11
8

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

More than 1 year has passed since last update.

GitHub Actionsから複数のコンテナをAWS ECSにデプロイする

Last updated at Posted at 2022-10-27

はじめに

GitHub Actionsには便利なテンプレートが複数用意されています。
ECSへの自動デプロイテンプレートは以下のConfigureボタンを押下することで作成できます。

スクリーンショット (108).png

`aws.yml` テンプレ
aws.yml
# This workflow will build and push a new container image to Amazon ECR,
# and then will deploy a new task definition to Amazon ECS, when there is a push to the "master" branch.
#
# To use this workflow, you will need to complete the following set-up steps:
#
# 1. Create an ECR repository to store your images.
#    For example: `aws ecr create-repository --repository-name my-ecr-repo --region us-east-2`.
#    Replace the value of the `ECR_REPOSITORY` environment variable in the workflow below with your repository's name.
#    Replace the value of the `AWS_REGION` environment variable in the workflow below with your repository's region.
#
# 2. Create an ECS task definition, an ECS cluster, and an ECS service.
#    For example, follow the Getting Started guide on the ECS console:
#      https://us-east-2.console.aws.amazon.com/ecs/home?region=us-east-2#/firstRun
#    Replace the value of the `ECS_SERVICE` environment variable in the workflow below with the name you set for the Amazon ECS service.
#    Replace the value of the `ECS_CLUSTER` environment variable in the workflow below with the name you set for the cluster.
#
# 3. Store your ECS task definition as a JSON file in your repository.
#    The format should follow the output of `aws ecs register-task-definition --generate-cli-skeleton`.
#    Replace the value of the `ECS_TASK_DEFINITION` environment variable in the workflow below with the path to the JSON file.
#    Replace the value of the `CONTAINER_NAME` environment variable in the workflow below with the name of the container
#    in the `containerDefinitions` section of the task definition.
#
# 4. Store an IAM user access key in GitHub Actions secrets named `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY`.
#    See the documentation for each action used below for the recommended IAM policies for this IAM user,
#    and best practices on handling the access key credentials.

name: Deploy to Amazon ECS

on:
  push:
    branches: [ "master" ]

env:
  AWS_REGION: MY_AWS_REGION                   # set this to your preferred AWS region, e.g. us-west-1
  ECR_REPOSITORY: MY_ECR_REPOSITORY           # set this to your Amazon ECR repository name
  ECS_SERVICE: MY_ECS_SERVICE                 # set this to your Amazon ECS service name
  ECS_CLUSTER: MY_ECS_CLUSTER                 # set this to your Amazon ECS cluster name
  ECS_TASK_DEFINITION: MY_ECS_TASK_DEFINITION # set this to the path to your Amazon ECS task definition
                                               # file, e.g. .aws/task-definition.json
  CONTAINER_NAME: MY_CONTAINER_NAME           # set this to the name of the container in the
                                               # containerDefinitions section of your task definition

permissions:
  contents: read

jobs:
  deploy:
    name: Deploy
    runs-on: ubuntu-latest
    environment: production

    steps:
    - name: Checkout
      uses: actions/checkout@v3

    - name: Configure AWS credentials
      uses: aws-actions/configure-aws-credentials@v1
      with:
        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
        aws-region: ${{ env.AWS_REGION }}

    - name: Login to Amazon ECR
      id: login-ecr
      uses: aws-actions/amazon-ecr-login@v1

    - name: Build, tag, and push image to Amazon ECR
      id: build-image
      env:
        ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
        IMAGE_TAG: ${{ github.sha }}
      run: |
        # Build a docker container and
        # push it to ECR so that it can
        # be deployed to ECS.
        docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
        docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
        echo "::set-output name=image::$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG"

    - name: Fill in the new image ID in the Amazon ECS task definition
      id: task-def
      uses: aws-actions/amazon-ecs-render-task-definition@v1
      with:
        task-definition: ${{ env.ECS_TASK_DEFINITION }}
        container-name: ${{ env.CONTAINER_NAME }}
        image: ${{ steps.build-image.outputs.image }}

    - name: Deploy Amazon ECS task definition
      uses: aws-actions/amazon-ecs-deploy-task-definition@v1
      with:
        task-definition: ${{ steps.task-def.outputs.task-definition }}
        service: ${{ env.ECS_SERVICE }}
        cluster: ${{ env.ECS_CLUSTER }}
        wait-for-service-stability: true

このテンプレートは1つのコンテナを想定して作られています。
例えばphp-fpm nginxのように複数のコンテナが存在する環境ではカスタマイズして利用する必要があります。

