Opentrace uses a CI/CD pipeline that automatically deploys to AWS EC2 via Docker images pushed to ECR (Elastic Container Registry).
| Component | AWS Service |
|---|---|
| Container Registry | ECR (Elastic Container Registry) |
| Compute | EC2 instance (Ubuntu) |
| File Storage | S3 bucket |
Both the client and server have GitHub Actions workflows in their respective .github/workflows/deploy.yml files. On push to main:
latest tagname: Deploy to AWS
on:
push:
branches: [main]
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.AWS_REGION }}
- name: Login to ECR
uses: aws-actions/amazon-ecr-login@v2
- name: Build and push Docker image
run: |
docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:latest .
docker push $ECR_REGISTRY/$ECR_REPOSITORY:latest
- name: Deploy to EC2 via SSH
run: |
ssh ec2-user@$EC2_HOST \
"docker pull $ECR_REGISTRY/$ECR_REPOSITORY:latest && \
docker stop app_server && \
docker rm app_server && \
docker run -d --name app_server ..."| Secret | Description |
|---|---|
AWS_ACCESS_KEY_ID | IAM user access key with ECR/EC2 permissions |
AWS_SECRET_ACCESS_KEY | IAM user secret key |
AWS_REGION | AWS region (e.g., us-east-1) |
ECR_REGISTRY | ECR registry URL |
EC2_HOST | EC2 public IP or DNS |
EC2_SSH_KEY | SSH private key for EC2 access |
The client and server have separate ECR repositories and deploy independently. Deploying the server does not affect the client and vice versa.