Improve CD workflow

.github/workflows/cd.yml

@@ -3,9 +3,9 @@ name: CD
 on:
   workflow_dispatch:
   #   push:
-      # Uncomment and add the necessary branches to enable automatic deployment on AWS
-      # branches:
-        # - main
+  # Uncomment and add the necessary branches to enable automatic deployment on AWS
+  # branches:
+  # - main
 
 jobs:
   deploy:
@@ -46,13 +46,29 @@ jobs:
         run: |
           aws ecs describe-task-definition --task-definition ${{ vars.ECS_TASK_DEFINITION }} --query taskDefinition > ${{ vars.ECS_TASK_DEFINITION_PATH }}
 
+      - name: Download Parameter Store Values
+        id: ssm-download
+        run: |
+          PARAMETERS_JSON=$(aws ssm get-parameters --query "Parameters[*].{Name:Name,ARN:ARN}" --output json | jq -c '.')
+          echo "parameters=${PARAMETERS_JSON}" >> $GITHUB_OUTPUT
+
+      - name: Format SSM Parameters
+        id: format-secrets
+        run: |
+          FORMATTED_SECRETS=$(ruby bin/format_secrets.rb)
+          echo "formatted_secrets=${FORMATTED_SECRETS}" >> $GITHUB_OUTPUT
+        env:
+          SSM_PARAMETERS_JSON: "${{ steps.ssm-download.outputs.parameters }}"
+
       - name: Fill in the new image ID in the Amazon ECS task definition
         id: task-def
         uses: aws-actions/amazon-ecs-render-task-definition@v1
         with:
           task-definition: ${{ vars.ECS_TASK_DEFINITION_PATH }}
           container-name: ${{ vars.CONTAINER_NAME }}
           image: ${{ steps.image-digest.outputs.image }}
+          secrets: |
+            ${{ steps.format-secrets.outputs.formatted_secrets }}
 
       - name: Deploy Amazon ECS task definition
         uses: aws-actions/amazon-ecs-deploy-task-definition@v2

bin/format_secrets.rb

@@ -0,0 +1,8 @@
+#!/usr/bin/env ruby
+require 'json'
+
+data = JSON.parse(ENV['SSM_PARAMETERS_JSON'])
+
+formatted_secrets = data.map { |param| "#{param["Name"]}=#{param["ARN"]}" }.join("\n")
+
+puts formatted_secrets

db/schema.rb

@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema[7.1].define(version: 2024_01_09_165800) do
+ActiveRecord::Schema[7.2].define(version: 2024_01_09_165800) do
   # These are extensions that must be enabled in order to support this database
   enable_extension "plpgsql"
 

docs/cd_with_aws.md

@@ -8,20 +8,23 @@ Before you start, make sure you have the following:
 
 1. **AWS Account**: You need an AWS account. Sign up [here](https://aws.amazon.com/).
 
-2. **Amazon ECR (Elastic Container Registry) Setup**: 
+2. **Amazon ECR (Elastic Container Registry) Setup**:
+
    - Create a new repository in Amazon ECR.
    - Note down the repository URI, which will be used in the GitHub Actions workflow.
 
-3. **AWS Credentials**: 
+3. **AWS Credentials**:
+
    - AWS Access Key ID
    - AWS Secret Access Key
-   - These credentials should have permission to interact with ECR and ECS.
+   - These credentials should have permission to interact with ECR and ECS and Parameter Store.
 
 4. **Create Environments**:
 
    The GitHub Actions workflow will automatically deploy to the correct environment based on the branch being pushed to. The branch `main` will always be linked to the `production` environment, while other branches will use their own names as the environment. All environments added in GitHub must have the same name as the branches.
 
 5. **GitHub Repository Setup**:
+
    - **Environment Secrets**: Add the following secrets to your GitHub environments (these are specific to each environment and not set at the repository level):
      - `AWS_ACCESS_KEY_ID`: Your AWS Access Key ID.
      - `AWS_SECRET_ACCESS_KEY`: Your AWS Secret Access Key.
@@ -34,7 +37,28 @@ Before you start, make sure you have the following:
      - `ECS_SERVICE`: The name of your ECS service.
      - `ECS_CLUSTER`: The name of your ECS cluster.
 
-6. **GitHub Actions Workflow**:
+6. **Brief Guide to Configure AWS Systems Manager Parameter Store for GitHub Actions Workflow**:
+
+   - **Access AWS Systems Manager**:
+
+     - Log in to your AWS console.
+     - Navigate to **Systems Manager** and select **Parameter Store**.
+
+   - **Create Parameters**:
+
+     - Click **Create parameter**.
+     - Fill out the details:
+       - **Name**: Provide a unique name (e.g., `SERVICE_API_KEY`).
+       - **Type**: Choose `SecureString` for sensitive data.
+       - **Value**: Enter the parameter value (e.g., a password or secret).
+     - Click **Create parameter**.
+
+   - **Integrate with GitHub Actions**:
+
+     - Make sure the AWS credentials stored in GitHub Secrets (`AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`) have the appropriate permissions for Paramters Store.
+     - The workflow automatically access to the defined Parameters Store and push inside the `secrets:` of the Definition Task.
+
+7. **GitHub Actions Workflow**:
    To set up the GitHub Actions workflow for continuous deployment to AWS, you need to modify the existing cd.yml file in the .github/workflows directory of your GitHub repository.
 
    Uncomment the branches section under `on: push:` and add the necessary branches to enable automatic deployment. For example:
@@ -44,4 +68,5 @@ Before you start, make sure you have the following:
      push:
        branches:
          - main
-         - dev
+         - dev
+   ```