はじめに
GitHub Actions
には便利なテンプレートが複数用意されています。
ECSへの自動デプロイテンプレートは以下のConfigureボタンを押下することで作成できます。
`aws.yml` テンプレ
aws.yml
# This workflow will build and push a new container image to Amazon ECR,
# and then will deploy a new task definition to Amazon ECS, when there is a push to the "master" branch.
#
# To use this workflow, you will need to complete the following set-up steps:
#
# 1. Create an ECR repository to store your images.
# For example: `aws ecr create-repository --repository-name my-ecr-repo --region us-east-2`.
# Replace the value of the `ECR_REPOSITORY` environment variable in the workflow below with your repository's name.
# Replace the value of the `AWS_REGION` environment variable in the workflow below with your repository's region.
#
# 2. Create an ECS task definition, an ECS cluster, and an ECS service.
# For example, follow the Getting Started guide on the ECS console:
# https://us-east-2.console.aws.amazon.com/ecs/home?region=us-east-2#/firstRun
# Replace the value of the `ECS_SERVICE` environment variable in the workflow below with the name you set for the Amazon ECS service.
# Replace the value of the `ECS_CLUSTER` environment variable in the workflow below with the name you set for the cluster.
#
# 3. Store your ECS task definition as a JSON file in your repository.
# The format should follow the output of `aws ecs register-task-definition --generate-cli-skeleton`.
# Replace the value of the `ECS_TASK_DEFINITION` environment variable in the workflow below with the path to the JSON file.
# Replace the value of the `CONTAINER_NAME` environment variable in the workflow below with the name of the container
# in the `containerDefinitions` section of the task definition.
#
# 4. Store an IAM user access key in GitHub Actions secrets named `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY`.
# See the documentation for each action used below for the recommended IAM policies for this IAM user,
# and best practices on handling the access key credentials.
name: Deploy to Amazon ECS
on:
push:
branches: [ "master" ]
env:
AWS_REGION: MY_AWS_REGION # set this to your preferred AWS region, e.g. us-west-1
ECR_REPOSITORY: MY_ECR_REPOSITORY # set this to your Amazon ECR repository name
ECS_SERVICE: MY_ECS_SERVICE # set this to your Amazon ECS service name
ECS_CLUSTER: MY_ECS_CLUSTER # set this to your Amazon ECS cluster name
ECS_TASK_DEFINITION: MY_ECS_TASK_DEFINITION # set this to the path to your Amazon ECS task definition
# file, e.g. .aws/task-definition.json
CONTAINER_NAME: MY_CONTAINER_NAME # set this to the name of the container in the
# containerDefinitions section of your task definition
permissions:
contents: read
jobs:
deploy:
