Skip to content

Commit

Permalink
trying to fix broken deploy due to multistage failure (#874)
Browse files Browse the repository at this point in the history 
* trying to fix broken deploy due to multistage failure

* test out the pipeline by triggering a deploy at each push

* fixed IAM permissions for deploying the ECR image

* added DOCKER_BUILDKIT=1

* fixed docker push

* removing account id

* cleanup

* improving makefile variables
  • Loading branch information
@fabiocicerchia
fabiocicerchia authored Aug 31, 2023
1 parent 5afb6cf commit b0f62f4
Show file tree
Hide file tree
Showing 2 changed files with 42 additions and 15 deletions.
21 changes: 14 additions & 7 deletions Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -80,6 +80,7 @@ AWS_PROFILE ?= poser
AWS_REGION ?= eu-west-1
AWS_ACCOUNT_ID ?= $(shell aws sts get-caller-identity --profile=$(AWS_PROFILE) | jq -r '.Account')
PREVIOUS_TAG=$(shell git ls-remote --tags 2>&1 | awk '{print $$2}' | sort -r | head -n 1 | cut -d "/" -f3)
ECR_REGISTRY = $(AWS_ACCOUNT_ID).dkr.ecr.$(AWS_REGION).amazonaws.com

deploy_prod: .docker_img_deps build_prod_images push_prod_images ## deploy to prod
cat sys/cloudformation/parameters.prod.json \
Expand All @@ -100,15 +101,21 @@ deploy_prod: .docker_img_deps build_prod_images push_prod_images ## deploy to pr
--template-body=file://$$PWD/sys/cloudformation/stack.yaml \
--parameters=file://sys/cloudformation/parameters.secrets.prod.json

build_%: export BADGE_POSER_REGISTRY = $(ECR_REGISTRY)/badge-poser
build_%: export DOCKER_BUILDKIT = 1

build_prod_images:
docker build \
-t $(AWS_ACCOUNT_ID).dkr.ecr.$(AWS_REGION).amazonaws.com/badge-poser:phpfpm-$(VER) \
DOCKER_BUILDKIT=1 docker build \
-t $(BADGE_POSER_REGISTRY):phpfpm-$(VER) \
-f sys/docker/alpine-phpfpm/Dockerfile .; \
docker build \
-t $(AWS_ACCOUNT_ID).dkr.ecr.$(AWS_REGION).amazonaws.com/badge-poser:nginx-$(VER) \
DOCKER_BUILDKIT=1 docker build \
-t $(BADGE_POSER_REGISTRY):nginx-$(VER) \
-f sys/docker/alpine-nginx/Dockerfile .

push_%: export BADGE_POSER_REGISTRY = $(ECR_REGISTRY)/badge-poser
push_%: export DOCKER_BUILDKIT = 1

push_prod_images:
aws ecr get-login-password --profile $(AWS_PROFILE) | docker login --password-stdin -u AWS $(AWS_ACCOUNT_ID).dkr.ecr.$(AWS_REGION).amazonaws.com; \
docker push $(AWS_ACCOUNT_ID).dkr.ecr.$(AWS_REGION).amazonaws.com/badge-poser:phpfpm-$(VER); \
docker push $(AWS_ACCOUNT_ID).dkr.ecr.$(AWS_REGION).amazonaws.com/badge-poser:nginx-$(VER)
aws ecr get-login-password --profile $(AWS_PROFILE) | docker login --password-stdin -u AWS $(ECR_REGISTRY); \
docker push $(BADGE_POSER_REGISTRY):phpfpm-$(VER); \
docker push $(BADGE_POSER_REGISTRY):nginx-$(VER)
36 changes: 28 additions & 8 deletions sys/cloudformation/stack.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -532,18 +532,38 @@ Resources:
"Sid": "GitHubActionsDeploy",
"Effect": "Allow",
"Action": [
"ecr:CompleteLayerUpload",
"ecr:GetAuthorizationToken",
"sts:GetCallerIdentity",
"ecr:UploadLayerPart",
"cloudformation:CreateChangeSet",
"ecr:InitiateLayerUpload",
"ecr:PutImage"
"sts:GetCallerIdentity"
],
"Resource": [
"arn:aws:ecr:eu-west-1:478389220392:repository/badge-poser",
"arn:aws:cloudformation:eu-west-1:478389220392:stack/poser-ecs/6ad34900-d679-11ea-a884-0a9b71aae734"
"arn:aws:ecr:eu-west-1:*:repository/badge-poser",
"arn:aws:cloudformation:eu-west-1:*:stack/poser-ecs/6ad34900-d679-11ea-a884-0a9b71aae734"
]
},
{
"Sid": "GitHubActionsDeployECR",
"Effect": "Allow",
"Action": [
"ecr:BatchCheckLayerAvailability",
"ecr:BatchGetImage",
"ecr:CompleteLayerUpload",
"ecr:DescribeImages",
"ecr:DescribeRepositories",
"ecr:GetDownloadUrlForLayer",
"ecr:InitiateLayerUpload",
"ecr:ListImages",
"ecr:PutImage",
"ecr:UploadLayerPart"
],
"Resource": "arn:aws:ecr:eu-west-1:*:repository/badge-poser"
},
{
"Sid": "GitHubActionsDeployECRToken",
"Effect": "Allow",
"Action": [
"ecr:GetAuthorizationToken"
],
"Resource": "*"
}
]
}
Expand Down

0 comments on commit b0f62f4

Please sign in to comment.