iT邦幫忙

2023 iThome 鐵人賽

DAY 30
2

回顧

  • 在三十天前,我們還在透過人工查看組員工作、手動的方式繪製報表、一頁一頁的製造投影片
  • 然後首先導入了 python-pptxAsana 來查看工作及產生投影片
  • 使用了 python 常見的製圖工作 plotlykaleido 產生甘特圖、輸出檔案
  • 因為使用的工具套件變多了,所以也寫了如何透過 pipenv 及 Pipfile 來進行套件版本管理
  • 因為產生的投影片內容很多,所以有設計一個互動的文字輸入,控制要不要產生某部門的某專案
  • 實際使用起來覺得太囉唆了,所以暫時先註解掉互動詢問;未來朝向讀取文字檔或系統變數來控制批次工作
  • 並且使用 容器化 的方式,來降低重複部署環境的成本
  • 透過 ECR 私密安全地保存容器映像檔
  • 撰寫了 ECS Task 並透過 ECS Scheduled Task 以 Cron style 格式來定義週期性觸發
  • 串接公司內部的 信件伺服器 (SMTP),使這個系列所撰寫的程式可以在產生完投影片的時候,透過郵寄夾檔的方式寄出
  • 備註:因為公司網管還在過中秋節,在目前公司不允許海外 IP 走 SMTP 連進 Mail server 前,先暫時將這個排程工作運行在公司內網的主機中
  • 還差一個自動化

自動化的需求

  • 我們在修改完成式後,每次都需要重新打包容器映像檔
  • 手動下 docker build 的方式產生映像檔後,透過 aws cli 取得 ECR 登入密碼、上傳映像檔
  • 手動觸發 ECS run task / 或是在公司內的虛擬主機拿回新包好的 image 並 docker run
  • 在這種場景,建議可以透過導入 CI/CD 流程,來降低人力的介入

Github Actions

Actions 的原理,是在程式碼中,放進一個 yaml 檔,裡面會描述一些條件和任務,每當程式碼發生異動後,則會根據異動的條件,搭配 Actions 的內容去執行動作;因此首先需要先設定執行工作的環境

runner

  • 在 Github repo 中找到 Settings,在 Runner 的設定中先建立
    https://ithelp.ithome.com.tw/upload/images/20231001/20141784VuOguTjwIy.png
  • 依照系統版本,選擇設定流程
    https://ithelp.ithome.com.tw/upload/images/20231001/20141784qwawss8d0D.png
  • 依序執行 runner 安裝指令
    https://ithelp.ithome.com.tw/upload/images/20231001/20141784mV8Z9jXNC8.png
  • 完成後,可以在 github runner 中看到多出一台機器
    https://ithelp.ithome.com.tw/upload/images/20231001/20141784yIIP6F9lVq.png

actions yaml

  • 上述提到的需求,圍繞在製作 Container Image,所以選擇 ECR 的樣板來改
    https://ithelp.ithome.com.tw/upload/images/20231001/20141784uydupafxJ2.png
  • 保留需要的部分即可
    • docker build
    • 取回 ecr login 密碼
    • docker pull
    • 更新 ECS Task
# This workflow will build and push a new container image to Amazon ECR,
# and then will deploy a new task definition to Amazon ECS, when there is a push to the "main" branch.
#
# To use this workflow, you will need to complete the following set-up steps:
#
# 1. Create an ECR repository to store your images.
#    For example: `aws ecr create-repository --repository-name my-ecr-repo --region us-east-2`.
#    Replace the value of the `ECR_REPOSITORY` environment variable in the workflow below with your repository's name.
#    Replace the value of the `AWS_REGION` environment variable in the workflow below with your repository's region.
#
# 2. Create an ECS task definition, an ECS cluster, and an ECS service.
#    For example, follow the Getting Started guide on the ECS console:
#      https://us-east-2.console.aws.amazon.com/ecs/home?region=us-east-2#/firstRun
#    Replace the value of the `ECS_SERVICE` environment variable in the workflow below with the name you set for the Amazon ECS service.
#    Replace the value of the `ECS_CLUSTER` environment variable in the workflow below with the name you set for the cluster.
#
# 3. Store your ECS task definition as a JSON file in your repository.
#    The format should follow the output of `aws ecs register-task-definition --generate-cli-skeleton`.
#    Replace the value of the `ECS_TASK_DEFINITION` environment variable in the workflow below with the path to the JSON file.
#    Replace the value of the `CONTAINER_NAME` environment variable in the workflow below with the name of the container
#    in the `containerDefinitions` section of the task definition.
#
# 4. Store an IAM user access key in GitHub Actions secrets named `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY`.
#    See the documentation for each action used below for the recommended IAM policies for this IAM user,
#    and best practices on handling the access key credentials.

name: Deploy to Amazon ECS

on:
  push:
    branches: [ "main" ]

env:
  AWS_REGION: MY_AWS_REGION                   # set this to your preferred AWS region, e.g. us-west-1
  ECR_REPOSITORY: MY_ECR_REPOSITORY           # set this to your Amazon ECR repository name
  ECS_SERVICE: MY_ECS_SERVICE                 # set this to your Amazon ECS service name
  ECS_CLUSTER: MY_ECS_CLUSTER                 # set this to your Amazon ECS cluster name
  ECS_TASK_DEFINITION: MY_ECS_TASK_DEFINITION # set this to the path to your Amazon ECS task definition
                                               # file, e.g. .aws/task-definition.json
  CONTAINER_NAME: MY_CONTAINER_NAME           # set this to the name of the container in the
                                               # containerDefinitions section of your task definition

permissions:
  contents: read

jobs:
  deploy:
    name: Deploy
    runs-on: self-hosted
    environment: production

    steps:
    - name: Checkout
      uses: actions/checkout@v3

    - name: Configure AWS credentials
      uses: aws-actions/configure-aws-credentials@v1
      with:
        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
        aws-region: ${{ env.AWS_REGION }}

    - name: Login to Amazon ECR
      id: login-ecr
      uses: aws-actions/amazon-ecr-login@v1

    - name: Build, tag, and push image to Amazon ECR
      id: build-image
      env:
        ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
        IMAGE_TAG: ${{ github.sha }}
      run: |
        # Build a docker container and
        # push it to ECR so that it can
        # be deployed to ECS.
        docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
        docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
        echo "image=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT

    - name: Fill in the new image ID in the Amazon ECS task definition
      id: task-def
      uses: aws-actions/amazon-ecs-render-task-definition@v1
      with:
        task-definition: ${{ env.ECS_TASK_DEFINITION }}
        container-name: ${{ env.CONTAINER_NAME }}
        image: ${{ steps.build-image.outputs.image }}

    - name: Deploy Amazon ECS task definition
      uses: aws-actions/amazon-ecs-deploy-task-definition@v1
      with:
        task-definition: ${{ steps.task-def.outputs.task-definition }}
        service: ${{ env.ECS_SERVICE }}
        cluster: ${{ env.ECS_CLUSTER }}
        wait-for-service-stability: true

結論

  • 未來只要我修改好程式碼之後,即可自動觸發打包映像檔、推送到 ECR、觸發 ECS Task defination (optional)

上一篇
Day 29 - 使用 Linux 主機部署 PPTBoss 容器服務
系列文
挽救肝指數 x 職場生存術 x 老闆愛看的投影片製造機30
圖片
  直播研討會
圖片
{{ item.channelVendor }} {{ item.webinarstarted }} |
{{ formatDate(item.duration) }}
直播中

尚未有邦友留言

立即登入留言