name: Deploy
runs-on: ubuntu-latest
environment: production
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ env.AWS_REGION }}
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1
- name: Build, tag, and push image to Amazon ECR
id: build-image
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
IMAGE_TAG: ${{ github.sha }}
run: |
# Build a docker container and
# push it to ECR so that it can
# be deployed to ECS.
docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
echo "::set-output name=image::$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG"
- name: Fill in the new image ID in the Amazon ECS task definition
id: task-def
uses: aws-actions/amazon-ecs-render-task-definition@v1
with:
task-definition: ${{ env.ECS_TASK_DEFINITION }}
container-name: ${{ env.CONTAINER_NAME }}
image: ${{ steps.build-image.outputs.image }}
- name: Deploy Amazon ECS task definition
uses: aws-actions/amazon-ecs-deploy-task-definition@v1
with:
task-definition: ${{ steps.task-def.outputs.task-definition }}
service: ${{ env.ECS_SERVICE }}
cluster: ${{ env.ECS_CLUSTER }}
wait-for-service-stability: true
このテンプレートは1つのコンテナを想定して作られています。
例えばphp-fpm
nginx
のように複数のコンテナが存在する環境ではカスタマイズして利用する必要があります。
方法
ワークフローは以下の手順で実行されます。
-
Login to Amazon ECR
- Amazon ECRへのログイン
-
Build, tag, and push image to Amazon ECR
- Dockerのビルド
- Amazon ECRへのプッシュ
- build-image.outputsへのイメージ出力
-
Fill in the new image ID in the Amazon ECS task definition
- タスク定義の書き換え
-
Deploy Amazon ECS task definition
- サービスのタスク定義更新(デプロイ)
3のamazon-ecs-render-task-definition
を繰り返し使用することで実現可能です。
手順
Build, tag, and push image to Amazon ECR
- デプロイしたいすべてのコンテナで以下を実施
- Build
- ECRへのPush
-
build-image.outputs
への出力
Fill in the new image ID in the Amazon ECS task definition ①
- テンプレート通りにタスク定義を作成
※ここではcontainer-name
image
をデプロイしたいコンテナの中から一つだけ設定します
Fill in the new image ID in the Amazon ECS task definition ②
- 以下のように記述し①で作成したタスク定義を参照
task-definition: ${{ steps.<前のタスク定義作成step名>.outputs.task-definition }}
- もう一つのコンテナの
container-name
image
を設定 - デプロイしたいイメージが3つ以上の場合は②を繰り返す
Deploy Amazon ECS task definition
- ②で作成したタスク定義をデプロイ
作成例
今回は、php
とnginx
の2つのコンテナの想定で作成しています。
aws.yml
name: Deploy to Amazon ECS
on:
push:
branches: [ "master" ]
env:
AWS_REGION: MY_AWS_REGION
ECR_REPOSITORY_PHP: php
ECR_REPOSITORY_NGINX: nginx
ECS_SERVICE: MY_ECS_SERVICE
ECS_CLUSTER: MY_ECS_CLUSTER
ECS_TASK_DEFINITION: MY_ECS_TASK_DEFINITION
CONTAINER_NAME_PHP: php
CONTAINER_NAME_NGINX: nginx
permissions:
contents: read
jobs:
deploy:
name: Deploy
runs-on: ubuntu-latest
environment: production
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ env.AWS_REGION }}
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1
- name: Build, tag, and push image to Amazon ECR
id: build-image
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
IMAGE_TAG: ${{ github.sha }}
run: |
# Build a docker container and
# push it to ECR so that it can
# be deployed to ECS.
docker build -t $ECR_REGISTRY/$ECR_REPOSITORY_PHP:$IMAGE_TAG .
docker build -t $ECR_REGISTRY/$ECR_REPOSITORY_NGINX:$IMAGE_TAG .
docker push $ECR_REGISTRY/$ECR_REPOSITORY_PHP:$IMAGE_TAG
docker push $ECR_REGISTRY/$ECR_REPOSITORY_NGINX:$IMAGE_TAG
echo "::set-output name=image-php::$ECR_REGISTRY/$ECR_REPOSITORY_PHP:$IMAGE_TAG"
echo "::set-output name=image-nginx::$ECR_REGISTRY/$ECR_REPOSITORY_NGINX:$IMAGE_TAG"
- name: Fill in the new php image ID in the Amazon ECS task definition
id: task-def-php
uses: aws-actions/amazon-ecs-render-task-definition@v1
with:
# envで設定したパスのtask-definition
task-definition: ${{ env.ECS_TASK_DEFINITION }}
container-name: ${{ env.CONTAINER_NAME_PHP }}
image: ${{ steps.build-image.outputs.image-php }}
- name: Fill in the new nginx image ID in the Amazon ECS task definition
id: task-def-nginx
uses: aws-actions/amazon-ecs-render-task-definition@v1
with:
# task-def-phpで作成したtask-definition
task-definition: ${{ steps.task-def-php.outputs.task-definition }}
container-name: ${{ env.CONTAINER_NAME_NGINX }}
image: ${{ steps.build-image.outputs.image-nginx }}
- name: Deploy Amazon ECS task definition
uses: aws-actions/amazon-ecs-deploy-task-definition@v1
with:
# task-def-nginxで作成したtask-definition
task-definition: ${{ steps.task-def-nginx.outputs.task-definition }}
service: ${{ env.ECS_SERVICE }}
cluster: ${{ env.ECS_CLUSTER }}
wait-for-service-stability: true
これで複数のコンテナに対応できます。
参考