Merge pull request #129 from toomio-official/fix/feed #46
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Application Build and Deployment Workflow | |
| on: | |
| push: | |
| branches: | |
| - main | |
| workflow_dispatch: | |
| jobs: | |
| build-and-deploy: | |
| runs-on: ubuntu-latest | |
| environment: development | |
| permissions: | |
| id-token: write | |
| contents: read | |
| steps: | |
| - name: Checkout the code | |
| uses: actions/checkout@v3 | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v3 | |
| with: | |
| role-to-assume: ${{ secrets.AWS_ROLE }} | |
| role-session-name: 'GitHub_to_AWS_via_FederatedOIDC' | |
| aws-region: 'us-east-1' | |
| - name: Run Unit Test | |
| run: | | |
| npm install | |
| npm run test | |
| - name: Build with Docker | |
| run: | | |
| docker build -t ${{ secrets.IMAGE_NAME }}:${{ github.sha }} . | |
| - name: Image Vulnerability Scan with Trivy | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: '${{ secrets.IMAGE_NAME }}:${{ github.sha }}' | |
| format: 'table' | |
| exit-code: '1' | |
| ignore-unfixed: true | |
| vuln-type: 'os,library' | |
| severity: 'CRITICAL' | |
| output: 'trivy-image-scan-results.txt' | |
| - name: Upload Trivy Image Scan Results Artifact | |
| if: always() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: trivy-image-scan-results | |
| path: trivy-image-scan-results.txt | |
| - name: Push the image to ECR | |
| run: | | |
| aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin ${{ secrets.IMAGE_NAME }} | |
| docker image push ${{ secrets.IMAGE_NAME }}:${{ github.sha }} | |
| - name: Download task definition | |
| run: | | |
| aws ecs describe-task-definition --task-definition toomio-backend --query taskDefinition > task-definition.json | |
| - name: Update the Amazon ECS task definition | |
| id: task-definition | |
| uses: aws-actions/amazon-ecs-render-task-definition@v1 | |
| with: | |
| task-definition: task-definition.json | |
| container-name: toomio-backend | |
| image: ${{ secrets.IMAGE_NAME }}:${{ github.sha }} | |
| environment-variables: | | |
| MONGODB_URI=${{ secrets.MONGODB_URI }} | |
| AWS_ACCESS_KEY_ID=${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY=${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| AWS_REGION=${{ secrets.AWS_REGION }} | |
| AWS_COGNITO_USER_POOL_ID=${{ secrets.AWS_COGNITO_USER_POOL_ID }} | |
| AWS_COGNITO_CLIENT_ID=${{ secrets.AWS_COGNITO_CLIENT_ID }} | |
| AWS_COGNITO_AUTHORITY=${{ secrets.AWS_COGNITO_AUTHORITY }} | |
| AWS_SQS_URL=${{ secrets.AWS_SQS_URL }} | |
| - name: Deploy Amazon ECS task definition | |
| uses: aws-actions/amazon-ecs-deploy-task-definition@v1 | |
| with: | |
| task-definition: ${{ steps.task-definition.outputs.task-definition }} | |
| service: toomio-backend | |
| cluster: toomio-backend | |
| wait-for-service-stability: true |