Week 5 ‐ 17.03.2025 ‐ 23.03.2025 - Campus-Castolo/m300 GitHub Wiki
Week 5 - 17.03.2025 ‐ 23.03.2025
Week 5 - 17.03.2025 ‐ 23.03.2025 - Task list
| Task | Description | Notes | Status | Start Date | Completion Date | Hours Needed |
|---|---|---|---|---|---|---|
| Workflow pushing wordpress docker image into AWS ECR | Implement a basic workflow for container image deployment | Validate successful push to AWS ECR | ✅ | 17.03.2025 | 17.03.2025 | 2 Hrs |
| Semantic Tagging of Docker Image | Implement a script that semantically tags ECR Image upon successful build | Modify Workflow and Create Helper Script | ✅ | 17.03.2025 | 17.03.2025 | 2 Hrs |
| Using Docker Image in a ECS Task and make it accessible | Making the WordPress Accessible over the internet (Publicly) | --- | 🛠️ | --- | --- | --- |
| Implementing a Terraform file for test | Terraform for automatic setup of EC2 instance to test out capability | This is a test | ⏩ | SKIPPED | SKIPPED | SKIPPED |
| Implementing Terraform file for automated setup Infrastructure | Setup automated infrastructure by utilizing Terraform, VPC, RDS etc. | --- | ✅ | 20.03.2025 | 20.03.2025 | 4 Hours |
Daily Log 17.03.2025
The daily activities of 17.03.2025
Daily Log 17.03.2025 - Activity
| Task | Description | Notes | Status | Start Date | Completion Date | Hours Needed |
|---|---|---|---|---|---|---|
| Workflow pushing wordpress docker image into AWS ECR | Implement a basic workflow for container image deployment | Validate successful push to AWS ECR | ✅ | 17.03.2025 | 17.03.2025 | 2 Hrs |
| Semantic Tagging of Docker Image | Implement a script that semantically tags ECR Image upon successful build | Modify Workflow and Create Helper Script | ✅ | 17.03.2025 | 17.03.2025 | 2 Hrs |
Daily Log 17.03.2025 - Summary
Today, I had significant catching up to do, as I was out sick for the entirety of last week.
I successfully completed and adjusted the workflow initially pushed to the repository in Week 3. This process was challenging, and I'll elaborate on the difficulties below.
After pushing the modified Docker image, I implemented a helper script that automatically manages semantic tagging based on specific Git commit messages:
[M] = Major: Updates from 1.0.0 → 2.0.0
[m] = Minor: Updates from 1.1.0 → 1.2.0
[p] = Patch: Updates from 1.1.1 → 1.1.2
Example:If the current Docker image version is 1.0.0 and I commit to the main branch with the message:
new release [M]
This triggers the workflow, building and pushing a new Docker image to ECR, updating the version to 2.0.0. However, this implementation encountered a minor issue, which I'll detail further below.
Daily Log 17.03.2025 - Daily Results
This is the workflow
name: Build and Push WP Image to ECR with Semantic Tagging
on:
push:
branches: [main]
permissions:
contents: write
jobs:
build-and-push:
runs-on: ubuntu-latest
steps:
- name: Checkout Repo
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Determine Version Increment
id: versioning
run: |
COMMIT_MSG=$(git log -1 --pretty=%B)
if [ "$COMMIT_MSG" =~ \[M\] ](/Campus-Castolo/m300/wiki/-"$COMMIT_MSG"-=~-\[M\]-); then
echo "increment=major" >> $GITHUB_OUTPUT
elif [ "$COMMIT_MSG" =~ \[m\] ](/Campus-Castolo/m300/wiki/-"$COMMIT_MSG"-=~-\[m\]-); then
echo "increment=minor" >> $GITHUB_OUTPUT
elif [ "$COMMIT_MSG" =~ \[p\] ](/Campus-Castolo/m300/wiki/-"$COMMIT_MSG"-=~-\[p\]-); then
echo "increment=patch" >> $GITHUB_OUTPUT
else
echo "No valid tag [M|m|p] found in commit message. Exiting."
exit 1
fi
- name: Increment Git Version
id: increment-version
run: |
chmod +x ./helper_script/git_update.sh
NEW_VERSION=$(./helper_script/git_update.sh ${{ steps.versioning.outputs.increment }})
echo "new_version=$NEW_VERSION" >> $GITHUB_OUTPUT
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-session-token: ${{ secrets.AWS_SESSION_TOKEN }}
aws-region: us-east-1
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
- name: Build, Tag, and Push Docker Image
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
ECR_REPOSITORY: m300/m300
IMAGE_TAG: ${{ steps.increment-version.outputs.new_version }}
run: |
docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG -f .wp-build/Dockerfile .
