Inital action

Author: bbharathkumarreddy

.gitignore

@@ -186,7 +186,7 @@
       same "printed page" as the copyright notice for easier
       identification within third-party archives.
 
-   Copyright [yyyy] [name of copyright owner]
+   Copyright 2024 bbharathkumarreddy96@gmail.com
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.

LICENSE

@@ -1,2 +1,61 @@
 # ec2-docker-service-deploy-action
+
 EC2 Docker service deploy and optional in-action security group ip whitelisting
+
+## Usage
+
+```yaml
+name: ci
+
+on:
+  push:
+
+jobs:
+  qemu:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Docker QEMU Buildx ECR
+        uses: bbharathkumarreddy/ec2-docker-service-deploy-action@v0.1
+        with:
+          ssh-host: ${{ vars.ssh-host }}
+          ssh-key: ${{ secrets.ssh-key }}
+          aws-access-key-id: ${{ secrets.aws-access-key-id }}
+          aws-secret-access-key: ${{ secrets.aws-secret-access-key }}
+          aws-region: ${{ vars.aws-region }}
+          security-group-id: ${{ vars.aws-security-group-id }}
+          ecr-image-uri: ${{ vars.ecr-uri }}
+          docker-service: my-service
+          replicas: 2
+          docker-network: my-network
+          docker-published-port: 8000
+          docker-target-port: 8000
+```
+
+## Customizing
+
+### inputs
+
+The following inputs can be used as `step.with` keys:
+
+| Name                    | Type    | Default      | Description                                                                                                                                  |
+| ----------------------- | ------- | ------------ | -------------------------------------------------------------------------------------------------------------------------------------------- |
+| `ssh-host`              | String  |              | SSH hostname or ip address.                                                                                                                  |
+| `ssh-key`               | String  |              | SSH key to connect to host machine.                                                                                                          |
+| `ssh-port`              | String  | `22`         | SSH port to deploy the service.                                                                                                              |
+| `ssh-username`          | String  | `ec2-user`   | SSH username.                                                                                                                                |
+| `aws-access-key-id`     | String  |              | Pass the AWS access key id.                                                                                                                  |
+| `aws-secret-access-key` | String  |              | Pass the AWS secret access key.                                                                                                              |
+| `aws-region`            | String  |              | Pass the AWS region.                                                                                                                         |
+| `security-group-id:`    | String  |              | AWS security group id to whitelist github action's ip address temporarily.                                                                   |
+| `ecr-image-uri`         | String  |              | ECR Container image URI with tag.                                                                                                            |
+| `docker-service`        | String  | `my-service` | Docker service name.                                                                                                                         |
+| `replicas`              | String  | `1`          | Number of service replicas.                                                                                                                  |
+| `docker-network`        | String  | `ingress`    | Docker network.                                                                                                                              |
+| `docker-published-port` | String  | `80`         | Docker port to publish.                                                                                                                      |
+| `docker-target-port`    | String  | `80`         | Docker target port of container.                                                                                                             |
+| `docker-opts`           | String  |              | More docker options to create docker service. eg. `--log-driver=awslogs --log-opt awslogs-group=my-logs --log-opt awslogs-region=us-east-1`. |
+| `prune`                 | Boolean | `true`       | On prune true, Will cleanup exitied containers and unused images.                                                                            |
+
+## Contributing
+
+Want to contribute? ✅

