refactor(ci): revamp release deployment workflow

Completely redesign the release deployment workflow to:
- Simplify image building and deployment process
- Add branch-based tagging with commit SHA
- Replace AWS ECR login with direct Docker registry auth
- Improve service deployment with explicit image setting
- Update naming and descriptions for better clarity

Signed-off-by: rjshrjndrn <rjshrjndrn@gmail.com>

.github/workflows/release-deployment.yaml

@@ -1,68 +1,49 @@
-name: Build and Deploy
+name: Release Deployment
 
 on:
   workflow_dispatch:
     inputs:
-      tag:
-        description: 'Tag to deploy (e.g. vpre-1.22.0)'
-        required: true
-        type: string
       services:
-        description: 'Name of the service you want to build and deploy'
+        description: 'Comma-separated list of services to deploy'
         required: true
-        type: string
+      branch:
+        description: 'Branch to deploy (defaults to dev)'
+        required: false
+        default: 'dev'
 
 env:
-  DEPOT_TOKEN: ${{ secrets.DEPOT_TOKEN }}
+  IMAGE_REGISTRY_URL: ${{ secrets.OSS_REGISTRY_URL }}
   DEPOT_PROJECT_ID: ${{ secrets.DEPOT_PROJECT_ID }}
-  IMAGE_TAG: ${{ replace(github.event.inputs.tag, 'pre-', '') }}
+  DOCKER_REPO_OSS: ${{ secrets.OSS_REGISTRY_URL }}
 
 jobs:
-  build-and-deploy:
+  deploy:
     runs-on: ubuntu-latest
-
     steps:
-    - name: Checkout repository
+    - name: Checkout code
       uses: actions/checkout@v3
       with:
-        ref: ${{ github.event.inputs.tag }}
-
-    - name: Downloading yq
+        ref: ${{ github.event.inputs.branch }}
+    - name: Docker login
       run: |
-        VERSION="v4.42.1"
-        sudo wget https://github.com/mikefarah/yq/releases/download/${VERSION}/yq_linux_amd64 -O /usr/bin/yq
-        sudo chmod +x /usr/bin/yq
+        docker login ${{ secrets.OSS_REGISTRY_URL }} -u ${{ secrets.OSS_DOCKER_USERNAME }} -p "${{ secrets.OSS_REGISTRY_TOKEN }}"
 
-    # Configure AWS credentials for the first registry
-    - name: Configure AWS credentials for RELEASE_ARM_REGISTRY
-      uses: aws-actions/configure-aws-credentials@v1
-      with:
-        aws-access-key-id: ${{ secrets.AWS_DEPOT_ACCESS_KEY }}
-        aws-secret-access-key: ${{ secrets.AWS_DEPOT_SECRET_KEY }}
-        aws-region: ${{ secrets.AWS_DEPOT_DEFAULT_REGION }}
-
-    - name: Login to Amazon ECR for RELEASE_ARM_REGISTRY
-      id: login-ecr-arm
+    - name: Set image tag with branch info
       run: |
-        aws ecr get-login-password --region ${{ secrets.AWS_DEPOT_DEFAULT_REGION }} | docker login --username AWS --password-stdin ${{ secrets.RELEASE_ARM_REGISTRY }}
-        aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin ${{ secrets.RELEASE_OSS_REGISTRY }}
+        SHORT_SHA=$(git rev-parse --short HEAD)
+        echo "IMAGE_TAG=${IMAGE_TAG}-${{ github.event.inputs.branch }}-${SHORT_SHA}" >> $GITHUB_ENV
+        echo "Using image tag: ${IMAGE_TAG}-${{ github.event.inputs.branch }}-${SHORT_SHA}"
 
     - uses: depot/setup-action@v1
-    - name: Build
-      id: build-image
-      env:
-        DOCKER_REPO_OSS: ${{ secrets.RELEASE_OSS_REGISTRY }}
+
+    - name: Build and push Docker images
       run: |
-        set -exo pipefail
-        working_dir=$(pwd)
+        # Parse the comma-separated services list into an array
+        IFS=',' read -ra SERVICES <<< "${{ github.event.inputs.services }}"
         