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
- name: Push Latest Tag
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
ECR_REPOSITORY: m300/m300
IMAGE_TAG: ${{ steps.increment-version.outputs.new_version }}
run: |
docker tag $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG $ECR_REGISTRY/$ECR_REPOSITORY:latest
docker push $ECR_REGISTRY/$ECR_REPOSITORY:latest
- name: Commit Updated Version
run: |
git config --global user.name 'github-actions'
git config --global user.email '[email protected]'
git add VERSION
git commit -m "Bump version to ${{ steps.increment-version.outputs.new_version }}"
git push origin main
The helper script
#!/bin/bash
VERSION_FILE="VERSION"
CURRENT_VERSION=$(cat $VERSION_FILE)
IFS='.' read -r MAJOR MINOR PATCH <<< "$CURRENT_VERSION"
case "$1" in
major)
MAJOR=$((MAJOR + 1))
MINOR=0
PATCH=0
;;
minor)
MINOR=$((MINOR + 1))
PATCH=0
;;
patch)
PATCH=$((PATCH + 1))
;;
*)
echo "Usage: git_update.sh [major|minor|patch]"
exit 1
;;
esac
NEW_VERSION="$MAJOR.$MINOR.$PATCH"
echo "$NEW_VERSION" > "$VERSION_FILE"
echo "$NEW_VERSION"
Daily Log 17.03.2025 - Problems
During the building of the Workflow problems arose with the authentication. It kept saying invalid access token so I searched for possible solutions on the Internet on StackOverflow to no avail, so I thought about it logically, since this is not a normal AWS Environment maybe I need to add another environment_secret so I looked under the:
Vocareum page > AWS Details > AWS CLI > SHOW
and then look you usually need AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY also you need to define region. Now under the AWS Learner lab you have one more enviornment variable that is AWS_SESSION_TOKEN also you always need to regenerate and newly setup these secrets since the AWS learner lab doesn't run 24/7 and after each restart or shutdown the secrets get regenerated.
Also during the pushing to ECR I've made a mistake, by accedentally making the repository imutable making it impossible to have a latest tag that gets constantly overwritten by the newest release.
Daily Log 17.03.2025 - Used Resources
None
Daily Log 17.03.2025 - Exercise
See Daily Results
Daily Log 20.03.2025
Daily Log 20.03.2025 - Activities
| Task | Description | Notes | Status | Start Date | Completion Date | Hours Needed |
|---|---|---|---|---|---|---|
| Implementing Terraform file for automated setup Infrastructure | Setup automated infrastructure by utilizing Terraform, VPC, RDS etc. | --- | ✅ | 20.03.2025 | 20.03.2025 | 4 Hours |
Daily Log 20.03.2025 - Summary
Today I implemented a Terraform file for the automated setup of the cloud enviornment. I've made sure to include every service as well make some security groups and routing tables. It was a challenge for sure, since I didn't really know what parameters/values I had to give with the script but in the end I got there. I also had to make sure that the security groups are correctly configured so that the RDS instance can correctly communicate with the outside (ECS Cluster). I also validated the Terraform file with an IaC Validator
Daily Log 20.03.2025 - Daily Results
Daily Log 20.03.2025 - Problems
There was a problem at first, because I didnt know that you had to specify AWS_SESSION_TOKEN in the file but after I figured that out it went down smoothly.
Daily Log 20.03.2025 - Used Resources
Daily Log 20.03.2025 - Exercise
None; See daily results
Weekly Summary - 17.03.2025 - 23.03.2025
This week marked a significant step forward in the deployment pipeline of the WordPress infrastructure. After recovering from illness in the previous week, progress was resumed with renewed energy. Key focus areas included refining the GitHub Actions workflow for Docker image deployment and semantic versioning, as well as setting up infrastructure automation using Terraform. Troubleshooting was an integral part of the progress, especially regarding AWS credentials and ECR configuration within the AWS Learner Lab environment.
Weekly Summary - 17.03.2025 - 23.03.2025 - Activity
| Task | Description | Status | Completion Date | Hours Spent |
|---|---|---|---|---|
| Workflow pushing WordPress Docker image into AWS ECR | Implemented a basic CI workflow for building and pushing Docker images | ✅ | 17.03.2025 | 2 Hrs |
| Semantic Tagging of Docker Image | Script and workflow to apply semantic versioning based on commit messages | ✅ | 17.03.2025 | 2 Hrs |
| Implementing Terraform file for automated setup Infrastructure | Automated setup of ECS, RDS, VPC, Security Groups, Routing Tables | ✅ | 20.03.2025 | 4 Hrs |
| Using Docker Image in an ECS Task and making it accessible | Make the deployed WordPress publicly accessible | 🛠️ | --- | --- |
| Terraform test for EC2 | A test run for Terraform EC2 deployment | ⏩ | SKIPPED | SKIPPED |
Weekly Summary - 17.03.2025 - 23.03.2025 - Weekly Results
- GitHub Actions Workflow was successfully implemented to build, tag, and push WordPress Docker images to ECR.
- Semantic Versioning system was created using a helper script and GitHub workflow integration:
[M]for major[m]for minor[p]for patch updates.
- Terraform Infrastructure Setup for ECS Cluster, RDS Instance, VPC, and Security Groups was successfully completed.
- Used an IaC validator to ensure Terraform code quality.
- Gained deeper understanding of required AWS credentials in the Learner Lab environment.
Weekly Summary - 17.03.2025 - 23.03.2025 - Problems
- Encountered "Invalid access token" errors when pushing to ECR.
- Cause: AWS Learner Lab requires
AWS_SESSION_TOKENin addition to standard credentials. - Solution: Regenerated and added all three AWS secrets (
AWS_ACCESS_KEY_ID,AWS_SECRET_ACCESS_KEY, andAWS_SESSION_TOKEN).
- Cause: AWS Learner Lab requires
- Mistakenly set ECR repository to immutable, which prevented overwriting the
latesttag. - Initial confusion with Terraform parameters and security group configuration for ECS ↔ RDS communication.
- Spent additional time debugging AWS IAM/session limitations due to ephemeral nature of Learner Lab environment.
Weekly Summary - 17.03.2025 - 23.03.2025 - Open Questions
- How can I automate the removal of older semantic image versions in ECR to manage storage?
- Should the
latesttag be maintained alongside semantic tags, or replaced with semantic-only tagging? - Is there a Terraform best practice to structure resources (e.g., modules or files) for long-term maintenance?
- How can I integrate AWS IAM roles with Terraform for more secure and scalable infrastructure