Add eks deployment pipeline (#21)

gayathridevii · web-flow · commit bc8ec6dd0143 · 2025-03-17T14:44:42.000+05:30
* add eks deployment pipeline for conductor server

* add eks deployment step seperately instead of composite actions

* fix in declaring account id variable

* remove the steps for ecr login

* made change in environemnt bucket format

* made change in service name

* typo fix in ecr repository

* correcting ecr repository format

* ecr repository was not properly passed from previous job output, fix

* make ecr repository as github outputs
diff --git a/.github/workflows/cd-server.yaml b/.github/workflows/cd-server.yaml
@@ -15,28 +15,31 @@ on:
         required: true
         type: string
         description: Provide tag (Eg:v3.14.0)
-
+permissions:
+  id-token: write
+  contents: write
+  packages: read
+  actions: read
 env:
-  SERVICE_NAME: conductor-server
+  SERVICE_NAME: conductor
   AWS_REGION: "ap-south-1"
-
+  HELM_CHART_NAME: "application-helm-chart"
 
 jobs:
   prepare-env:
     name: Prepare Env
-    runs-on: 'ubuntu-latest'
+    runs-on: "ubuntu-latest"
     timeout-minutes: 2
     outputs:
       AWS_ROLE: ${{ steps.vars.outputs.AWS_ROLE }}
       ENV: ${{ steps.vars.outputs.ENV }}
       PROJECT_PREFIX: ${{ steps.vars.outputs.PROJECT_PREFIX }}
-      ECS_CLUSTER: ${{ steps.set_env.outputs.ECS_CLUSTER }}
-      ECS_SERVICE: ${{ steps.set_env.outputs.ECS_SERVICE }}
-      TASK_DEFINITION: ${{ steps.set_env.outputs.TASK_DEFINITION }}
-      CONTAINER_NAME: ${{ steps.set_env.outputs.CONTAINER_NAME }}
+      K8S_CLUSTER: ${{ steps.set_env.outputs.K8S_CLUSTER }}
       ECR_REPOSITORY: ${{ steps.set_env.outputs.ECR_REPOSITORY }}
+      ENVIRONMENT_BUCKET: ${{ steps.set_env.outputs.ENVIRONMENT_BUCKET }}
       SLACK_WEBHOOK_URL: ${{ steps.vars.outputs.SLACK_WEBHOOK_URL }}
-      
+      AWS_ACCOUNT_ID: ${{ steps.vars.outputs.AWS_ACCOUNT_ID}}
+
     steps:
       - id: vars
         shell: bash
@@ -45,7 +48,7 @@ jobs:
           ENV=${{ github.event.inputs.environment }}
           IMAGE_TAG=${{ github.event.inputs.tag }}
           echo $BRANCH
-          
+
           if [ -z "$ENV" ]
           then
             case $BRANCH in
@@ -67,17 +70,20 @@ jobs:
           then
             echo "AWS_ROLE=PRD_AWS_ROLE" >> $GITHUB_OUTPUT
             echo "PROJECT_PREFIX=sirn-prd-mb" >> $GITHUB_OUTPUT
-            echo "SLACK_WEBHOOK_URL=PRD_SLACK_WEBHOOK_URL" >> $GITHUB_OUTPUT  
+            echo "SLACK_WEBHOOK_URL=PRD_SLACK_WEBHOOK_URL" >> $GITHUB_OUTPUT    
+            echo "AWS_ACCOUNT_ID=PRD_AWS_ACCOUNT_ID" >> $GITHUB_OUTPUT
           elif [ $ENV == 'stg' ]
           then
             echo "AWS_ROLE=STG_AWS_ROLE" >> $GITHUB_OUTPUT
             echo "PROJECT_PREFIX=sirn-stg-mb" >> $GITHUB_OUTPUT
-            echo "SLACK_WEBHOOK_URL=DEV_SLACK_WEBHOOK_URL" >> $GITHUB_OUTPUT   
+            echo "SLACK_WEBHOOK_URL=DEV_SLACK_WEBHOOK_URL" >> $GITHUB_OUTPUT  
+            echo "AWS_ACCOUNT_ID=NON_PRD_AWS_ACCOUNT_ID" >> $GITHUB_OUTPUT 
           elif [ $ENV == 'dev' ]
           then
             echo "AWS_ROLE=DEV_AWS_ROLE" >> $GITHUB_OUTPUT
             echo "PROJECT_PREFIX=sirn-dev-mb" >> $GITHUB_OUTPUT
             echo "SLACK_WEBHOOK_URL=DEV_SLACK_WEBHOOK_URL" >> $GITHUB_OUTPUT
