_TAG }}\"/" deploy.auto.tfvars.json # ---------------------------------------------------------- # Commit & Push/PR based on environment From 0dc13474d36a49546fe6f576f5f847643f009331 Mon Sep 17 00:00:00 2001 From: domilulu Date: Thu, 12 Mar 2026 09:46:39 +0000 Subject: [PATCH 14/17] test direct deploy on dev --- .github/workflows/publish-ecr.yml | 32 +++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/.github/workflows/publish-ecr.yml b/.github/workflows/publish-ecr.yml index 7d3d322..a6c4ace 100644 --- a/.github/workflows/publish-ecr.yml +++ b/.github/workflows/publish-ecr.yml @@ -139,28 +139,28 @@ jobs: git commit -m "Deploy backend version ${{ env.VERSION_TAG }}" - # - name: Push to main (Dev environment) - # if: matrix.env.name == 'dev' - # run: | - # cd tf-repo - # git push origin deploy/backend-${{ env.VERSION_TAG }}:main - # git push origin --delete deploy/backend-${{ env.VERSION_TAG }} - # env: - # GITHUB_TOKEN: ${{ steps.app-auth.outputs.token }} - - - name: Create PR (DEV TEST environment) + - name: Push to main (Dev environment) if: matrix.env.name == 'dev' run: | cd tf-repo - git push origin deploy/backend-${{ env.VERSION_TAG }} - gh pr create \ - --base main \ - --head deploy/backend-${{ env.VERSION_TAG }} \ - --title "Deploy backend version ${{ env.VERSION_TAG }} to dev" \ - --body "Automated deployment PR for backend version ${{ env.VERSION_TAG }}" + git push origin deploy/backend-${{ env.VERSION_TAG }}:main + git push origin --delete deploy/backend-${{ env.VERSION_TAG }} env: GITHUB_TOKEN: ${{ steps.app-auth.outputs.token }} + # - name: Create PR (DEV TEST environment) + # if: matrix.env.name == 'dev' + # run: | + # cd tf-repo + # git push origin deploy/backend-${{ env.VERSION_TAG }} + # gh pr create \ + # --base main \ + # --head deploy/backend-${{ env.VERSION_TAG }} \ + # --title "Deploy backend version ${{ env.VERSION_TAG }} to dev" \ + # --body "Automated deployment PR for backend version ${{ env.VERSION_TAG }}" + # env: + # GITHUB_TOKEN: ${{ steps.app-auth.outputs.token }} + # - name: Push to main (Dev environment) # if: matrix.env.name == 'dev' From 303985179b0af64ea7d23e89a65b91767703c350 Mon Sep 17 00:00:00 2001 From: domilulu Date: Thu, 12 Mar 2026 09:54:27 +0000 Subject: [PATCH 15/17] uncomment --- .github/workflows/publish-ecr.yml | 61 ++++++++++--------------------- 1 file changed, 19 insertions(+), 42 deletions(-) diff --git a/.github/workflows/publish-ecr.yml b/.github/workflows/publish-ecr.yml index a6c4ace..e5bdd62 100644 --- a/.github/workflows/publish-ecr.yml +++ b/.github/workflows/publish-ecr.yml @@ -19,7 +19,6 @@ jobs: build-and-push: runs-on: ubuntu-latest outputs: - pr-log: ${{ steps.build-and-push-pr.outcome }} #TESTS ONLY release-log: ${{ steps.build-and-push-release.outcome }} environment: prometheon-access @@ -79,21 +78,19 @@ jobs: deploy-image: - name: Deploy image + name: deploy-image needs: build-and-push runs-on: ubuntu-latest - if: (needs.build-and-push.outputs.pr-log == 'success') # TESTS ONLY - # if: (needs.build-and-push.outputs.release-log == 'success') # && (github.event_name == 'release') + if: (needs.build-and-push.outputs.release-log == 'success') && (github.event_name == 'release') environment: prometheon-access env: - VERSION_TAG: test #TESTS ONLY - # VERSION_TAG: ${{ github.event.release.tag_name }} + VERSION_TAG: ${{ github.event.release.tag_name }} strategy: matrix: env: - name: dev - # - name: prod + - name: prod steps: # ---------------------------------------------------------- @@ -147,39 +144,19 @@ jobs: git push origin --delete deploy/backend-${{ env.VERSION_TAG }} env: GITHUB_TOKEN: ${{ steps.app-auth.outputs.token }} + - # - name: Create PR (DEV TEST environment) - # if: matrix.env.name == 'dev' - # run: | - # cd tf-repo - # git push origin deploy/backend-${{ env.VERSION_TAG }} - # gh pr create \ - # --base main \ - # --head deploy/backend-${{ env.VERSION_TAG }} \ - # --title "Deploy backend version ${{ env.VERSION_TAG }} to dev" \ - # --body "Automated deployment PR for backend version ${{ env.VERSION_TAG }}" - # env: - # GITHUB_TOKEN: ${{ steps.app-auth.outputs.token }} - - - # - name: Push to main (Dev environment) - # if: matrix.env.name == 'dev' - # run: | - # cd tf-repo - # git push origin deploy/backend-${{ env.VERSION_TAG }}:main - # git push origin --delete deploy/backend-${{ env.VERSION_TAG }} - # env: - # GITHUB_TOKEN: ${{ steps.app-auth.outputs.token }} - - # - name: Create PR (Prod environment) - # if: matrix.env.name == 'prod' - # run: | - # cd tf-repo - # git push origin deploy/backend-${{ env.VERSION_TAG }} - # gh pr create \ - # --base main \ - # --head deploy/backend-${{ env.VERSION_TAG }} \ - # --title "Deploy backend version ${{ env.VERSION_TAG }} to prod" \ - # --body "Automated deployment PR for backend version ${{ env.VERSION_TAG }}" - # env: - # GITHUB_TOKEN: ${{ steps.app-auth.outputs.token }} + - name: Create PR (Prod environment) + if: matrix.env.name == 'prod' + run: | + cd tf-repo + git push origin deploy/backend-${{ env.VERSION_TAG }} + gh pr create \ + --base main \ + --head deploy/backend-${{ env.VERSION_TAG }} \ + --title "Deploy backend version ${{ env.VERSION_TAG }} to prod" \ + --body "Automated deployment PR for backend version ${{ env.VERSION_TAG }}" + env: + GITHUB_TOKEN: ${{ steps.app-auth.outputs.token }} + + From 009039da014121472b7629c0818f85a1ee58a8f5 Mon Sep 17 00:00:00 2001 From: domilulu Date: Thu, 12 Mar 2026 10:00:15 +0000 Subject: [PATCH 16/17] comment code --- .github/workflows/publish-ecr.yml | 26 +++++++++++++++++++++++++- 1 file changed, 25 insertions(+), 1 deletion(-) diff --git a/.github/workflows/publish-ecr.yml b/.github/workflows/publish-ecr.yml index e5bdd62..44411da 100644 --- a/.github/workflows/publish-ecr.yml +++ b/.github/workflows/publish-ecr.yml @@ -16,12 +16,18 @@ permissions: pull-requests: write jobs: + # ---------------------------------------------------------- + # Build and push Docker image to ECR for PRs, main branch, and releases + # ---------------------------------------------------------- build-and-push: runs-on: ubuntu-latest outputs: release-log: ${{ steps.build-and-push-release.outcome }} environment: prometheon-access + # ---------------------------------------------------------- + # Matrix strategy to differentiate environments + # ---------------------------------------------------------- strategy: matrix: env: @@ -34,6 +40,9 @@ jobs: - name: Checkout code uses: actions/checkout@v4 + # ---------------------------------------------------------- + # Login to AWS ECR + # ---------------------------------------------------------- - name: Configure AWS credentials uses: aws-actions/configure-aws-credentials@v4 with: @@ -44,6 +53,9 @@ jobs: id: login-ecr uses: aws-actions/amazon-ecr-login@v2 + # ---------------------------------------------------------- + # Build and push (PR) + # ---------------------------------------------------------- - name: Build and push Docker image (PR) id: build-and-push-pr if: github.event_name == 'pull_request' && matrix.env.name == 'dev' @@ -55,6 +67,9 @@ jobs: docker build -f Dockerfile.lambda -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG . docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG + # ---------------------------------------------------------- + # Build and push (merge into main) + # ---------------------------------------------------------- - name: Build and push Docker image (Main branch) if: github.event_name == 'push' && github.ref == 'refs/heads/main' && matrix.env.name == 'dev' env: @@ -65,6 +80,9 @@ jobs: docker build -f Dockerfile.lambda -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG . docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG + # ---------------------------------------------------------- + # Build and push (release) + # ---------------------------------------------------------- - name: Build and push Docker image (Release) id: build-and-push-release if: github.event_name == 'release' @@ -77,6 +95,9 @@ jobs: docker push $ECR_REGISTRY/$ECR_REPOSITORY:$VERSION_TAG + # ---------------------------------------------------------- + # Automated deployment upon release + # ---------------------------------------------------------- deploy-image: name: deploy-image needs: build-and-push @@ -86,6 +107,9 @@ jobs: env: VERSION_TAG: ${{ github.event.release.tag_name }} + # ---------------------------------------------------------- + # Matrix strategy to differentiate environments + # ---------------------------------------------------------- strategy: matrix: env: @@ -144,7 +168,7 @@ jobs: git push origin --delete deploy/backend-${{ env.VERSION_TAG }} env: GITHUB_TOKEN: ${{ steps.app-auth.outputs.token }} - + - name: Create PR (Prod environment) if: matrix.env.name == 'prod' From 15c99fb9911abd03a2ac5c62a431acabf10c5210 Mon Sep 17 00:00:00 2001 From: domilulu <162573224+domilulu@users.noreply.github.com> Date: Thu, 12 Mar 2026 11:03:42 +0100 Subject: [PATCH 17/17] clean code --- .github/workflows/publish-ecr.yml | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/.github/workflows/publish-ecr.yml b/.github/workflows/publish-ecr.yml index 44411da..316ceef 100644 --- a/.github/workflows/publish-ecr.yml +++ b/.github/workflows/publish-ecr.yml @@ -7,8 +7,7 @@ on: types: [published] push: branches: - - main - + - main permissions: id-token: write @@ -158,8 +157,7 @@ jobs: git checkout -b deploy/backend-${{ env.VERSION_TAG }} git add deploy.auto.tfvars.json git commit -m "Deploy backend version ${{ env.VERSION_TAG }}" - - + - name: Push to main (Dev environment) if: matrix.env.name == 'dev' run: | @@ -169,7 +167,6 @@ jobs: env: GITHUB_TOKEN: ${{ steps.app-auth.outputs.token }} - - name: Create PR (Prod environment) if: matrix.env.name == 'prod' run: |