for data replication resources for sandbox-beta #162

Workflow file for this run

.github/workflows/data-replication-pipeline.yml at 82454dc

	name: Deploy Data Replication
	run-name: ${{ inputs.deployment_type }} for data replication resources for ${{ inputs.environment }}

	on:
	workflow_dispatch:
	inputs:
	environment:
	description: Deployment environment
	required: true
	type: choice
	options:
	- training
	- production
	- test
	- qa
	- sandbox-alpha
	- sandbox-beta
	image_tag:
	description: Docker image tag to deploy
	required: false
	type: string

	env:
	aws_role: ${{ inputs.environment == 'production'
	&& 'arn:aws:iam::820242920762:role/GithubDeployDataReplicationInfrastructure'
	\|\| 'arn:aws:iam::393416225559:role/GithubDeployDataReplicationInfrastructure' }}
	aws_account_id: ${{ inputs.environment == 'production' && '820242920762' \|\| '393416225559' }}

	concurrency:
	group: deploy-data-replica-${{ inputs.environment }}

	jobs:
	validate-inputs:
	runs-on: ubuntu-latest
	permissions: { }
	steps:
	- name: Validate inputs
	run: \|
	if [[ "${{ inputs.environment }}" == "preview" \|\| "${{ inputs.environment }}" == "production" ]]; then
	if [[ -z "${{ inputs.git_ref_to_deploy }}" ]]; then
	echo "Error: git_ref_to_deploy is required for preview and production environments."
	exit 1
	fi
	fi
	determine-git-sha:
	runs-on: ubuntu-latest
	permissions: { }
	needs: validate-inputs
	outputs:
	git-sha: ${{ steps.get-git-sha.outputs.git-sha }}
	steps:
	- name: Checkout code
	uses: actions/checkout@v5
	with:
	ref: ${{ inputs.git_ref_to_deploy \|\| github.sha }}
	- name: Get git sha
	id: get-git-sha
	run: echo "git-sha=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT
	build-and-push-image:
	permissions:
	id-token: write
	needs: determine-git-sha
	uses: ./.github/workflows/build-and-push-image.yml
	with:
	git-sha: ${{ needs.determine-git-sha.outputs.git-sha }}

	prepare-deployment:
	name: Prepare deployment
	runs-on: ubuntu-latest
	permissions:
	id-token: write
	steps:
	- name: Checkout code
	uses: actions/checkout@v5
	with:
	ref: ${{ inputs.git_sha_to_deploy \|\| github.sha }}
	- name: Configure AWS Credentials
	uses: aws-actions/configure-aws-credentials@v4
	with:
	role-to-assume: ${{ env.aws-role }}
	aws-region: eu-west-2
	- name: Setup python
	uses: actions/setup-python@v4
	with:
	python-version: 3.12.3
	cache: pip
	- name: Install Python dependencies
	run: python3 -m pip install -r script/requirements.txt
	- name: Get image digest
	id: get-image-digest
	run: \|
	digest=$(aws ecr describe-images \
	--repository-name mavis/webapp \
	--image-ids imageTag=${{ inputs.git_sha_to_deploy \|\| github.sha }} \
	--query 'imageDetails[0].imageDigest' \
	--output text)
	echo "digest=$digest" >> $GITHUB_OUTPUT
	- name: Parse environment variables
	id: parse-environment-variables
	run: \|
	parsed_env_vars=$(yq -r '.environments.${{ inputs.environment }} \| to_entries \| .[] \| .key + "=" + .value' config/container_variables.yml)
	{
	echo 'parsed_env_vars<<EOF'
	echo "$parsed_env_vars"
	echo "MAVIS__SPLUNK__ENABLED=false"
	echo "MAVIS__CIS2__ENABLED=false"
	echo "MAVIS__PDS__ENQUEUE_BULK_UPDATES=false"
	echo "MAVIS__PDS__RATE_LIMIT_PER_SECOND=${{ inputs.environment == 'production' && 50 \|\| 5 }}"
	echo 'EOF'
	} >> "$GITHUB_OUTPUT"
	- name: Populate web task definition
	id: create-task-definition
	uses: aws-actions/amazon-ecs-render-task-definition@v1
	with:
	task-definition-family: "mavis-data-replication-task-definition-${{ inputs.environment }}-template"
	container-name: "application"
	image: "${{ env.aws_account_id }}.dkr.ecr.eu-west-2.amazonaws.com/mavis/webapp@${{ steps.get-image-digest.outputs.digest }}"
	environment-variables: ${{ steps.parse-environment-variables.outputs.parsed_env_vars }}
	- name: Rename task definition file
	run: mv ${{ steps.create-task-definition.outputs.task-definition }} ${{ runner.temp }}/data-replication-task-definition.json
	- name: Upload artifact for data-replication task definition
	uses: actions/upload-artifact@v4
	with:
	name: ${{ inputs.environment }}-data-replication-task-definition
	path: ${{ runner.temp }}/data-replication-task-definition.json

	approve-deployments:
	name: Wait for approval if required
	runs-on: ubuntu-latest
	needs: prepare-deployment
	environment: ${{ inputs.environment }}
	steps:
	- run: echo "Proceeding with deployment to ${{ inputs.environment }} environment"

	deploy-data-replication:
	name: Deploy data-replication service
	runs-on: ubuntu-latest
	needs: [ prepare-deployment, approve-deployments ]
	permissions:
	id-token: write
	steps:
	- name: Configure AWS Credentials
	uses: aws-actions/configure-aws-credentials@v4
	with:
	role-to-assume: ${{ env.aws-role }}
	aws-region: eu-west-2
	- name: Download data-replication task definition artifact
	uses: actions/download-artifact@v5
	with:
	path: ${{ runner.temp }}
	name: ${{ inputs.environment }}-data-replication-task-definition
	- name: Change family of task definition
	run: \|
	file_path="${{ runner.temp }}/data-replication-task-definition.json"
	family_name="mavis-data-replication-task-definition-${{ inputs.environment }}"
	echo "$(jq --arg f "$family_name" '.family = $f' "$file_path")" > "$file_path"
	- name: Deploy data-replication service
	uses: aws-actions/amazon-ecs-deploy-task-definition@v2
	with:
	task-definition: ${{ runner.temp }}/data-replication-task-definition.json
	cluster: mavis-${{ inputs.environment }}-data-replication
	service: mavis-${{ inputs.environment }}-data-replication
	force-new-deployment: true
	wait-for-service-stability: true

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

for data replication resources for sandbox-beta #162

Workflow file

for data replication resources for sandbox-beta #162

Uh oh!

Jobs

Run details

Workflow file for this run