Blue green deploy

.github/actions/build_image/action.yml

@@ -8,6 +8,9 @@ inputs:
   aws_region:
     description: 'ECR aws region'
     required: true
+  ecr_repository_name:
+    description: 'ECR repo name'
+    required: true
 
 runs:
   using: 'composite'
@@ -20,10 +23,10 @@ runs:
             - 'src/**'
 
     - name: Check if ECR repository is empty
-      id: should_build
+      id: check_should_build
       shell: bash
       run: |
-        IMAGE_COUNT=$(aws ecr describe-images --repository-name ${{ github.event.repository.name }} --region ${{ inputs.aws_region }} --query 'imageDetails | length(@)' --output text)
+        IMAGE_COUNT=$(aws ecr describe-images --repository-name ${{ inputs.ecr_repository_name }} --region ${{ inputs.aws_region }} --query 'imageDetails | length(@)' --output text)
         echo Image count: "$IMAGE_COUNT"
         if [[ "${{ steps.changes.outputs.src }}" == "true" || "$IMAGE_COUNT" -eq 0 ]]; then
           echo "Either src changed or ECR is empty"
@@ -43,19 +46,32 @@ runs:
       name: Set variables
       shell: bash
       run: |
-        echo "LOCAL_IMAGE=${{ github.event.repository.name }}:local" >> $GITHUB_ENV
+        echo "LOCAL_IMAGE=${{ inputs.ecr_repository_name }}:local" >> $GITHUB_ENV
         echo "IMAGE_TAG=$(echo $GITHUB_SHA | cut -c 1-6)" >> $GITHUB_ENV
 
     - if: env.SHOULD_BUILD == 'true'
       name: Build Docker Image
       shell: bash
       run: |
         docker build . -t $LOCAL_IMAGE
-        docker tag $LOCAL_IMAGE ${{ inputs.aws_account_id }}.dkr.ecr.${{ inputs.aws_region }}.amazonaws.com/${{ github.event.repository.name }}:$IMAGE_TAG
+        docker tag $LOCAL_IMAGE ${{ inputs.aws_account_id }}.dkr.ecr.${{ inputs.aws_region }}.amazonaws.com/${{ inputs.ecr_repository_name }}:$IMAGE_TAG
 
     - if: env.SHOULD_BUILD == 'true'
       name: Push Docker Image to ECR
       shell: bash
       run: |
-        aws ecr get-login-password --region ${{ env.aws_region }} | docker login --username AWS --password-stdin ${{ inputs.AWS_ACCOUNT_ID }}.dkr.ecr.${{ inputs.aws_region }}.amazonaws.com
-        docker push ${{ inputs.aws_account_id }}.dkr.ecr.${{ inputs.aws_region }}.amazonaws.com/${{ github.event.repository.name }}:$IMAGE_TAG
+        aws ecr get-login-password --region ${{ inputs.aws_region }} | docker login --username AWS --password-stdin ${{ inputs.aws_account_id }}.dkr.ecr.${{ inputs.aws_region }}.amazonaws.com
+        docker push ${{ inputs.aws_account_id }}.dkr.ecr.${{ inputs.aws_region }}.amazonaws.com/${{ inputs.ecr_repository_name }}:$IMAGE_TAG
+        IMAGE_URI="${{ inputs.aws_account_id }}.dkr.ecr.${{ inputs.aws_region }}.amazonaws.com/${{ inputs.ecr_repository_name }}:$IMAGE_TAG"
+        echo "IMAGE_URI=$IMAGE_URI" >> $GITHUB_ENV
+        echo Image:$IMAGE_URI
+
+    - if: env.SHOULD_BUILD != 'true'
+      name: Get Latest ECR Image Tag
+      shell: bash
+      run: |
+        LATEST_TAG=$(aws ecr describe-images --repository-name ${{ inputs.ecr_repository_name }} \
+                    --region ${{ inputs.aws_region }} --query 'sort_by(imageDetails,& imagePushedAt)[-1].imageTags[0]' --output text)
+        IMAGE_URI="${{ inputs.aws_account_id }}.dkr.ecr.${{ inputs.aws_region }}.amazonaws.com/${{ inputs.ecr_repository_name }}:$LATEST_TAG"
+        echo "$IMAGE_TAG=$LATEST_TAG" >> $GITHUB_ENV
+        echo "IMAGE_URI=$IMAGE_URI" >> $GITHUB_ENV