-        # Checking for backend images
+        # Define backend services (consider moving this to workflow inputs or repo config)
         ls backend/cmd >> /tmp/backend.txt
-        echo Services: "${{ github.event.inputs.services }}"
-        IFS=',' read -ra SERVICES <<< "${{ github.event.inputs.services }}" 
-        BUILD_SCRIPT_NAME="build.sh"
-        version=$IMAGE_TAG
-        # Build FOSS
+        
         for SERVICE in "${SERVICES[@]}"; do
           # Check if service is backend
           if grep -q $SERVICE /tmp/backend.txt; then 
@@ -72,14 +53,26 @@ jobs:
           else 
             [[ $SERVICE == 'chalice' || $SERVICE == 'alerts' || $SERVICE == 'crons' ]] && cd $working_dir/api || cd $SERVICE
             [[ $SERVICE == 'alerts' || $SERVICE == 'crons' ]] && BUILD_SCRIPT_NAME="build_${SERVICE}.sh"
-            foss_build_args=""
             ee_build_args="ee"
-          fi
-          echo IMAGE_TAG=$version DOCKER_RUNTIME="depot" DOCKER_BUILD_ARGS="--push" ARCH=amd64 DOCKER_REPO=$DOCKER_REPO_OSS PUSH_IMAGE=0 bash ${BUILD_SCRIPT_NAME} $foss_build_args
-          IMAGE_TAG=$version DOCKER_RUNTIME="depot" DOCKER_BUILD_ARGS="--push" ARCH=amd64 DOCKER_REPO=$DOCKER_REPO_OSS PUSH_IMAGE=0 bash ${BUILD_SCRIPT_NAME} $foss_build_args
-          echo IMAGE_TAG=$version-ee DOCKER_RUNTIME="depot" DOCKER_BUILD_ARGS="--push" ARCH=amd64 DOCKER_REPO=$DOCKER_REPO_OSS PUSH_IMAGE=0 bash ${BUILD_SCRIPT_NAME} $ee_build_args
-          IMAGE_TAG=$version-ee DOCKER_RUNTIME="depot" DOCKER_BUILD_ARGS="--push" ARCH=amd64 DOCKER_REPO=$DOCKER_REPO_OSS PUSH_IMAGE=0 bash ${BUILD_SCRIPT_NAME} $ee_build_args
-          cd $working_dir
+          fi  
+          echo IMAGE_TAG=$IMAGE_TAG DOCKER_RUNTIME="depot" DOCKER_BUILD_ARGS="--push" ARCH=amd64 DOCKER_REPO=$DOCKER_REPO_OSS PUSH_IMAGE=0 bash ${BUILD_SCRIPT_NAME} $foss_build_args
+          IMAGE_TAG=$IMAGE_TAG DOCKER_RUNTIME="depot" DOCKER_BUILD_ARGS="--push" ARCH=amd64 DOCKER_REPO=$DOCKER_REPO_OSS PUSH_IMAGE=0 bash ${BUILD_SCRIPT_NAME} $foss_build_args
+        done
+          
+    - uses: azure/k8s-set-context@v1
+      name: Using ee release cluster
+      with:
+        method: kubeconfig
+        kubeconfig: ${{ secrets.EE_RELEASE_KUBECONFIG }}
+
+    - name: Deploy to ee release Kubernetes
+      run: |
+        echo "Deploying services to EE cluster: ${{ github.event.inputs.services }}"
+        IFS=',' read -ra SERVICES <<< "${{ github.event.inputs.services }}" 
+        for SERVICE in "${SERVICES[@]}"; do
+          SERVICE=$(echo $SERVICE | xargs) # Trim whitespace
+          echo "Deploying $SERVICE to EE cluster with image tag: ${IMAGE_TAG}"
+          kubectl set image deployment/$SERVICE-openreplay -n app $SERVICE=${{ secrets.RELEASE_OSS_REGISTRY }}/$SERVICE:${IMAGE_TAG}
         done
 
     - uses: azure/k8s-set-context@v1
@@ -87,29 +80,13 @@ jobs:
       with:
         method: kubeconfig
         kubeconfig: ${{ secrets.FOSS_RELEASE_KUBECONFIG }}
-      id: setcontext
 
-    - name: Deploy to foss release Kubernetes
+    - name: Deploy to FOSS release Kubernetes
       run: |
-        echo Services: "${{ github.event.inputs.services }}"
+        echo "Deploying services to FOSS cluster: ${{ github.event.inputs.services }}"
         IFS=',' read -ra SERVICES <<< "${{ github.event.inputs.services }}" 
         for SERVICE in "${SERVICES[@]}"; do
-          kubectl patch deployment "$SERVICE-openreplay" -n app --patch '{"spec": {"template": {"spec": {"containers": [{"name": "'$SERVICE'", "imagePullPolicy": "Always"}]}}}}'
-          kubectl rollout restart deployment "$SERVICE-openreplay" -n app
-        done
-
-    - uses: azure/k8s-set-context@v1
-      name: Using ee release cluster
-      with:
-        method: kubeconfig
-        kubeconfig: ${{ secrets.EE_RELEASE_KUBECONFIG }}
-      id: setcontext
-
-    - name: Deploy to ee release Kubernetes
-      run: |
-        echo Services: "${{ github.event.inputs.services }}"
-        IFS=',' read -ra SERVICES <<< "${{ github.event.inputs.services }}" 
-        for SERVICE in "${SERVICES[@]}"; do
-          kubectl patch deployment "$SERVICE-openreplay" -n app --patch '{"spec": {"template": {"spec": {"containers": [{"name": "'$SERVICE'", "imagePullPolicy": "Always"}]}}}}'
-          kubectl rollout restart deployment "$SERVICE-openreplay" -n app
+          SERVICE=$(echo $SERVICE | xargs) # Trim whitespace
+          echo "Deploying $SERVICE to FOSS cluster with image tag: ${IMAGE_TAG}"
+          kubectl set image deployment/$SERVICE-openreplay -n app $SERVICE=${{ secrets.RELEASE_OSS_REGISTRY }}/$SERVICE:${IMAGE_TAG}
         done