回顧

• 在三十天前，我們還在透過人工查看組員工作、手動的方式繪製報表、一頁一頁的製造投影片
• 然後首先導入了 python-pptx 和 Asana 來查看工作及產生投影片
• 使用了 python 常見的製圖工作 plotly 和 kaleido 產生甘特圖、輸出檔案
• 因為使用的工具套件變多了，所以也寫了如何透過 pipenv 及 Pipfile 來進行套件版本管理
• 因為產生的投影片內容很多，所以有設計一個互動的文字輸入，控制要不要產生某部門的某專案
• 實際使用起來覺得太囉唆了，所以暫時先註解掉互動詢問；未來朝向讀取文字檔或系統變數來控制批次工作
• 並且使用 容器化 的方式，來降低重複部署環境的成本
• 透過 ECR 私密安全地保存容器映像檔
• 撰寫了 ECS Task 並透過 ECS Scheduled Task 以 Cron style 格式來定義週期性觸發
• 串接公司內部的 信件伺服器 (SMTP)，使這個系列所撰寫的程式可以在產生完投影片的時候，透過郵寄夾檔的方式寄出
• 備註：因為公司網管還在過中秋節，在目前公司不允許海外 IP 走 SMTP 連進 Mail server 前，先暫時將這個排程工作運行在公司內網的主機中
• 還差一個自動化

自動化的需求

• 我們在修改完成式後，每次都需要重新打包容器映像檔
• 手動下 docker build 的方式產生映像檔後，透過 aws cli 取得 ECR 登入密碼、上傳映像檔
• 手動觸發 ECS run task / 或是在公司內的虛擬主機拿回新包好的 image 並 docker run
• 在這種場景，建議可以透過導入 CI/CD 流程，來降低人力的介入

Github Actions

Actions 的原理，是在程式碼中，放進一個 yaml 檔，裡面會描述一些條件和任務，每當程式碼發生異動後，則會根據異動的條件，搭配 Actions 的內容去執行動作；因此首先需要先設定執行工作的環境

runner

• 在 Github repo 中找到 Settings，在 Runner 的設定中先建立
  
• 依照系統版本，選擇設定流程
  
• 依序執行 runner 安裝指令
  
• 完成後，可以在 github runner 中看到多出一台機器
  

actions yaml

• 上述提到的需求，圍繞在製作 Container Image，所以選擇 ECR 的樣板來改
  
• 保留需要的部分即可
  • docker build
  • 取回 ecr login 密碼
  • docker pull
  • 更新 ECS Task

# This workflow will build and push a new container image to Amazon ECR,
# and then will deploy a new task definition to Amazon ECS, when there is a push to the "main" branch.
#
# To use this workflow, you will need to complete the following set-up steps:
#
# 1. Create an ECR repository to store your images.
#    For example: `aws ecr create-repository --repository-name my-ecr-repo --region us-east-2`.
#    Replace the value of the `ECR_REPOSITORY` environment variable in the workflow below with your repository's name.
#    Replace the value of the `AWS_REGION` environment variable in the workflow below with your repository's region.
#
# 2. Create an ECS task definition, an ECS cluster, and an ECS service.
#    For example, follow the Getting Started guide on the ECS console:
#      https://us-east-2.console.aws.amazon.com/ecs/home?region=us-east-2#/firstRun
#    Replace the value of the `ECS_SERVICE` environment variable in the workflow below with the name you set for the Amazon ECS service.
#    Replace the value of the `ECS_CLUSTER` environment variable in the workflow below with the name you set for the cluster.
#
# 3. Store your ECS task definition as a JSON file in your repository.
#    The format should follow the output of `aws ecs register-task-definition --generate-cli-skeleton`.
#    Replace the value of the `ECS_TASK_DEFINITION` environment variable in the workflow below with the path to the JSON file.
#    Replace the value of the `CONTAINER_NAME` environment variable in the workflow below with the name of the container
#    in the `containerDefinitions` section of the task definition.
#
# 4. Store an IAM user access key in GitHub Actions secrets named `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY`.
#    See the documentation for each action used below for the recommended IAM policies for this IAM user,
#    and best practices on handling the access key credentials.

name: Deploy to Amazon ECS

on:
  push:
    branches: [ "main" ]

env:
  AWS_REGION: MY_AWS_REGION                   # set this to your preferred AWS region, e.g. us-west-1
  ECR_REPOSITORY: MY_ECR_REPOSITORY           # set this to your Amazon ECR repository name
  ECS_SERVICE: MY_ECS_SERVICE                 # set this to your Amazon ECS service name
  ECS_CLUSTER: MY_ECS_CLUSTER                 # set this to your Amazon ECS cluster name
  ECS_TASK_DEFINITION: MY_ECS_TASK_DEFINITION # set this to the path to your Amazon ECS task definition
                                               # file, e.g. .aws/task-definition.json
  CONTAINER_NAME: MY_CONTAINER_NAME           # set this to the name of the container in the
                                               # containerDefinitions section of your task definition

permissions:
  contents: read

jobs:
  deploy:
    name: Deploy
    runs-on: self-hosted
    environment: production

    steps:
    - name: Checkout
      uses: actions/checkout@v3

    - name: Configure AWS credentials
      uses: aws-actions/configure-aws-credentials@v1
      with:
        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
        aws-region: ${{ env.AWS_REGION }}

    - name: Login to Amazon ECR
      id: login-ecr
      uses: aws-actions/amazon-ecr-login@v1

    - name: Build, tag, and push image to Amazon ECR
      id: build-image
      env:
        ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
        IMAGE_TAG: ${{ github.sha }}
      run: |
        # Build a docker container and
        # push it to ECR so that it can
        # be deployed to ECS.
        docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
        docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
        echo "image=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT

    - name: Fill in the new image ID in the Amazon ECS task definition
      id: task-def
      uses: aws-actions/amazon-ecs-render-task-definition@v1
      with:
        task-definition: ${{ env.ECS_TASK_DEFINITION }}
        container-name: ${{ env.CONTAINER_NAME }}
        image: ${{ steps.build-image.outputs.image }}

    - name: Deploy Amazon ECS task definition
      uses: aws-actions/amazon-ecs-deploy-task-definition@v1
      with:
        task-definition: ${{ steps.task-def.outputs.task-definition }}
        service: ${{ env.ECS_SERVICE }}
        cluster: ${{ env.ECS_CLUSTER }}
        wait-for-service-stability: true

結論

• 未來只要我修改好程式碼之後，即可自動觸發打包映像檔、推送到 ECR、觸發 ECS Task defination (optional)