This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI/CD Pipeline | |
| on: | |
| push: | |
| branches: | |
| - main | |
| paths-ignore: | |
| - 'manifests/**' | |
| # --- THIS IS THE VIP PASS --- | |
| # It gives this specific workflow the power to write back to your repo. | |
| permissions: | |
| id-token: write | |
| contents: write | |
| # -------------------------- | |
| jobs: | |
| build-and-deploy: | |
| name: Build, Push, and Update Manifest | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: ${{ secrets.AWS_IAM_ROLE_ARN }} | |
| aws-region: ap-south-1 | |
| - name: Login to Amazon ECR | |
| id: login-ecr | |
| uses: aws-actions/amazon-ecr-login@v2 | |
| - name: Build, tag, and push backend image | |
| id: build-backend | |
| env: | |
| ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
| ECR_REPOSITORY: app-backend | |
| IMAGE_TAG: ${{ github.sha }} | |
| run: | | |
| docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG ./app/backend | |
| docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG | |
| echo "image=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT | |
| - name: Build, tag, and push frontend image | |
| id: build-frontend | |
| env: | |
| ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
| ECR_REPOSITORY: app-frontend | |
| IMAGE_TAG: ${{ github.sha }} | |
| run: | | |
| docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG ./app/frontend | |
| docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG | |
| echo "image=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT | |
| - name: Update Kubernetes manifests | |
| run: | | |
| sudo wget https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 -O /usr/bin/yq && sudo chmod +x /usr/bin/yq | |
| yq -i '.spec.template.spec.containers[0].image = "${{ steps.build-backend.outputs.image }}"' manifests/02-backend.yaml | |
| yq -i '.spec.template.spec.containers[0].image = "${{ steps.build-frontend.outputs.image }}"' manifests/03-frontend.yaml | |
| - name: Commit and push manifest changes | |
| run: | | |
| git config --global user.name 'github-actions[bot]' | |
| git config --global user.email 'github-actions[bot]@users.noreply.github.com' | |
| git add manifests/ | |
| if git diff --staged --quiet; then | |
| echo "No manifest changes to commit." | |
| else | |
| git commit -m "ci: update image tags to ${{ github.sha }}" | |
| git pull --rebase | |
| git push | |
| fi |