1- name : MCP Build Docker Image and Publish
1+ name : MCP Build, Publish and Deploy
22
33on :
44 pull_request :
55 paths :
66 - mcp/**
7- - .github/workflows/mcp-docker-build-publish.yml
7+ - .github/workflows/mcp-docker-build-publish-deploy .yml
88 - .github/workflows/.reusable-docker-build.yml
99 - .github/workflows/.reusable-docker-publish.yml
1010 types : [opened, synchronize, reopened, ready_for_review]
1313 - main
1414 paths :
1515 - mcp/**
16- - .github/workflows/mcp-docker-build-publish.yml
16+ - .github/workflows/mcp-docker-build-publish-deploy .yml
1717 - .github/workflows/.reusable-docker-build.yml
1818 - .github/workflows/.reusable-docker-publish.yml
1919 release :
2020 types :
2121 - released
22+ workflow_dispatch :
2223
2324jobs :
2425 docker-build-mcp :
6061 docker-publish-ecr-staging-mcp :
6162 name : Publish MCP image to staging ECR
6263 needs : [docker-build-mcp]
63- if : github.event_name == 'push'
64+ if : github.event_name == 'push' || github.event_name == 'workflow_dispatch'
6465 runs-on : depot-ubuntu-latest
6566 # The OIDC role trusts jobs running in the staging environment.
6667 environment : staging
99100 tags : |
100101 type=ref,event=branch
101102 type=sha
103+ type=raw,value=latest
102104
103105 # Setup Docker buildx with Depot builder so imagetools have access to Depot cache
104106 - uses : depot/use-action@v1
@@ -153,6 +155,7 @@ jobs:
153155 tags : |
154156 type=semver,pattern={{version}}
155157 type=semver,pattern={{major}}.{{minor}}
158+ type=raw,value=latest
156159
157160 # Setup Docker buildx with Depot builder so imagetools have access to Depot cache
158161 - uses : depot/use-action@v1
@@ -162,3 +165,54 @@ jobs:
162165 with :
163166 sources : ${{ needs.docker-build-mcp.outputs.image }}
164167 tags : ${{ steps.meta.outputs.tags }}
168+
169+ deploy-ecr-staging-mcp :
170+ name : Deploy MCP to staging
171+ needs : [docker-publish-ecr-staging-mcp]
172+ if : github.event_name == 'push' || github.event_name == 'workflow_dispatch'
173+ runs-on : depot-ubuntu-latest
174+ environment : staging
175+ permissions :
176+ contents : read
177+ id-token : write
178+ steps :
179+ - name : Configure AWS credentials
180+ uses : aws-actions/configure-aws-credentials@v6
181+ with :
182+ role-to-assume : ${{ vars.MCP_ECR_GITHUB_ROLE_ARN }}
183+ aws-region : eu-west-2
184+
185+ - name : Roll the service onto the new image
186+ run : |
187+ aws ecs update-service \
188+ --cluster "$CLUSTER" --service "$SERVICE" --force-new-deployment
189+ aws ecs wait services-stable --cluster "$CLUSTER" --services "$SERVICE"
190+ env :
191+ CLUSTER : ${{ vars.AWS_ECS_CLUSTER_NAME }}
192+ SERVICE : ${{ vars.AWS_ECS_MCP_SERVICE_NAME }}
193+
194+ deploy-ecr-mcp :
195+ name : Deploy MCP to production
196+ needs : [docker-publish-ecr-mcp]
197+ if : github.event_name == 'release'
198+ runs-on : depot-ubuntu-latest
199+ # The OIDC role trusts jobs running in the production environment.
200+ environment : production
201+ permissions :
202+ contents : read
203+ id-token : write
204+ steps :
205+ - name : Configure AWS credentials
206+ uses : aws-actions/configure-aws-credentials@v6
207+ with :
208+ role-to-assume : ${{ vars.MCP_ECR_GITHUB_ROLE_ARN }}
209+ aws-region : eu-west-2
210+
211+ - name : Roll the service onto the new image
212+ run : |
213+ aws ecs update-service \
214+ --cluster "$CLUSTER" --service "$SERVICE" --force-new-deployment
215+ aws ecs wait services-stable --cluster "$CLUSTER" --services "$SERVICE"
216+ env :
217+ CLUSTER : ${{ vars.MCP_ECS_CLUSTER }}
218+ SERVICE : ${{ vars.MCP_ECS_SERVICE }}
0 commit comments