ECSにGitHubActionsでデプロイ
GitHub Actions Marketplace に色々公開されているのでそれを使う
ebiken.iconこれめっちゃ便利
masterブランチへのマージがprod環境、dev/*タグのpushがdevelopment環境へのデプロイになるようにしている
秘匿値はGitHubリポジトリのsecretsに保存
code:.github/workflows/deploy.yml
name: deploy
on:
push:
branches:
- master
tags:
- dev/*
jobs:
deploy:
name: Deploy to ECS
runs-on: ubuntu-18.04
defaults:
run:
working-directory: ./app # ここはアプリのフォルダ構成による
steps:
- uses: actions/checkout@v2
- name: install aws cli
uses: chrislennon/action-aws-cli@v1.1
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.AWS_REGION }}
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1
- name: build docker image
run: |
docker build \
--rm \
-t ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ secrets.AWS_REGION }}.amazonaws.com/${{ (github.ref == 'master' && secrets.AWS_ECR_REPOSITORY_PRODUCTION) || (true && secrets.AWS_ECR_REPOSITORY_DEVELOPMENT) }}:${{ github.sha }} \
-t ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ secrets.AWS_REGION }}.amazonaws.com/${{ (github.ref == 'master' && secrets.AWS_ECR_REPOSITORY_PRODUCTION) || (true && secrets.AWS_ECR_REPOSITORY_DEVELOPMENT) }}:latest \
.
- name: push docker image
run: |
docker push \
${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ secrets.AWS_REGION }}.amazonaws.com/${{ (github.ref == 'master' && secrets.AWS_ECR_REPOSITORY_PRODUCTION) || (true && secrets.AWS_ECR_REPOSITORY_DEVELOPMENT) }}:${{ github.sha }}
- name: push docker image
run: |
docker push \
${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ secrets.AWS_REGION }}.amazonaws.com/${{ (github.ref == 'master' && secrets.AWS_ECR_REPOSITORY_PRODUCTION) || (true && secrets.AWS_ECR_REPOSITORY_DEVELOPMENT) }}:latest
- uses: silinternational/ecs-deploy@master
with:
aws_access_key_cmd: '--aws-access-key'
aws_access_key: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws_secret_key_cmd: '--aws-secret-key'
aws_secret_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
cluster_cmd: '--cluster'
cluster: ${{ (github.ref == 'master' && secrets.AWS_ECS_CLUSTER_PRODUCTION) || (true && secrets.AWS_ECS_CLUSTER_DEVELOPMENT) }}
image_cmd: '--image'
image: ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ secrets.AWS_REGION }}.amazonaws.com/${{ (github.ref == 'master' && secrets.AWS_ECR_REPOSITORY_PRODUCTION) || (true && secrets.AWS_ECR_REPOSITORY_DEVELOPMENT) }}:${{ github.sha }}
region_cmd: '--region'
region: ${{ secrets.AWS_REGION }}
service_name_cmd: '--service-name'
service_name: ${{ (github.ref == 'master' && secrets.AWS_ECS_SERVICE_PRODUCTION) || (true && secrets.AWS_ECS_SERVICE_DEVELOPMENT) }}
timeout_cmd: '--timeout'
timeout: '360'
- name: run ecs task for migration # デプロイ時に実行するタスク
run: |
aws ecs run-task \
--region ${{ secrets.AWS_REGION }} \
--cluster ${{ (github.ref == 'master' && secrets.AWS_ECS_CLUSTER_PRODUCTION) || (true && secrets.AWS_ECS_CLUSTER_DEVELOPMENT) }} \
--launch-type FARGATE \
--task-definition ${{ (github.ref == 'master' && secrets.AWS_ECS_TASK_DEF_PRODUCTION) || (true && secrets.AWS_ECS_TASK_DEF_DEVELOPMENT) }} \
--overrides file://migration_ecs_task.json \
migrationの実行等、デプロイ時に実行するタスクの設定ファイル
code:app/migration_ecs_task.json
{
"containerOverrides": [
{
"name": "app", # ここは適宜コンテナの名前に変える
"command": [
"sh",
"-c",
"./migrate --source file://migrations --database mysql://$DB_USER:$DB_PASSWORD@tcp\\($DB_HOST:$DB_PORT\\)/$DB_NAME up" # 今回はmigrateを使ってmigrationを実行する
]
}
]
}