+            echo "AWS_ACCOUNT_ID=NON_PRD_AWS_ACCOUNT_ID" >> $GITHUB_OUTPUT
           else
             echo "Branch not configured!"
             exit 1
@@ -89,68 +95,52 @@ jobs:
         id: set_env
         run: |
           PROJECT_PREFIX=${{ steps.vars.outputs.PROJECT_PREFIX }}
-          echo "ECR_REPOSITORY=$PROJECT_PREFIX-ecr-$SERVICE_NAME"  >> $GITHUB_OUTPUT
-          echo "ECS_CLUSTER=$PROJECT_PREFIX-ecs-cluster"  >> $GITHUB_OUTPUT
-          echo "ECS_SERVICE=$PROJECT_PREFIX-svc-$SERVICE_NAME"  >> $GITHUB_OUTPUT
-          echo "TASK_DEFINITION=$PROJECT_PREFIX-td-$SERVICE_NAME"  >> $GITHUB_OUTPUT
-          echo "CONTAINER_NAME=$PROJECT_PREFIX-cntr-$SERVICE_NAME"  >> $GITHUB_OUTPUT
+          echo "K8S_CLUSTER=$PROJECT_PREFIX-prime"  >> $GITHUB_OUTPUT
+          echo "ENVIRONMENT_BUCKET=$PROJECT_PREFIX-s3-environment"  >> $GITHUB_OUTPUT
           echo ":seedling: Branch:${GITHUB_REF#refs/heads/}" >> $GITHUB_STEP_SUMMARY
-          
+          echo "ECR_REPOSITORY=$PROJECT_PREFIX-ecr-conductor-server"  >> $GITHUB_OUTPUT
+
   # Deploy Conductor UI Image to ECS
-  deploy-server-image:
-    name: Deploy Server Image
-    runs-on: 'ubuntu-latest'
-    timeout-minutes: 20
+  deploy-to-k8s:
+    name: Deploy to k8s
+    runs-on: ubuntu-latest
+    container:
+      image: public.ecr.aws/kvsiren-dev/pipeline/helm-deploy:latest
+    timeout-minutes: 15
     permissions:
       id-token: write
       pull-requests: write
       contents: read
-    needs: prepare-env
+    needs:
+      - prepare-env
     env:
-      AWS_ROLE: ${{ needs.prepare-env.outputs.AWS_ROLE }}
-      ENV: ${{ needs.prepare-env.outputs.ENV }}
-      PROJECT_PREFIX: ${{needs.prepare-env.outputs.PROJECT_PREFIX}}
-      ECR_REPOSITORY: ${{needs.prepare-env.outputs.ECR_REPOSITORY}}
-      IMAGE_TAG: ${{ github.event.inputs.tag }}
-      ECS_CLUSTER: ${{ needs.prepare-env.outputs.ECS_CLUSTER }}
-      ECS_SERVICE: ${{ needs.prepare-env.outputs.ECS_SERVICE }}
-      TASK_DEFINITION: ${{ needs.prepare-env.outputs.TASK_DEFINITION }}
-      CONTAINER_NAME: ${{ needs.prepare-env.outputs.CONTAINER_NAME }}
-      
+      AWS_ACCOUNT_ID: ${{ needs.prepare-env.outputs.AWS_ACCOUNT_ID }}
+      ECR_REPOSITORY: ${{ needs.prepare-env.outputs.ECR_REPOSITORY }}
     steps:
       - name: Checkout code from action
         uses: actions/checkout@v2
 
       - name: Configure AWS credentials
         uses: aws-actions/configure-aws-credentials@v4
         with:
-          role-to-assume: ${{ secrets[env.AWS_ROLE] }}
+          role-to-assume: arn:aws:iam::${{ vars[env.AWS_ACCOUNT_ID] }}:role/github-actions
           aws-region: ${{ env.AWS_REGION }}
 
-      - name: Amazon ECR Login
-        id: login-ecr
-        uses: aws-actions/amazon-ecr-login@v1.7.0
+      - name: Deploy to Kubernetes
+        shell: bash
+        run: |
+          aws eks update-kubeconfig --name ${{ needs.prepare-env.outputs.K8S_CLUSTER }}
+          aws s3 cp s3://${{ needs.prepare-env.outputs.ENVIRONMENT_BUCKET }}/helm/${{ env.SERVICE_NAME }}/values.yaml ./values.yaml 
+          cat ./values.yaml
+          aws ecr get-login-password --region ${{ env.AWS_REGION }} | helm registry login --username AWS --password-stdin ${{ vars[env.AWS_ACCOUNT_ID] }}.dkr.ecr.${{ env.AWS_REGION }}.amazonaws.com
 
