Deploy API to Staging #57
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Deploy API to Staging | |
on: | |
workflow_dispatch: | |
inputs: | |
commit: | |
description: "Branch/Commit ref" | |
default: "" | |
required: true | |
type: string | |
workflow_call: | |
inputs: | |
commit: | |
description: "Commit ref" | |
required: true | |
type: string | |
jobs: | |
test: | |
runs-on: ubuntu-latest | |
services: | |
redis: | |
image: redis | |
# Set health checks to wait until redis has started | |
options: >- | |
--health-cmd "redis-cli ping" | |
--health-interval 10s | |
--health-timeout 5s | |
--health-retries 5 | |
ports: | |
- 6379:6379 | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
ref: ${{ inputs.commit }} | |
- uses: actions/setup-python@v4 | |
with: | |
python-version: "3.11" | |
- name: Install pipenv | |
run: pip3 install pipenv | |
- name: Generate requirements.txt | |
working-directory: ./api | |
run: pipenv requirements --dev > requirements.txt | |
- name: Install API dependencies | |
working-directory: ./api | |
run: pip3 install -r requirements.txt | |
- name: Django Check | |
working-directory: ./api | |
env: | |
CERAMIC_CACHE_SCORER_ID: "" | |
run: python manage.py check | |
- name: Run API unittests | |
working-directory: ./api | |
env: | |
CERAMIC_CACHE_SCORER_ID: "" | |
run: pytest | |
build-api: | |
environment: Staging | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
ref: ${{ inputs.commit }} | |
- uses: actions/setup-python@v4 | |
with: | |
python-version: "3.11" | |
- name: Declare some variables | |
id: vars | |
shell: bash | |
run: echo "::set-output name=sha_short::$(git rev-parse --short HEAD)" | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v1 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_STAGING }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_STAGING }} | |
aws-region: ${{ secrets.AWS_DEFAULT_REGION_STAGING }} | |
- name: Login to Amazon ECR Public | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v1 | |
with: | |
registry-type: public | |
- name: Build, tag, and push image to Amazon ECR | |
env: | |
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
ECR_REGISTRY_ALIAS: t1g3k9q8 | |
ECR_REPOSITORY: passport-scorer | |
IMAGE_TAG: ${{ steps.vars.outputs.sha_short }} | |
run: | | |
docker build -t $ECR_REGISTRY/$ECR_REGISTRY_ALIAS/$ECR_REPOSITORY:$IMAGE_TAG -f api/Dockerfile ./api/ | |
docker push $ECR_REGISTRY/$ECR_REGISTRY_ALIAS/$ECR_REPOSITORY:$IMAGE_TAG | |
outputs: | |
dockerTag: ${{ steps.vars.outputs.sha_short }} | |
build-verifier: | |
environment: Staging | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
ref: ${{ inputs.commit }} | |
- uses: actions/setup-python@v4 | |
with: | |
python-version: "3.11" | |
- name: Declare some variables | |
id: vars | |
shell: bash | |
run: echo "::set-output name=sha_short::$(git rev-parse --short HEAD)" | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v1 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_STAGING }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_STAGING }} | |
aws-region: ${{ secrets.AWS_DEFAULT_REGION_STAGING }} | |
- name: Login to Amazon ECR Public | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v1 | |
with: | |
registry-type: public | |
- name: Build, tag, and push image to Amazon ECR | |
env: | |
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
ECR_REGISTRY_ALIAS: t1g3k9q8 | |
ECR_REPOSITORY: passport-verifier | |
IMAGE_TAG: ${{ steps.vars.outputs.sha_short }} | |
run: | | |
docker build -t $ECR_REGISTRY/$ECR_REGISTRY_ALIAS/$ECR_REPOSITORY:$IMAGE_TAG -f verifier/Dockerfile ./verifier/ | |
docker push $ECR_REGISTRY/$ECR_REGISTRY_ALIAS/$ECR_REPOSITORY:$IMAGE_TAG | |
outputs: | |
dockerTag: ${{ steps.vars.outputs.sha_short }} | |
deploy-staging: | |
environment: Staging | |
needs: [test, build-api, build-verifier] | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
ref: ${{ inputs.commit }} | |
- name: Use Node.js | |
uses: actions/setup-node@v2 | |
with: | |
cache: "yarn" | |
cache-dependency-path: infra/staging/package-lock.json | |
################################################################################################################ | |
# TODO: to be fixed: only doing the aws-actions/configure-aws-credentials and aws-actions/amazon-ecr-login | |
# because passing over the repository value from the build step did not work | |
################################################################################################################ | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v1 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_STAGING }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_STAGING }} | |
aws-region: ${{ secrets.AWS_DEFAULT_REGION_STAGING }} | |
- name: Login to Amazon ECR | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v1 | |
# Update the pulumi stack with new image | |
- run: | | |
npm install | |
pulumi stack select -c gitcoin/passport-scorer/staging | |
pulumi config -s gitcoin/passport-scorer/staging set aws:region us-west-2 --non-interactive | |
working-directory: infra/staging | |
env: | |
PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} | |
- uses: pulumi/actions@v3 | |
id: pulumi | |
with: | |
command: up | |
stack-name: gitcoin/passport-scorer/staging | |
upsert: false | |
work-dir: infra/staging | |
env: | |
PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID_STAGING }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY_STAGING }} | |
DOCKER_GTC_PASSPORT_SCORER_IMAGE: public.ecr.aws/t1g3k9q8/passport-scorer:${{ needs.build-api.outputs.dockerTag }} | |
DOCKER_GTC_PASSPORT_VERIFIER_IMAGE: public.ecr.aws/t1g3k9q8/passport-verifier:${{ needs.build-verifier.outputs.dockerTag }} | |
ROUTE_53_ZONE: ${{ secrets.ROUTE53_ZONE_ID }} | |
DOMAIN: ${{ secrets.DOMAIN_STAGING }} | |
SCORER_SERVER_SSM_ARN: ${{ secrets.SCORER_SERVER_SSM_ARN }} | |
FLOWER_USER: ${{ secrets.FLOWER_USER }} | |
FLOWER_PASSWORD: ${{ secrets.FLOWER_PASSWORD }} | |
DB_USER: ${{ secrets.DB_USER_STAGING }} | |
DB_NAME: ${{ secrets.DB_NAME_STAGING }} | |
DB_PASSWORD: ${{ secrets.DB_PASSWORD_STAGING }} |