README.md

@@ -0,0 +1,142 @@
+name: "EC2 Docker service deploy action"
+description: "EC2 Docker service deploy and optional in-action security group ip whitelisting"
+author: "bbharathkumarreddy@96@gmail.com"
+branding:
+  icon: "package"
+  color: "blue"
+
+inputs:
+  ssh-host:
+    description: "SSH hostname or ip address."
+    required: true
+  ssh-key:
+    description: "SSH key to connect to host machine."
+    required: false
+  ssh-port:
+    description: "SSH port to deploy the service."
+    default: 22
+    required: false
+  ssh-username:
+    description: "SSH username."
+    default: "ec2-user"
+    required: false
+  aws-access-key-id:
+    description: "AWS access key id."
+    required: false
+  aws-secret-access-key:
+    description: "AWS Secret access key."
+    required: false
+  aws-region:
+    description: "AWS region to deploy."
+    default: "us-east-1"
+    required: false
+  security-group-id:
+    description: "AWS security group id to whitelist github action's ip address temporarily."
+    required: false
+  ecr-image-uri:
+    description: "ECR Container image URI with tag."
+    required: true
+  docker-service:
+    description: "Docker service name."
+    default: "my-service"
+    required: false
+  replicas:
+    description: "Number of service replicas."
+    default: 1
+    required: false
+  docker-network:
+    description: "Docker network."
+    default: "ingress"
+    required: false
+  docker-published-port:
+    description: "Docker port to publish."
+    default: 80
+    required: false
+  docker-target-port:
+    description: "Docker target port of container."
+    default: 80
+    required: false
+  docker-opts:
+    description: "More docker options to create docker service. eg. --log-driver=awslogs --log-opt awslogs-group=my-logs --log-opt awslogs-region=us-east-1"
+    required: false
+  prune:
+    description: "On prune true, Will cleanup exitied containers and unused images."
+    default: true
+    required: false
+
+runs:
+  using: "composite"
+  steps:
+    - name: Get Github action IP
+      id: "ip"
+      if: ${{ inputs.security-group-id != '' }}
+      uses: haythem/public-ip@v1.2
+
+    - name: Configure AWS credentials
+      if: ${{ inputs.security-group-id != '' }}
+      uses: aws-actions/configure-aws-credentials@v4
+      with:
+        aws-access-key-id: ${{ inputs.aws-access-key-id }}
+        aws-secret-access-key: ${{ inputs.aws-secret-access-key }}
+        aws-region: ${{ inputs.aws-region }}
+
+    - name: Add Github Actions IP to Security group
+      shell: bash
+      if: ${{ inputs.security-group-id != '' }}
+      run: |
+        aws ec2 authorize-security-group-ingress --group-id ${{ inputs.security-group-id }} --protocol tcp --port ${{ inputs.ssh-port }} --cidr ${{ steps.ip.outputs.ipv4 }}/32
+      env:
+        AWS_ACCESS_KEY_ID: ${{ inputs.aws-access-key-id }}
+        AWS_SECRET_ACCESS_KEY: ${{ inputs.aws-secret-access-key }}
+        AWS_DEFAULT_REGION: ${{ inputs.aws-region }}
+
+    - name: Login to Amazon ECR
+      id: login-ecr
+      uses: aws-actions/amazon-ecr-login@v2
+
+    - name: EC2 Docker Service Deploy
+      uses: appleboy/ssh-action@master
+      with:
+        host: ${{ inputs.ssh-host }}
+        username: ${{ inputs.ssh-username }}
+        key: ${{ inputs.ssh-key }}
+        script: |
+          sudo docker login --username AWS -p $(aws ecr get-login-password --region ${{ inputs.aws-region }}) ${{ steps.login-ecr.outputs.registry }}
+          sudo docker pull ${{ inputs.ecr-image-uri }}
+          if sudo -S docker service inspect ${{ inputs.docker-service }} &> /dev/null; then
+            echo "Updating existing service."
+            sudo -S docker service update \
+              --force \
+              --replicas ${{ inputs.replicas }} \
+              ${{ inputs.docker-service }}
+          else
+            echo "Creating new service."
+            sudo -S docker service create \
+              --name ${{ inputs.docker-service }} \
+              --replicas ${{ inputs.replicas }} \
+              --network ${{ inputs.docker-network }} \
+              --publish published=${{ inputs.published-port }},target=${{ inputs.docker-target-port }} \
+              ${{ inputs.docker-opts }} \
+              ${{ inputs.ecr-image-uri }}
+          fi
+
+    - name: EC2 Prune conatiner and images
+      if: ${{ inputs.prune == 'true' }}
+      uses: appleboy/ssh-action@master
+      with:
+        host: ${{ inputs.ssh-host }}
+        username: ${{ inputs.ssh-username }}
+        key: ${{ inputs.ssh-key }}
+        script: |
+          sudo -S docker container prune -f
+          sudo -S docker image prune -af
+
+    - name: Remove Github Actions IP from security group
+      shell: bash
+      if: ${{ inputs.security-group-id != '' }} && always()
+      run: |
+        aws ec2 revoke-security-group-ingress --group-id ${{ inputs.security-group-id }} --protocol tcp --port ${{ inputs.ssh-port }} --cidr ${{ steps.ip.outputs.ipv4 }}/32
+      env:
+        AWS_ACCESS_KEY_ID: ${{ inputs.aws-access-key-id }}
+        AWS_SECRET_ACCESS_KEY: ${{ inputs.aws-secret-access-key }}
+        AWS_DEFAULT_REGION: ${{ inputs.aws-region }}