-      - name: Check if image tag exists in ECR
-        id: check-image-existence
-        run: |          
-          if aws ecr describe-images --repository-name "${{ env.ECR_REPOSITORY }}" --region "${{ env.AWS_REGION }}" --image-ids imageTag="${{ env.IMAGE_TAG }}" 2>&1 | grep -q "imageTag"; then
-            echo "Image tag $IMAGE_TAG exists in ECR"
-          else
-            echo "Error: Image tag $IMAGE_TAG does not exist in ECR"
-            exit 1
-          fi
+          # Construct base Helm command
+          HELM_CMD="helm upgrade --install ${{ env.SERVICE_NAME }} oci://${{ vars[env.AWS_ACCOUNT_ID] }}.dkr.ecr.${{ env.AWS_REGION }}.amazonaws.com/${{ env.HELM_CHART_NAME }} \
+            --namespace ${{ needs.prepare-env.outputs.ENV }} \
+            --values values.yaml \
+            --set default.image.repository='${{ vars[env.AWS_ACCOUNT_ID] }}.dkr.ecr.${{ env.AWS_REGION }}.amazonaws.com/${{ env.ECR_REPOSITORY }}' \
+            --set default.image.tag='${{ github.event.inputs.tag }}'"
 
-      - name: Deploy backend
-        id: deploy_backend
-        uses: ./.github/actions/deploy-ecs
-        env:
-          APP_IMAGE: ${{ steps.login-ecr.outputs.registry }}/${{ env.ECR_REPOSITORY }}:${{ env.IMAGE_TAG }}
-        with:
-         aws-region : ${{ env.AWS_REGION }}
-         aws-role: ${{ secrets[env.AWS_ROLE] }}
-         task-definition: ${{ env.TASK_DEFINITION }}
-         container-name: ${{ env.CONTAINER_NAME }}
-         ecs-service: ${{ env.ECS_SERVICE }}
-         ecs-cluster: ${{ env.ECS_CLUSTER }}
-         image: ${{ env.APP_IMAGE }}
+          # Run the Helm command
+          echo "Running: $HELM_CMD"
+          eval $HELM_CMD
diff --git a/.github/workflows/ci-server-.yaml b/.github/workflows/ci-server-.yaml
@@ -29,7 +29,6 @@ jobs:
       AWS_ROLE: ${{ steps.vars.outputs.AWS_ROLE }}
       ENV: ${{ steps.vars.outputs.ENV }}
       PROJECT_PREFIX: ${{ steps.vars.outputs.PROJECT_PREFIX }}
-      ECS_CLUSTER: ${{ steps.set_env.outputs.ECS_CLUSTER }}
       ECR_REPOSITORY: ${{ steps.set_env.outputs.ECR_REPOSITORY }}
       ENVIRONMENT_BUCKET: ${{ steps.set_env.outputs.ENVIRONMENT_BUCKET }}
       SLACK_WEBHOOK_URL: ${{ steps.vars.outputs.SLACK_WEBHOOK_URL }}
@@ -88,7 +87,6 @@ jobs:
         id: set_env
         run: |
           PROJECT_PREFIX=${{ steps.vars.outputs.PROJECT_PREFIX }}
-          echo "ECS_CLUSTER=$PROJECT_PREFIX-ecs-cluster"  >> $GITHUB_OUTPUT
           echo "ECR_REPOSITORY=$PROJECT_PREFIX-ecr-$SERVICE_NAME"  >> $GITHUB_OUTPUT
           echo "ENVIRONMENT_BUCKET=$PROJECT_PREFIX-s3-environment"  >> $GITHUB_OUTPUT
           echo ":seedling: Branch:${GITHUB_REF#refs/heads/}" >> $GITHUB_STEP_SUMMARY
@@ -133,10 +131,6 @@ jobs:
           role-to-assume: ${{ secrets[env.AWS_ROLE] }}
           aws-region: ${{ env.AWS_REGION }}
 
-      - name: Download S3 file
-        run: |
-          aws s3 cp s3://${PROJECT_PREFIX}-s3-environment/conductor-server/conductor-server.properties ./docker/server/config/conductor-server.properties
-
       - name: Amazon ECR Login
         id: login-ecr
         uses: aws-actions/amazon-ecr-login@v1.7.0
