jefrnc · January 25, 2022 17:58
diff --git a/action.yaml b/action.yaml
 name: Deplow AWS Sandbox

 on:
  push:
    branches: [ master ]
  pull_request:
    branches: [ master ]

 jobs:
  build:
    runs-on: self-hosted 

    steps:
    - uses: actions/checkout@v2

    - name: Get branch name
      id: vars
      run: echo ::set-output name=stage::${GITHUB_REF#refs/*/}

    - name: Set up JDK 11
      uses: actions/setup-java@v2
      with:
        java-version: '11'
        distribution: 'adopt'
        
    - name: Setup Gradle
      uses: gradle/gradle-build-action@v2

    #- name: Build with Maven
    #  run: mvn clean install --file pom.xml
      
    - name: Configure AWS credentials
      uses: aws-actions/configure-aws-credentials@v1
      with:
        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
        aws-region: us-east-2   

    - name: Login to Amazon ECR
      id: login-ecr
      uses: aws-actions/amazon-ecr-login@v1        
        
    - name: Execute Gradle build
      run: ./gradlew clean build #sonarqube

    - name: Build, tag, and push image to Amazon ECR
      id: build-image
      env:
        ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
        ECR_REPOSITORY: service
        #ECR_REPOSITORY: ${{ secrets.AWS_ECR_REPOSITORY }}-${{steps.vars.outputs.stage}}
        #AWS_REGION: ${{ secrets.AWS_REGION }}
        IMAGE_TAG: ${{ github.sha }}
      run: |
        docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
        docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG        
        echo "::set-output name=image::$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG"

 
    - name: Download task definition
      run: |
        aws ecs describe-task-definition --task-definition pocservice-taskdefinition --query taskDefinition > task-definition.json        

    - name: Fill in the new image ID in the Amazon ECS task definition
      id: task-def
      uses: aws-actions/amazon-ecs-render-task-definition@v1
      with:
        task-definition: task-definition.json
        container-name: pocservice-taskdefinition #container-name
        image: ${{ steps.build-image.outputs.image }}         

    - name: Deploy Amazon ECS task definition
      uses: aws-actions/amazon-ecs-deploy-task-definition@v1
      with:
        task-definition: ${{ steps.task-def.outputs.task-definition }}
        service: pocservice
        cluster: ecs-cluster #config 
        wait-for-service-stability: true        
diff --git a/IAM Policy.json b/IAM Policy.json
 {
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "GetAuthorizationToken",
            "Effect": "Allow",
            "Action": [
                "ecr:GetAuthorizationToken"
            ],
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "ecr:GetDownloadUrlForLayer",
                "ecr:BatchGetImage",
                "ecr:BatchCheckLayerAvailability",
                "ecr:PutImage",
                "ecr:InitiateLayerUpload",
                "ecr:UploadLayerPart",
                "ecr:CompleteLayerUpload"
            ],
            "Resource": [
                "*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "iam:PassRole",
                "ecs:DescribeTaskDefinition",
                "ecs:DescribeServices",
                "ecs:UpdateService",
                "ecs:RegisterTaskDefinition"
            ],
            "Resource": [
                "*"
            ]
        }
    ]
 }
	name: Deplow AWS Sandbox

	on:
	push:
	branches: [ master ]
	pull_request:
	branches: [ master ]

	jobs:
	build:
	runs-on: self-hosted

	steps:
	- uses: actions/checkout@v2

	- name: Get branch name
	id: vars
	run: echo ::set-output name=stage::${GITHUB_REF#refs/*/}

	- name: Set up JDK 11
	uses: actions/setup-java@v2
	with:
	java-version: '11'
	distribution: 'adopt'

	- name: Setup Gradle
	uses: gradle/gradle-build-action@v2

	#- name: Build with Maven
	# run: mvn clean install --file pom.xml

	- name: Configure AWS credentials
	uses: aws-actions/configure-aws-credentials@v1
	with:
	aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
	aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
	aws-region: us-east-2

	- name: Login to Amazon ECR
	id: login-ecr
	uses: aws-actions/amazon-ecr-login@v1

	- name: Execute Gradle build
	run: ./gradlew clean build #sonarqube

	- name: Build, tag, and push image to Amazon ECR
	id: build-image
	env:
	ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
	ECR_REPOSITORY: service
	#ECR_REPOSITORY: ${{ secrets.AWS_ECR_REPOSITORY }}-${{steps.vars.outputs.stage}}
	#AWS_REGION: ${{ secrets.AWS_REGION }}
	IMAGE_TAG: ${{ github.sha }}
	run: \|
	docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
	docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
	echo "::set-output name=image::$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG"


	- name: Download task definition
	run: \|
	aws ecs describe-task-definition --task-definition pocservice-taskdefinition --query taskDefinition > task-definition.json

	- name: Fill in the new image ID in the Amazon ECS task definition
	id: task-def
	uses: aws-actions/amazon-ecs-render-task-definition@v1
	with:
	task-definition: task-definition.json
	container-name: pocservice-taskdefinition #container-name
	image: ${{ steps.build-image.outputs.image }}

	- name: Deploy Amazon ECS task definition
	uses: aws-actions/amazon-ecs-deploy-task-definition@v1
	with:
	task-definition: ${{ steps.task-def.outputs.task-definition }}
	service: pocservice
	cluster: ecs-cluster #config
	wait-for-service-stability: true
	{
	"Version": "2012-10-17",
	"Statement": [
	{
	"Sid": "GetAuthorizationToken",
	"Effect": "Allow",
	"Action": [
	"ecr:GetAuthorizationToken"
	],
	"Resource": "*"
	},
	{
	"Effect": "Allow",
	"Action": [
	"ecr:GetDownloadUrlForLayer",
	"ecr:BatchGetImage",
	"ecr:BatchCheckLayerAvailability",
	"ecr:PutImage",
	"ecr:InitiateLayerUpload",
	"ecr:UploadLayerPart",
	"ecr:CompleteLayerUpload"
	],
	"Resource": [
	"*"
	]
	},
	{
	"Effect": "Allow",
	"Action": [
	"iam:PassRole",
	"ecs:DescribeTaskDefinition",
	"ecs:DescribeServices",
	"ecs:UpdateService",
	"ecs:RegisterTaskDefinition"
	],
	"Resource": [
	"*"
	]
	}
	]
	}