Skip to content

feat: deploy upon release #153

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
domilulu merged 17 commits into from
Mar 12, 2026
Merged

feat: deploy upon release #153

Changes from all commits
Commits
Show all changes
17 commits
Select commit Hold shift + click to select a range
dd5a962
test deployment on dev
Mar 9, 2026
6c532b7
update var name
Mar 9, 2026
6e7ca79
correct logs
Mar 9, 2026
0814e51
parametrize runner
Mar 9, 2026
86dc7fb
plain text
Mar 9, 2026
17abb29
add owner
domilulu Mar 10, 2026
2f1fffa
use actions/create-token
domilulu Mar 10, 2026
8d9d551
syntax
domilulu Mar 10, 2026
5f10aff
default ref
domilulu Mar 10, 2026
42b45a5
use matrix for deployment
domilulu Mar 10, 2026
455d0c1
fix typo
domilulu Mar 10, 2026
bb595cf
test tag
domilulu Mar 10, 2026
c889737
correct regex
domilulu Mar 11, 2026
0dc1347
test direct deploy on dev
Mar 12, 2026
3039851
uncomment
Mar 12, 2026
009039d
comment code
Mar 12, 2026
15c99fb
clean code
domilulu Mar 12, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
116 changes: 114 additions & 2 deletions .github/workflows/publish-ecr.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
name: Publish Docker Image to AWS ECR
name: Publish Docker Image to AWS ECR, Deploy on Release

on:
pull_request:
Expand All @@ -7,17 +7,26 @@ on:
types: [published]
push:
branches:
- main
- main

permissions:
id-token: write
contents: read
pull-requests: write

jobs:
# ----------------------------------------------------------
# Build and push Docker image to ECR for PRs, main branch, and releases
# ----------------------------------------------------------
build-and-push:
runs-on: ubuntu-latest
outputs:
release-log: ${{ steps.build-and-push-release.outcome }}
environment: prometheon-access

# ----------------------------------------------------------
# Matrix strategy to differentiate environments
# ----------------------------------------------------------
strategy:
matrix:
env:
Expand All @@ -30,6 +39,9 @@ jobs:
- name: Checkout code
uses: actions/checkout@v4

# ----------------------------------------------------------
# Login to AWS ECR
# ----------------------------------------------------------
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
Expand All @@ -40,7 +52,11 @@ jobs:
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2

# ----------------------------------------------------------
# Build and push (PR)
# ----------------------------------------------------------
- name: Build and push Docker image (PR)
id: build-and-push-pr
if: github.event_name == 'pull_request' && matrix.env.name == 'dev'
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
Expand All @@ -50,6 +66,9 @@ jobs:
docker build -f Dockerfile.lambda -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG

# ----------------------------------------------------------
# Build and push (merge into main)
# ----------------------------------------------------------
- name: Build and push Docker image (Main branch)
if: github.event_name == 'push' && github.ref == 'refs/heads/main' && matrix.env.name == 'dev'
env:
Expand All @@ -60,7 +79,11 @@ jobs:
docker build -f Dockerfile.lambda -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG

# ----------------------------------------------------------
# Build and push (release)
# ----------------------------------------------------------
- name: Build and push Docker image (Release)
id: build-and-push-release
if: github.event_name == 'release'
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
Expand All @@ -69,3 +92,92 @@ jobs:
run: |
docker build -f Dockerfile.lambda -t $ECR_REGISTRY/$ECR_REPOSITORY:$VERSION_TAG .
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$VERSION_TAG


# ----------------------------------------------------------
# Automated deployment upon release
# ----------------------------------------------------------
deploy-image:
name: deploy-image
needs: build-and-push
runs-on: ubuntu-latest
if: (needs.build-and-push.outputs.release-log == 'success') && (github.event_name == 'release')
environment: prometheon-access
env:
VERSION_TAG: ${{ github.event.release.tag_name }}

# ----------------------------------------------------------
# Matrix strategy to differentiate environments
# ----------------------------------------------------------
strategy:
matrix:
env:
- name: dev
- name: prod

steps:
# ----------------------------------------------------------
# Authenticate as GitHub App
# ----------------------------------------------------------
- name: Authenticate as GitHub App
id: app-auth
uses: actions/create-github-app-token@v2
with:
app-id: ${{ secrets.GH_APP_ID }}
private-key: ${{ secrets.GH_APP_PRIVATE_KEY }}
owner: SFOE-Prometheon

# ----------------------------------------------------------
# Checkout Terraform Repo using GitHub App Token
# ----------------------------------------------------------
- name: Clone Terraform Repo
uses: actions/checkout@v4
with:
repository: SFOE-prometheon/prometheon-drillcheck-${{ matrix.env.name }}
ref: main
token: ${{ steps.app-auth.outputs.token }}
path: tf-repo

# ----------------------------------------------------------
# Update Version
# ----------------------------------------------------------
- name: Update version in Terraform repo
run: |
cd tf-repo
sed -i "s/\"backend_app_version\": \".*\"/\"backend_app_version\": \"${{ env.VERSION_TAG }}\"/" deploy.auto.tfvars.json

# ----------------------------------------------------------
# Commit & Push/PR based on environment
# ----------------------------------------------------------
- name: Create branch and commit changes
run: |
cd tf-repo
git config user.name "GitHub Actions"
git config user.email "noreply@github.com"
git checkout -b deploy/backend-${{ env.VERSION_TAG }}
git add deploy.auto.tfvars.json
git commit -m "Deploy backend version ${{ env.VERSION_TAG }}"

- name: Push to main (Dev environment)
if: matrix.env.name == 'dev'
run: |
cd tf-repo
git push origin deploy/backend-${{ env.VERSION_TAG }}:main
git push origin --delete deploy/backend-${{ env.VERSION_TAG }}
env:
GITHUB_TOKEN: ${{ steps.app-auth.outputs.token }}

- name: Create PR (Prod environment)
if: matrix.env.name == 'prod'
run: |
cd tf-repo
git push origin deploy/backend-${{ env.VERSION_TAG }}
gh pr create \
--base main \
--head deploy/backend-${{ env.VERSION_TAG }} \
--title "Deploy backend version ${{ env.VERSION_TAG }} to prod" \
--body "Automated deployment PR for backend version ${{ env.VERSION_TAG }}"
env:
GITHUB_TOKEN: ${{ steps.app-auth.outputs.token }}


Loading