方法

ワークフローは以下の手順で実行されます。

  1. Login to Amazon ECR
    • Amazon ECRへのログイン
  2. Build, tag, and push image to Amazon ECR
    • Dockerのビルド
    • Amazon ECRへのプッシュ
    • build-image.outputsへのイメージ出力
  3. Fill in the new image ID in the Amazon ECS task definition
    • タスク定義の書き換え
  4. Deploy Amazon ECS task definition
    • サービスのタスク定義更新(デプロイ)

3のamazon-ecs-render-task-definitionを繰り返し使用することで実現可能です。

手順

Build, tag, and push image to Amazon ECR

  • デプロイしたいすべてのコンテナで以下を実施
    • Build
    • ECRへのPush
    • build-image.outputsへの出力

Fill in the new image ID in the Amazon ECS task definition ①

  • テンプレート通りにタスク定義を作成
    ※ここでは container-name image をデプロイしたいコンテナの中から一つだけ設定します

Fill in the new image ID in the Amazon ECS task definition ②

  • 以下のように記述し①で作成したタスク定義を参照

task-definition: ${{ steps.<前のタスク定義作成step名>.outputs.task-definition }}

  • もう一つのコンテナのcontainer-name imageを設定
  • デプロイしたいイメージが3つ以上の場合は②を繰り返す

Deploy Amazon ECS task definition

  • ②で作成したタスク定義をデプロイ

作成例

今回は、phpnginxの2つのコンテナの想定で作成しています。

aws.yml
name: Deploy to Amazon ECS

on:
  push:
    branches: [ "master" ]

env:
 AWS_REGION: MY_AWS_REGION                  
  ECR_REPOSITORY_PHP: php
  ECR_REPOSITORY_NGINX: nginx
  ECS_SERVICE: MY_ECS_SERVICE                
  ECS_CLUSTER: MY_ECS_CLUSTER                
  ECS_TASK_DEFINITION: MY_ECS_TASK_DEFINITION
  CONTAINER_NAME_PHP: php
  CONTAINER_NAME_NGINX: nginx
permissions:
  contents: read

jobs:
  deploy:
    name: Deploy
    runs-on: ubuntu-latest
    environment: production

    steps:
    - name: Checkout
      uses: actions/checkout@v3

    - name: Configure AWS credentials
      uses: aws-actions/configure-aws-credentials@v1
      with:
        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
        aws-region: ${{ env.AWS_REGION }}

    - name: Login to Amazon ECR
      id: login-ecr
      uses: aws-actions/amazon-ecr-login@v1

    - name: Build, tag, and push image to Amazon ECR
      id: build-image
      env:
        ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
        IMAGE_TAG: ${{ github.sha }}
      run: |
        # Build a docker container and
        # push it to ECR so that it can
        # be deployed to ECS.
        docker build -t $ECR_REGISTRY/$ECR_REPOSITORY_PHP:$IMAGE_TAG .
        docker build -t $ECR_REGISTRY/$ECR_REPOSITORY_NGINX:$IMAGE_TAG .
        docker push $ECR_REGISTRY/$ECR_REPOSITORY_PHP:$IMAGE_TAG
        docker push $ECR_REGISTRY/$ECR_REPOSITORY_NGINX:$IMAGE_TAG
        echo "::set-output name=image-php::$ECR_REGISTRY/$ECR_REPOSITORY_PHP:$IMAGE_TAG"
        echo "::set-output name=image-nginx::$ECR_REGISTRY/$ECR_REPOSITORY_NGINX:$IMAGE_TAG"

    - name: Fill in the new php image ID in the Amazon ECS task definition
      id: task-def-php
      uses: aws-actions/amazon-ecs-render-task-definition@v1
      with:
        # envで設定したパスのtask-definition
        task-definition: ${{ env.ECS_TASK_DEFINITION }}
        container-name: ${{ env.CONTAINER_NAME_PHP }}
        image: ${{ steps.build-image.outputs.image-php }}

    - name: Fill in the new nginx image ID in the Amazon ECS task definition
      id: task-def-nginx
      uses: aws-actions/amazon-ecs-render-task-definition@v1
      with:
        # task-def-phpで作成したtask-definition
        task-definition: ${{ steps.task-def-php.outputs.task-definition }}
        container-name: ${{ env.CONTAINER_NAME_NGINX }}
        image: ${{ steps.build-image.outputs.image-nginx }}

    - name: Deploy Amazon ECS task definition
      uses: aws-actions/amazon-ecs-deploy-task-definition@v1
      with:
        # task-def-nginxで作成したtask-definition
        task-definition: ${{ steps.task-def-nginx.outputs.task-definition }}
        service: ${{ env.ECS_SERVICE }}
        cluster: ${{ env.ECS_CLUSTER }}
        wait-for-service-stability: true

これで複数のコンテナに対応できます。

参考

11
8
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
11
8

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?