add nlb to obtain a static ip for demo #3
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CarePlan AI CI/CD Pipeline | |
| on: | |
| push: | |
| branches: [ main, develop ] | |
| pull_request: | |
| branches: [ main ] | |
| env: | |
| AWS_REGION: us-east-1 | |
| ECR_REPOSITORY_BACKEND: careplan-ai-backend | |
| ECR_REPOSITORY_FRONTEND: careplan-ai-frontend | |
| ECS_SERVICE: careplan-ai-service | |
| ECS_CLUSTER: careplan-ai-cluster | |
| TASK_DEFINITION: careplan-ai-task | |
| jobs: | |
| test: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Python 3.9 | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: 3.9 | |
| - name: Install Python dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install -r requirements.txt | |
| - name: Run Python tests | |
| run: | | |
| python -m pytest tests/ -v --tb=short || echo "Tests completed with issues, continuing..." | |
| - name: Set up Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '18' | |
| cache: 'npm' | |
| cache-dependency-path: clients/web-ui/package-lock.json | |
| - name: Install frontend dependencies | |
| run: | | |
| cd clients/web-ui | |
| npm ci | |
| - name: Run frontend tests | |
| run: | | |
| cd clients/web-ui | |
| npm test -- --coverage --watchAll=false --passWithNoTests | |
| - name: Build frontend | |
| run: | | |
| cd clients/web-ui | |
| npm run build | |
| security: | |
| runs-on: ubuntu-latest | |
| needs: test | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Run Bandit Security Scan | |
| run: | | |
| pip install bandit | |
| bandit -r app/ -f json -o bandit-report.json || true | |
| - name: Upload security scan results | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: security-scan | |
| path: bandit-report.json | |
| build-and-deploy: | |
| runs-on: ubuntu-latest | |
| needs: [test, security] | |
| if: github.ref == 'refs/heads/main' | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: ${{ env.AWS_REGION }} | |
| - name: Login to Amazon ECR | |
| id: login-ecr | |
| uses: aws-actions/amazon-ecr-login@v2 | |
| - name: Build, tag, and push backend image to Amazon ECR | |
| env: | |
| ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
| IMAGE_TAG: ${{ github.sha }} | |
| run: | | |
| docker build -t $ECR_REGISTRY/$ECR_REPOSITORY_BACKEND:$IMAGE_TAG -f Dockerfile.backend . | |
| docker push $ECR_REGISTRY/$ECR_REPOSITORY_BACKEND:$IMAGE_TAG | |
| docker tag $ECR_REGISTRY/$ECR_REPOSITORY_BACKEND:$IMAGE_TAG $ECR_REGISTRY/$ECR_REPOSITORY_BACKEND:latest | |
| docker push $ECR_REGISTRY/$ECR_REPOSITORY_BACKEND:latest | |
| - name: Build, tag, and push frontend image to Amazon ECR | |
| env: | |
| ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
| IMAGE_TAG: ${{ github.sha }} | |
| run: | | |
| docker build -t $ECR_REGISTRY/$ECR_REPOSITORY_FRONTEND:$IMAGE_TAG -f Dockerfile.frontend ./clients/web-ui | |
| docker push $ECR_REGISTRY/$ECR_REPOSITORY_FRONTEND:$IMAGE_TAG | |
| docker tag $ECR_REGISTRY/$ECR_REPOSITORY_FRONTEND:$IMAGE_TAG $ECR_REGISTRY/$ECR_REPOSITORY_FRONTEND:latest | |
| docker push $ECR_REGISTRY/$ECR_REPOSITORY_FRONTEND:latest | |
| - name: Download task definition | |
| run: | | |
| aws ecs describe-task-definition --task-definition $TASK_DEFINITION --query taskDefinition > task-definition.json | |
| - name: Update ECS task definition - Backend | |
| id: task-def-backend | |
| uses: aws-actions/amazon-ecs-render-task-definition@v1 | |
| with: | |
| task-definition: task-definition.json | |
| container-name: careplan-ai-backend | |
| image: ${{ steps.login-ecr.outputs.registry }}/${{ env.ECR_REPOSITORY_BACKEND }}:${{ github.sha }} | |
| - name: Update ECS task definition - Frontend | |
| id: task-def-frontend | |
| uses: aws-actions/amazon-ecs-render-task-definition@v1 | |
| with: | |
| task-definition: ${{ steps.task-def-backend.outputs.task-definition }} | |
| container-name: careplan-ai-frontend | |
| image: ${{ steps.login-ecr.outputs.registry }}/${{ env.ECR_REPOSITORY_FRONTEND }}:${{ github.sha }} | |
| - name: Deploy to Amazon ECS | |
| uses: aws-actions/amazon-ecs-deploy-task-definition@v1 | |
| with: | |
| task-definition: ${{ steps.task-def-frontend.outputs.task-definition }} | |
| service: ${{ env.ECS_SERVICE }} | |
| cluster: ${{ env.ECS_CLUSTER }} | |
| wait-for-service-stability: true | |
| notify: | |
| runs-on: ubuntu-latest | |
| needs: [build-and-deploy] | |
| if: always() | |
| steps: | |
| - name: Notify deployment status | |
| run: | | |
| if [ "${{ needs.build-and-deploy.result }}" == "success" ]; then | |
| echo "✅ Deployment successful!" | |
| else | |
| echo "❌ Deployment failed!" | |
| fi |