Cloud deployment in CI/CD

[ronmegini]

Description:

Deploy the entire prod environment in the cloud automatically in the cd part of the pipeline.

DOD:

• [ ] CD part include cloud deployment

[ronmegini]

Those aws services deployed manually right now:

• ECS (cluster, task definition, scheduled task)
• IAM (role that allow ECR pull & push, CloudWatch log group creation)
• ECR
• CloudWatch (insights and logging)

Currently this workflow build image, deploy to ecr and create a task definition:

name: AWS Image Build & Push & Deployment

on:
  push:
    branches: [ "main" ]
  pull_request:
    branches: [ "main" ]

env:
  AWS_REGION: us-east-1 
  ECR_REPOSITORY: usa-visa-bot
  ECS_CLUSTER: bot-network
  ECS_TASK_DEFINITION: ./aws/task-def.json
  CONTAINER_NAME: usa-visa-bot

permissions:
  contents: read

jobs:    
  deploy:
    name: Deploy
    runs-on: ubuntu-latest
    environment: production

    steps:
    - name: Checkout
      uses: actions/checkout@v3

    - name: Configure AWS credentials
      uses: aws-actions/configure-aws-credentials@v1
      with:
        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
        aws-region: ${{ env.AWS_REGION }}

    - name: Login to Amazon ECR
      id: login-ecr
      uses: aws-actions/amazon-ecr-login@v1
    - name: Build, tag, and push image to Amazon ECR
      id: build-image
      env:
        ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
        IMAGE_TAG: ${{ github.sha }}
      run: |
        # Build a docker container and
        # push it to ECR so that it can
        # be deployed to ECS.
        docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG -t $ECR_REGISTRY/$ECR_REPOSITORY:latest .
        docker push --all-tags $ECR_REGISTRY/$ECR_REPOSITORY
        echo "::set-output name=image::$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG"

    - name: Fill in the new image ID in the Amazon ECS task definition
      id: task-def
      uses: aws-actions/amazon-ecs-render-task-definition@v1
      with:
        task-definition: ${{ env.ECS_TASK_DEFINITION }}
        container-name: ${{ env.CONTAINER_NAME }}
        image: ${{ steps.build-image.outputs.image }}

    - name: Deploy Amazon ECS task definition
      uses: aws-actions/amazon-ecs-deploy-task-definition@v1
      with:
        task-definition: ${{ steps.task-def.outputs.task-definition }}
        cluster: ${{ env.ECS_CLUSTER }}
        wait-for-service-stability: true

In the next tasks I think that we need to create the task definition also automatically, and in the future apply all the "day 1" operations with the ci/cd as well.

[ronmegini]

Maybe the scheduled task should be deployed in another workflow because each one represent a customer, which created indecently then the development process.