bootstrapping-databases/.github/workflows/migration.yaml at main · tbobm/bootstrapping-databases · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
---
name: Run DB Migrations

on:
  push:
    branches:
      - main

jobs:
  migrate-database:
    name: Run ECS One-Off Task
    runs-on: ubuntu-latest
    if: false  # TODO: remove me !
    env:
      AWS_REGION: eu-west-1
      CLUSTER_NAME: sample-cluster
      ECR_REPO: db-migration
      TASK_DEFINITION: db-migration-job
      SUBNET_ID: subnet-abc123
      SECURITY_GROUP_ID: sg-abc123
      CONTAINER_NAME: migration
      IMAGE_URI: db-iac:latest

    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Configure AWS credentials
        uses: aws-actions/configure-aws-credentials@v4
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          aws-region: ${{ vars.AWS_REGION }}

      - name: Login to Amazon ECR
        id: login-ecr
        uses: aws-actions/amazon-ecr-login@v2

      - name: Get container image tag (git hash)
        id: image-vars
        run: |
          echo "image-uri=${{ steps.login-ecr.outputs.registry }}/${{ vars.ECR_REPO }}:${GITHUB_SHA::8}" >> "$GITHUB_OUTPUT"

      - name: Build and push Container Image to ECR
        id: build-image
        uses: docker/build-push-action@v6
        with:
          push: true
          tags: ${{ steps.image-vars.outputs.image-uri }}
          provenance: false
          platforms: "linux/amd64"

      - name: Fetch latest task definition
        id: get-task-def
        run: |
          aws ecs describe-task-definition --task-definition "$TASK_DEFINITION" \
            --region "$AWS_REGION" > taskdef.json

      - name: Fill in the new image ID in the Amazon ECS task definition
        id: updated-task-def
        uses: aws-actions/amazon-ecs-render-task-definition@v1
        with:
          task-definition: new-task-def.json
          container-name: $CONTAINER_NAME
          image: $IMAGE_URI

      - name: Deploy Amazon ECS task definition
        uses: aws-actions/amazon-ecs-deploy-task-definition@v2
        id: register-task-def
        with:
          task-definition: ${{ steps.updated-task-def.outputs.task-definition }}

      - name: Run ECS task
        id: run-task
        run: |
          TASK_ARN=$(aws ecs run-task \
            --cluster "$CLUSTER_NAME" \
            --launch-type FARGATE \
            --network-configuration "awsvpcConfiguration={subnets=[$SUBNET_ID],securityGroups=[$SECURITY_GROUP_ID],assignPublicIp=DISABLED}" \
            --task-definition "${{ steps.register-task-def.outputs.task_def_arn }}" \
            --region "$AWS_REGION" \
            --started-by github-actions \
            --query 'tasks[0].taskArn' \
            --output text)

          echo "task_arn=$TASK_ARN" >> "$GITHUB_OUTPUT"

      - name: Wait for task to complete
        run: |
          aws ecs wait tasks-stopped \
            --cluster "$CLUSTER_NAME" \
            --tasks "${{ steps.run-task.outputs.task_arn }}" \
            --region "$AWS_REGION"

      - name: Check task exit code
        run: |
          EXIT_CODE=$(aws ecs describe-tasks \
            --cluster "$CLUSTER_NAME" \
            --tasks ${{ steps.run-task.outputs.task_arn }} \
            --region "$AWS_REGION" \
            --query "tasks[0].containers[?name=='${CONTAINER_NAME}'].exitCode" \
            --output text)

          echo "Task exited with code $EXIT_CODE"

          if [ "$EXIT_CODE" != "0" ]; then
            echo "Migration task failed with exit code $EXIT_CODE"
            exit 1
          fi