add secrets for the names and values #12
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Java CI/CD with Docker | |
| on: | |
| push: | |
| branches: [main] | |
| paths-ignore: | |
| - "front-end/**" | |
| - ".github/workflows/front-end.yml" | |
| jobs: | |
| test: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up JDK 21 | |
| uses: actions/setup-java@v4 | |
| with: | |
| distribution: temurin | |
| java-version: "21" | |
| cache: maven | |
| - name: Run unit tests | |
| run: mvn test | |
| build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up JDK 21 | |
| uses: actions/setup-java@v4 | |
| with: | |
| distribution: temurin | |
| java-version: "21" | |
| cache: maven | |
| - name: Compile project | |
| run: mvn compile | |
| package-jar: | |
| runs-on: ubuntu-latest | |
| needs: [test, build] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up JDK 21 | |
| uses: actions/setup-java@v4 | |
| with: | |
| distribution: temurin | |
| java-version: "21" | |
| cache: maven | |
| - name: Package JAR | |
| run: mvn package -DskipTests | |
| - name: Upload build artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: app-jar | |
| path: target/aws-integration-0.0.1-SNAPSHOT.jar | |
| build-docker-image: | |
| runs-on: ubuntu-latest | |
| needs: [package-jar] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Download built jar | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: app-jar | |
| path: target | |
| - name: Log in to Docker Hub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKER_HUB_USERNAME }} | |
| password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} | |
| - name: Build Docker image | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| file: ./Dockerfile | |
| push: true | |
| tags: | | |
| ${{ secrets.DOCKER_HUB_USERNAME }}/aws-integration:v1.0.${{ github.run_number }} | |
| # --- AWS ECR Public Login + Push --- | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: us-east-1 # Public ECR lives here | |
| - name: Login to Amazon ECR Public | |
| uses: aws-actions/amazon-ecr-login@v2 | |
| with: | |
| registry-type: public | |
| - name: Tag and push to ECR Public (backend) | |
| run: | | |
| IMAGE_TAG=v1.0.${{ github.run_number }} | |
| ECR_URI=public.ecr.aws/d9h7a7q0/saadsabahuddin/back-end | |
| docker tag ${{ secrets.DOCKER_HUB_USERNAME }}/aws-integration:$IMAGE_TAG $ECR_URI:$IMAGE_TAG | |
| docker push $ECR_URI:$IMAGE_TAG | |
| - name: Register new task definition with updated image (backend) | |
| run: | | |
| IMAGE_TAG=v1.0.${GITHUB_RUN_NUMBER} | |
| ECR_URI=public.ecr.aws/d9h7a7q0/saadsabahuddin/back-end | |
| # Get current task definition JSON | |
| TASK_DEF_JSON=$(aws ecs describe-task-definition \ | |
| --task-definition ${{ secrets.BACKEND_TASK_DEF }} \ | |
| --query 'taskDefinition' \ | |
| --output json) | |
| # Update the container image | |
| NEW_TASK_DEF=$(echo $TASK_DEF_JSON | jq --arg IMAGE "$ECR_URI:$IMAGE_TAG" \ | |
| ".containerDefinitions[] | select(.name==\"${{ secrets.BACKEND_CONTAINER }}\") | .image=\$IMAGE | del(.status,.revision,.taskDefinitionArn,.requiresAttributes,.compatibilities,.registeredAt,.registeredBy)" | jq -s '.[0]') | |
| # Register new task definition revision | |
| aws ecs register-task-definition \ | |
| --cli-input-json "$NEW_TASK_DEF" | |
| - name: Update ECS service (backend) | |
| run: | | |
| # Get the new revision number | |
| NEW_REV=$(aws ecs describe-task-definition --task-definition ${{ secrets.BACKEND_TASK_DEF }} | jq '.taskDefinition.revision') | |
| # Force ECS service to use the new task definition | |
| aws ecs update-service \ | |
| --cluster ${{ secrets.CLUSTER_NAME }} \ | |
| --service ${{ secrets.BACKEND_SERVICE }} \ | |
| --task-definition ${{ secrets.BACKEND_TASK_DEF }}:$NEW_REV \ | |
| --force-new-deployment |