Deploy to CloudFormation #7
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy to CloudFormation | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| image_uri: | |
| description: 'Full ECR image URI to deploy (e.g. 123456789.dkr.ecr.us-east-2.amazonaws.com/ga4gh-impl-registry:0.1.0)' | |
| required: true | |
| type: string | |
| env: | |
| AWS_REGION: us-east-2 | |
| STACK_NAME: ga4gh-impl-registry | |
| jobs: | |
| deploy-production: | |
| runs-on: ubuntu-latest | |
| environment: | |
| name: production | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Validate image URI input | |
| run: | | |
| IMAGE_URI="${{ github.event.inputs.image_uri }}" | |
| echo "Deploying image: ${IMAGE_URI}" | |
| if [ -z "${IMAGE_URI}" ]; then | |
| echo "ERROR: image_uri input is empty" | |
| exit 1 | |
| fi | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v2 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: ${{ env.AWS_REGION }} | |
| - name: Deploy CloudFormation stack | |
| run: | | |
| IMAGE_URI="${{ github.event.inputs.image_uri }}" | |
| echo "Deploying stack ${{ env.STACK_NAME }} with image: ${IMAGE_URI}" | |
| aws cloudformation deploy \ | |
| --template-file ./infra/cloudformation-template.yaml \ | |
| --stack-name ${{ env.STACK_NAME }} \ | |
| --parameter-overrides \ | |
| Environment=production \ | |
| ImageUri=${IMAGE_URI} \ | |
| DatabasePassword=${{ secrets.DB_PASSWORD }} \ | |
| --capabilities CAPABILITY_IAM CAPABILITY_NAMED_IAM \ | |
| --no-fail-on-empty-changeset | |
| - name: Wait for stack deployment | |
| run: | | |
| aws cloudformation wait stack-create-complete \ | |
| --stack-name ${{ env.STACK_NAME }} 2>/dev/null || \ | |
| aws cloudformation wait stack-update-complete \ | |
| --stack-name ${{ env.STACK_NAME }} | |
| - name: Print CloudFormation failure events | |
| if: failure() | |
| run: | | |
| aws cloudformation describe-stack-events \ | |
| --stack-name ${{ env.STACK_NAME }} \ | |
| --query 'StackEvents[?ResourceStatus==`CREATE_FAILED` || ResourceStatus==`UPDATE_FAILED`].[Timestamp,ResourceType,LogicalResourceId,ResourceStatusReason]' \ | |
| --output table | |
| - name: Get stack outputs | |
| run: | | |
| aws cloudformation describe-stacks \ | |
| --stack-name ${{ env.STACK_NAME }} \ | |
| --query 'Stacks[0].Outputs' \ | |
| --output table | |
| - name: Post deployment summary | |
| run: | | |
| APP_URL=$(aws cloudformation describe-stacks \ | |
| --stack-name ${{ env.STACK_NAME }} \ | |
| --query "Stacks[0].Outputs[?OutputKey=='ApplicationURL'].OutputValue" \ | |
| --output text) | |
| echo "## Production Deployment Successful" >> $GITHUB_STEP_SUMMARY | |
| echo "| Key | Value |" >> $GITHUB_STEP_SUMMARY | |
| echo "| --- | ----- |" >> $GITHUB_STEP_SUMMARY | |
| echo "| Stack | ${{ env.STACK_NAME }} |" >> $GITHUB_STEP_SUMMARY | |
| echo "| Region | ${{ env.AWS_REGION }} |" >> $GITHUB_STEP_SUMMARY | |
| echo "| Image | ${{ github.event.inputs.image_uri }} |" >> $GITHUB_STEP_SUMMARY | |
| echo "| App URL | $APP_URL |" >> $GITHUB_STEP_SUMMARY | |
| notify: | |
| needs: deploy-production | |
| runs-on: ubuntu-latest | |
| if: always() | |
| steps: | |
| - name: Check deployment status | |
| run: | | |
| if [ "${{ needs.deploy-production.result }}" == "success" ]; then | |
| echo "✅ Deployment successful!" | |
| exit 0 | |
| else | |
| echo "❌ Deployment failed!" | |
| exit 1 | |
| fi |