CICD

1. name: Build Multi-Arch & Deploy Application Update to EC2 ASG
2.  
3. on:
4.   push:
5.     branches:
6.      - main # Trigger deployment only on pushes to the main branch
7.  
8. permissions:
9.   contents: read  # Required to checkout the repository code
10.   # id-token: write # Add this if switching to OIDC for AWS credentials
11.  
12. env:
13.   AWS_REGION: ap-south-1
14.   APP_NAME: caloriemitra # Must match app name used in infra stack for resource naming conventions
15.   # Derive ECR repo name consistently
16.   # IMPORTANT: Verify this matches your actual ECR repo name created by CDK/CFN.
17.   ECR_REPOSITORY_NAME: caloriemitra-app-repo
18.   # IMPORTANT: Set this to the exact name of your Auto Scaling Group created by CFN/CDK
19.   # Find this in AWS Console > EC2 > Auto Scaling Groups, or CloudFormation/CDK outputs.
20.   # Replace the example value below with your REAL ASG name.
21.   ASG_NAME: CalorieMitra-Stack-CalorieMitraAsgASG6077E899-OUQnFodW0E0D # <--- REPLACE WITH YOUR ACTUAL ASG NAME
22.   # IMPORTANT: Set this to the exact name of the SSM Parameter storing the image tag
23.   # Verify this matches the output/definition from your CDK stack.
24.   # The CDK code used '/app/caloriemitra/image-tag'. Make sure this is consistent.
25.   SSM_IMAGE_TAG_PARAMETER_NAME: /app/caloriemitra/image-tag # <--- VERIFY OR REPLACE WITH YOUR ACTUAL PARAMETER NAME
26.  
27. jobs:
28.   build-and-push-ecr:
29.     name: Build Multi-Arch Docker Image and Push to ECR
30.     runs-on: ubuntu-latest
31.     outputs:
32.       image_tag: ${{ steps.set_image_tag.outputs.tag }}
33.  
34.     steps:
35.       - name: Checkout repository
36.         uses: actions/checkout@v4
37.  
38.       # Set up Docker Buildx for multi-platform builds
39.       - name: Set up QEMU
40.         uses: docker/setup-qemu-action@v3
41.       - name: Set up Docker Buildx
42.         id: buildx
43.         uses: docker/setup-buildx-action@v3
44.  
45.       - name: Configure AWS credentials
46.         uses: aws-actions/configure-aws-credentials@v4
47.         with:
48.           aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
49.           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
50.           aws-region: ${{ env.AWS_REGION }}
51.  
52.       - name: Login to Amazon ECR
53.         id: login-ecr
54.         uses: aws-actions/amazon-ecr-login@v2
55.  
56.       - name: Set Image Tag from Git SHA
57.         id: set_image_tag
58.         run: echo "tag=$(echo $GITHUB_SHA | cut -c1-7)" >> $GITHUB_OUTPUT
59.  
60.       - name: Build, tag, and push multi-arch image to Amazon ECR
61.         id: build-image
62.         env:
63.           ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
64.           IMAGE_TAG: ${{ steps.set_image_tag.outputs.tag }}
65.         run: |
66.          ECR_REPO_URI="$ECR_REGISTRY/${{ env.ECR_REPOSITORY_NAME }}"
67.           echo "Building and pushing multi-arch image to $ECR_REPO_URI with tags :$IMAGE_TAG and :latest"
68.           # Use docker buildx build command
69.           docker buildx build \
70.             --platform linux/arm64 \
71.             -t $ECR_REPO_URI:$IMAGE_TAG \
72.             -t $ECR_REPO_URI:latest \
73.             --push \
74.             . # Build context is the current directory
75.           echo "Pushed multi-arch image manifest for tags: $IMAGE_TAG, latest"
76.  
77.   deploy-application:
78.     name: Deploy Application via ASG Instance Refresh
79.     runs-on: ubuntu-latest
80.     needs: build-and-push-ecr # Depends on the image being pushed
81.  
82.     steps:
83.       - name: Configure AWS credentials
84.         uses: aws-actions/configure-aws-credentials@v4
85.         with:
86.          # This role/user needs ssm:PutParameter and autoscaling:StartInstanceRefresh permissions
87.           aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
88.           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
89.           aws-region: ${{ env.AWS_REGION }}
90.  
91.       - name: Update Image Tag in SSM Parameter Store
92.         run: |
93.          echo "Updating SSM parameter '${{ env.SSM_IMAGE_TAG_PARAMETER_NAME }}' to tag '${{ needs.build-and-push-ecr.outputs.image_tag }}'"
94.           aws ssm put-parameter \
95.             --name "${{ env.SSM_IMAGE_TAG_PARAMETER_NAME }}" \
96.             --value "${{ needs.build-and-push-ecr.outputs.image_tag }}" \
97.             --type String \
98.             --overwrite \
99.             --region ${{ env.AWS_REGION }}
100.  
101.       - name: Trigger ASG Instance Refresh
102.         run: |
103.           echo "Starting Instance Refresh for ASG: '${{ env.ASG_NAME }}'"
104.          # Validate ASG name variable is set
105.          if [ -z "${{ env.ASG_NAME }}" ] || [ "${{ env.ASG_NAME }}" == "YOUR_ASG_NAME_HERE" ]; then
106.            echo "Error: ASG_NAME environment variable is not set correctly. Please update the workflow."
107.            exit 1
108.          fi
109.          aws autoscaling start-instance-refresh \
110.            --auto-scaling-group-name "${{ env.ASG_NAME }}" \
111.            --region ${{ env.AWS_REGION }} \
112.            --preferences '{ "MinHealthyPercentage": 50, "InstanceWarmup": 300 }' # Adjust MinHealthy and Warmup as needed
113.        # Optionally add a step here to monitor the refresh progress using `aws autoscaling describe-instance-refreshes`