name: Deploy to AWS on: # Uncomment to auto-deploy after CI passes on main: # workflow_run: # workflows: [CI] # types: [completed] # branches: [main] workflow_dispatch: env: AWS_REGION: ${{ vars.AWS_REGION || 'eu-west-1' }} ECR_REPOSITORY: doc-assistant ECS_CLUSTER: ${{ vars.ECS_CLUSTER }} ECS_SERVICE: doc-assistant TASK_DEFINITION_FAMILY: doc-assistant jobs: deploy: runs-on: ubuntu-latest if: ${{ github.event.workflow_run.conclusion == 'success' || github.event_name == 'workflow_dispatch' }} permissions: id-token: write contents: read steps: - uses: actions/checkout@v4 - name: Configure AWS credentials uses: aws-actions/configure-aws-credentials@v4 with: role-to-assume: ${{ secrets.AWS_ROLE_ARN }} aws-region: ${{ env.AWS_REGION }} - name: Login to ECR id: ecr-login uses: aws-actions/amazon-ecr-login@v2 - name: Build and push image to ECR id: build env: ECR_REGISTRY: ${{ steps.ecr-login.outputs.registry }} run: | IMAGE_TAG=${{ env.ECR_REGISTRY }}/${{ env.ECR_REPOSITORY }}:${{ github.sha }} docker build -f Dockerfile.compose -t $IMAGE_TAG . docker push $IMAGE_TAG echo "image=$IMAGE_TAG" >> $GITHUB_OUTPUT - name: Download current task definition run: | aws ecs describe-task-definition \ --task-definition ${{ env.TASK_DEFINITION_FAMILY }} \ --query taskDefinition \ > task-definition.json - name: Update task definition with new image id: task-def uses: aws-actions/amazon-ecs-render-task-definition@v1 with: task-definition: task-definition.json container-name: api image: ${{ steps.build.outputs.image }} - name: Deploy to ECS uses: aws-actions/amazon-ecs-deploy-task-definition@v2 with: task-definition: ${{ steps.task-def.outputs.task-definition }} service: ${{ env.ECS_SERVICE }} cluster: ${{ env.ECS_CLUSTER }} wait-for-service-stability: true