.github/actions/check_svc/action.yml

@@ -0,0 +1,64 @@
+name: Check ECS Service
+description: Check if an ECS cluster and service exist
+inputs:
+  aws_region:
+    description: 'AWS Region'
+    required: true
+  aws_role:
+    description: 'AWS Role to assume'
+    required: true
+  tfvars_file:
+    description: 'Path to the tfvars file'
+    required: true
+
+runs:
+  using: "composite"
+  steps:
+    - name: Configure AWS Credentials
+      uses: aws-actions/configure-aws-credentials@v4
+      with:
+        aws-region: ${{ inputs.aws_region }}
+        role-to-assume: arn:aws:iam::${{ inputs.aws_role }}
+        role-session-name: GitHubActions
+
+    - name: Read project_name from tfvars file
+      id: read-project-name
+      shell: bash
+      run: |
+        # Extract project_name from tfvars file
+        PROJECT_NAME=$(grep 'project_name' "${{ inputs.tfvars_file }}" | sed 's/.*= "\(.*\)"/\1/')
+        echo "Extracted Project Name: $PROJECT_NAME"
+        echo "PROJECT_NAME=$PROJECT_NAME" >> $GITHUB_ENV
+
+    - name: Check if ECS cluster and service exist
+      id: check-cluster-and-service-exists
+      shell: bash
+      run: |
+        # Check if the ECS cluster exists and is ACTIVE
+        CLUSTER_STATUS=$(aws ecs describe-clusters \
+          --clusters ${{ env.PROJECT_NAME }} \
+          --region ${{ inputs.aws_region }} \
+          --query 'clusters[0].status' \
+          --output text 2>/dev/null || echo "NOT_FOUND")
+
+        echo "Cluster status: $CLUSTER_STATUS"
+
+        if [ "$CLUSTER_STATUS" != "ACTIVE" ]; then
+          # If cluster is not ACTIVE, set service existence to false
+          echo "SERVICE_EXISTS=false" >> $GITHUB_ENV
+        else
+          # If the cluster is active, check if the service exists
+          SERVICE_STATUS=$(aws ecs describe-services \
+            --cluster ${{ env.PROJECT_NAME }} \
+            --services ${{ env.PROJECT_NAME }} \
+            --query 'services[0].status' \
+            --region ${{ inputs.aws_region }} \
+            --output text 2>/dev/null || echo "NOT_FOUND")
+
+          if [ "$SERVICE_STATUS" == "NOT_FOUND" ]; then
+            echo "SERVICE_EXISTS=false" >> $GITHUB_ENV
+          else
+            echo "SERVICE_EXISTS=true" >> $GITHUB_ENV
+          fi
+        fi
+

.github/workflows/build.yml

@@ -0,0 +1,98 @@
+name: Build
+
+on:
+  workflow_call:
+    inputs:
+      aws_account_id:
+        required: true
+        type: string
+      aws_region:
+        required: true
+        type: string
+      aws_role:
+        required: true
+        type: string
+    outputs:
+      task_definition_arn:
+        description: "The ARN of the deployed task definition"
+        value: ${{ jobs.task.outputs.task_definition_arn }}
+      task_definition_revision:
+        description: "The revision of the deployed task definition"
+        value: ${{ jobs.task.outputs.task_definition_revision }}
+      image_uri:
+        value: ${{ jobs.image.outputs.image_uri }}
+      app_specs_bucket:
+        value: ${{ jobs.task.outputs.app_specs_bucket }}
+
+permissions:
+  id-token: write
+  contents: read
+
+jobs:
+  image:
+    runs-on: ubuntu-latest
+    outputs:
+      image_uri: ${{ steps.set-image-uri.outputs.image_uri }}
+    steps:
+      - uses: actions/checkout@v4
+      - uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-region: ${{ inputs.aws_region }}
+          role-to-assume: arn:aws:iam::${{ inputs.aws_account_id }}:role/${{ inputs.aws_role }}
+          role-session-name: GitHubActions
+
+      - name: Build and push detected changes
+        id: build-image
+        uses: ./.github/actions/build_image
+        with:
+          aws_account_id: ${{ inputs.aws_account_id }}
+          aws_region: ${{ inputs.aws_region }}
+          ecr_repository_name: ${{ github.event.repository.name }}
+
+      - name: Set image_uri output
+        id: set-image-uri
+        run: |
+          echo "image_uri=${{ env.IMAGE_URI }}" >> $GITHUB_OUTPUT
+
+  task:
+    needs: image
+    runs-on: ubuntu-latest
+    env:
+      TF_VAR_image_uri: ${{ needs.image.outputs.image_uri }}
+      TF_VAR_ecr_repository_name: ${{ github.event.repository.name }}
+    outputs:
+      task_definition_arn: ${{ steps.set-envs.outputs.TASK_DEFINITION_ARN }}
+      task_definition_revision: ${{ steps.set-envs.outputs.TASK_DEFINITION_REVISION }}
+      app_specs_bucket: ${{ steps.set-envs.outputs.APP_SPECS_BUCKET }}
+    steps:
+      - uses: actions/checkout@v4
+      - uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-region: ${{ inputs.aws_region }}
+          role-to-assume: arn:aws:iam::${{ inputs.aws_account_id }}:role/${{ inputs.aws_role }}
+          role-session-name: GitHubActions
+
+      - name: Init
+        shell: bash
+        run: |
+          cd tf/task
+          terraform init
+
+      - name: Deploy
+        shell: bash
+        id: deploy
+        run: |
+          cd tf/task
+          terraform apply -auto-approve -var-file=${{ github.workspace }}/tf/variables.tfvars
+
+      - name: Set env vars
+        id: set-envs
+        shell: bash
+        run: |
+          cd tf/task
+          TASK_DEFINITION_ARN=$(terraform output -raw task_definition_arn)
+          TASK_DEFINITION_REVISION=$(terraform output -raw task_definition_revision)
+          APP_SPECS_BUCKET=$(terraform output -raw app_specs_bucket)
+          echo "TASK_DEFINITION_ARN=$TASK_DEFINITION_ARN" >> $GITHUB_OUTPUT
+          echo "TASK_DEFINITION_REVISION=$TASK_DEFINITION_REVISION" >> $GITHUB_OUTPUT
+          echo "APP_SPECS_BUCKET=$APP_SPECS_BUCKET" >> $GITHUB_OUTPUT