- Github action:主要用来做CI/CD整体的控制,包括何时build、何时test、何时deploy到相对应环境中去
- ECS:用来用来管理docker image 的repository,以及自动发布
name: Build Jar & Deploy to ECS
on:
release:
types: [published]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v1
- name: Set up JDK 1.8
uses: actions/setup-java@v1
with:
java-version: 1.8
- name: Maven Build
run: mvn install
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ap-northeast-1
# ECR login
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1
# Deploy docker image
- name: Build, tag, and push image to Amazon ECR(exam-api)
id: build-image-exam-api
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
run: |
ECR_REPOSITORY=exam-api-prd
IMAGE_TAG=latest
docker build --build-arg profile=production -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG exam-api
docker tag $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
- name: Render Amazon ECS task definition
id: render-container-exam-api
uses: aws-actions/amazon-ecs-render-task-definition@v1
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
with:
task-definition: exam-api/task-definition-prd.json
container-name: exam-api-prd-container
image: xxx.dkr.ecr.ap-northeast-1.amazonaws.com/exam-api-prd:latest
- name: Deploy to Amazon ECS service
uses: aws-actions/amazon-ecs-deploy-task-definition@v1
with:
task-definition: ${{ steps.render-container-exam-api.outputs.task-definition }}
service: exam-api-prd-service
cluster: exam-api-prd-cluster解读下上面这段代码。
1. 开头的 on 部分
这里是指定GitHub action的trigger,可以是push,可以是merge,也可以是publish。
on:
release:
types: [published]
2. Maven Build
在GitHub的虚拟环境中执行build的相关指令。
- name: Maven Build
run: mvn install
3. Configure AWS Credentials
设置AWS的访问密钥。
因为yml文件是需要进行版本控制的,为了更加安全起,就将密钥信息写在了GitHub的Secrets里面,这样就避免了在代码里的明文。
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ap-northeast-14. Deploy docker image
这步是将build完了jar文件上传到ECR中,发布在ECS上面的,其实就是一个个的image。
- name: Build, tag, and push image to Amazon ECR(exam-api)
id: build-image-exam-api
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
run: |
ECR_REPOSITORY=exam-api-prd
IMAGE_TAG=latest
docker build --build-arg profile=production -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG exam-api
docker tag $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
5. Render Amazon ECS task definition
设置ECS task
- name: Render Amazon ECS task definition(exam-api)
id: render-container-exam-api
uses: aws-actions/amazon-ecs-render-task-definition@v1
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
with:
task-definition: exam-api/task-definition-prd.json
container-name: exam-api-prd-container
image: xxx.dkr.ecr.ap-northeast-1.amazonaws.com/exam-api-prd:latest
6. Deploy to Amazon ECS service
发布到ECS service环境。
- name: Deploy to Amazon ECS service(exam-api)
uses: aws-actions/amazon-ecs-deploy-task-definition@v1
with:
task-definition: ${{ steps.render-container-exam-api.outputs.task-definition }}
service: exam-api-prd-service
cluster: exam-api-prd-cluster讲完了GitHub action的script的写法,我们来看看如何在aws环境设置ECR。
1. 创建ECR Repository
2. 创建TASK
(关于环境变量跟Parameter的变量设置部分就不在这里说了)
3. 创建Cluster
4. 创建Service
关于rolling update说一下db更新需要注意的一点。如果出现类似需要delete column时,在新旧版本共存的那段时间,如果有用户访问了旧版本,就会出现找不到column的错误。这种情况,可以采用以下方法解决:
・先发布一个完全不访问预定删除column的版本
・然后再发布一个包含delete column的db migration版本
这样ECS的设置基本上就结束了。ECR的リポジトリ发布到Service以后,就可以通过LB就可以访问了。
