-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathaction.yml
More file actions
172 lines (163 loc) · 6.01 KB
/
action.yml
File metadata and controls
172 lines (163 loc) · 6.01 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
name: "EC2 Docker service deploy action"
description: "EC2 Docker service deploy and optional in-action security group ip whitelisting"
author: "bbharathkumarreddy@96@gmail.com"
branding:
icon: "package"
color: "blue"
inputs:
ssh-host:
description: "SSH hostname or ip address."
required: true
ssh-key:
description: "SSH key to connect to host machine."
required: false
ssh-port:
description: "SSH port to deploy the service."
default: 22
required: false
ssh-username:
description: "SSH username."
default: "ec2-user"
required: false
aws-access-key-id:
description: "AWS access key id."
required: false
aws-secret-access-key:
description: "AWS Secret access key."
required: false
aws-region:
description: "AWS region to deploy."
default: "us-east-1"
required: false
security-group-id:
description: "AWS security group id to whitelist github action's ip address temporarily."
required: false
ecr-image-uri:
description: "ECR Container image URI with tag."
required: true
docker-service:
description: "Docker service name."
default: "my-service"
required: false
replicas:
description: "Number of service replicas."
default: 1
required: false
docker-network:
description: "Docker network."
default: "ingress"
required: false
docker-published-port:
description: "Docker port to publish."
default: 80
required: false
docker-target-port:
description: "Docker target port of container."
default: 80
required: false
docker-opts:
description: "More docker options to create docker service. eg. --log-driver=awslogs --log-opt awslogs-group=my-logs --log-opt awslogs-region=us-east-1"
required: false
prune:
description: "On prune true, Will cleanup exitied containers and unused images."
default: true
required: false
restart-only:
description: "On restart-only true, Service will be force restarted with set replicas."
default: false
required: false
debug:
description: "Enable debug mode."
default: false
required: false
runs:
using: "composite"
steps:
- name: Get Github action IP
id: "ip"
if: ${{ inputs.security-group-id != '' }}
uses: haythem/public-ip@v1.2
- name: Configure AWS credentials
if: ${{ inputs.security-group-id != '' }}
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ inputs.aws-access-key-id }}
aws-secret-access-key: ${{ inputs.aws-secret-access-key }}
aws-region: ${{ inputs.aws-region }}
- name: Add Github Actions IP to Security group
shell: bash
if: ${{ inputs.security-group-id != '' }}
run: |
aws ec2 authorize-security-group-ingress --group-id ${{ inputs.security-group-id }} --protocol tcp --port ${{ inputs.ssh-port }} --cidr ${{ steps.ip.outputs.ipv4 }}/32
env:
AWS_ACCESS_KEY_ID: ${{ inputs.aws-access-key-id }}
AWS_SECRET_ACCESS_KEY: ${{ inputs.aws-secret-access-key }}
AWS_DEFAULT_REGION: ${{ inputs.aws-region }}
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
- name: EC2 Docker Service Deploy
if: ${{ inputs.restart-only != 'true' }}
uses: appleboy/ssh-action@v1.0.3
with:
host: ${{ inputs.ssh-host }}
username: ${{ inputs.ssh-username }}
key: ${{ inputs.ssh-key }}
debug: ${{ inputs.debug }}
script_stop: true
script: |
sudo docker login --username AWS -p $(aws ecr get-login-password --region ${{ inputs.aws-region }}) ${{ steps.login-ecr.outputs.registry }}
sudo docker pull ${{ inputs.ecr-image-uri }}
if sudo -S docker service inspect ${{ inputs.docker-service }} &> /dev/null; then
echo "Updating existing service."
sudo -S docker service update \
--force \
--replicas ${{ inputs.replicas }} \
${{ inputs.docker-service }}
else
echo "Creating new service."
sudo -S docker service create \
--name ${{ inputs.docker-service }} \
--replicas ${{ inputs.replicas }} \
--network ${{ inputs.docker-network }} \
--publish published=${{ inputs.docker-published-port }},target=${{ inputs.docker-target-port }} \
${{ inputs.docker-opts }} \
${{ inputs.ecr-image-uri }}
fi
- name: EC2 Docker Restart Service
if: ${{ inputs.restart-only == 'true' }}
uses: appleboy/ssh-action@v1.0.3
with:
host: ${{ inputs.ssh-host }}
username: ${{ inputs.ssh-username }}
key: ${{ inputs.ssh-key }}
debug: ${{ inputs.debug }}
script_stop: true
script: |
sudo docker login --username AWS -p $(aws ecr get-login-password --region ${{ inputs.aws-region }}) ${{ steps.login-ecr.outputs.registry }}
sudo docker pull ${{ inputs.ecr-image-uri }}
sudo -S docker service update \
--force \
--replicas ${{ inputs.replicas }} \
${{ inputs.docker-service }}
- name: EC2 Prune conatiner and images
if: ${{ inputs.prune == 'true' }}
uses: appleboy/ssh-action@v1.0.3
with:
host: ${{ inputs.ssh-host }}
username: ${{ inputs.ssh-username }}
key: ${{ inputs.ssh-key }}
debug: ${{ inputs.debug }}
script_stop: true
script: |
sudo -S docker container prune -f
sudo -S docker image prune -af
- name: Remove Github Actions IP from security group
shell: bash
if: ${{ inputs.security-group-id != '' }} && always()
run: |
aws ec2 revoke-security-group-ingress --group-id ${{ inputs.security-group-id }} --protocol tcp --port ${{ inputs.ssh-port }} --cidr ${{ steps.ip.outputs.ipv4 }}/32
env:
AWS_ACCESS_KEY_ID: ${{ inputs.aws-access-key-id }}
AWS_SECRET_ACCESS_KEY: ${{ inputs.aws-secret-access-key }}
AWS_DEFAULT_REGION: ${{ inputs.aws-region }}