Skip to content

Deploy API to Staging #85

Deploy API to Staging

Deploy API to Staging #85

name: Deploy API to Staging
on:
workflow_dispatch:
inputs:
commit:
description: "Branch/Commit ref"
default: ""
required: true
type: string
workflow_call:
inputs:
commit:
description: "Commit ref"
required: true
type: string
jobs:
test:
runs-on: ubuntu-latest
services:
redis:
image: redis
# Set health checks to wait until redis has started
options: >-
--health-cmd "redis-cli ping"
--health-interval 10s
--health-timeout 5s
--health-retries 5
ports:
- 6379:6379
steps:
- uses: actions/checkout@v3
with:
ref: ${{ inputs.commit }}
- uses: actions/setup-python@v4
with:
python-version: "3.11"
- name: Install pipenv
run: pip3 install pipenv
- name: Generate requirements.txt
working-directory: ./api
run: pipenv requirements --dev > requirements.txt
- name: Install API dependencies
working-directory: ./api
run: pip3 install -r requirements.txt
- name: Django Check
working-directory: ./api
env:
CERAMIC_CACHE_SCORER_ID: ""
run: python manage.py check
- name: Run API unittests
working-directory: ./api
env:
CERAMIC_CACHE_SCORER_ID: ""
run: pytest
build-api:
environment: Staging
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
ref: ${{ inputs.commit }}
- uses: actions/setup-python@v4
with:
python-version: "3.11"
- name: Declare some variables
id: vars
shell: bash
run: echo "::set-output name=sha_short::$(git rev-parse --short HEAD)"
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_STAGING }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_STAGING }}
aws-region: ${{ secrets.AWS_DEFAULT_REGION_STAGING }}
- name: Login to Amazon ECR Public
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1
with:
registry-type: public
- name: Build, tag, and push image to Amazon ECR
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
ECR_REGISTRY_ALIAS: t1g3k9q8
ECR_REPOSITORY: passport-scorer
IMAGE_TAG: ${{ steps.vars.outputs.sha_short }}
run: |
docker build -t $ECR_REGISTRY/$ECR_REGISTRY_ALIAS/$ECR_REPOSITORY:$IMAGE_TAG -f api/Dockerfile ./api/
docker push $ECR_REGISTRY/$ECR_REGISTRY_ALIAS/$ECR_REPOSITORY:$IMAGE_TAG
outputs:
dockerTag: ${{ steps.vars.outputs.sha_short }}
build-verifier:
environment: Staging
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
ref: ${{ inputs.commit }}
- uses: actions/setup-python@v4
with:
python-version: "3.11"
- name: Declare some variables
id: vars
shell: bash
run: echo "::set-output name=sha_short::$(git rev-parse --short HEAD)"
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_STAGING }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_STAGING }}
aws-region: ${{ secrets.AWS_DEFAULT_REGION_STAGING }}
- name: Login to Amazon ECR Public
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1
with:
registry-type: public
- name: Build, tag, and push image to Amazon ECR
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
ECR_REGISTRY_ALIAS: t1g3k9q8
ECR_REPOSITORY: passport-verifier
IMAGE_TAG: ${{ steps.vars.outputs.sha_short }}
run: |
docker build -t $ECR_REGISTRY/$ECR_REGISTRY_ALIAS/$ECR_REPOSITORY:$IMAGE_TAG -f verifier/Dockerfile ./verifier/
docker push $ECR_REGISTRY/$ECR_REGISTRY_ALIAS/$ECR_REPOSITORY:$IMAGE_TAG
outputs:
dockerTag: ${{ steps.vars.outputs.sha_short }}
deploy-staging:
environment: Staging
needs: [test, build-api, build-verifier]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
ref: ${{ inputs.commit }}
- name: Use Node.js
uses: actions/setup-node@v2
with:
cache: "yarn"
cache-dependency-path: infra/package-lock.json
################################################################################################################
# TODO: to be fixed: only doing the aws-actions/configure-aws-credentials and aws-actions/amazon-ecr-login
# because passing over the repository value from the build step did not work
################################################################################################################
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_STAGING }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_STAGING }}
aws-region: ${{ secrets.AWS_DEFAULT_REGION_STAGING }}
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1
# Update the pulumi stack with new image
- run: |
npm install
cd staging
pulumi stack select -c gitcoin/passport-scorer/staging
pulumi config -s gitcoin/passport-scorer/staging set aws:region us-west-2 --non-interactive
working-directory: infra
env:
PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
- uses: pulumi/actions@v3
id: pulumi
with:
command: up
stack-name: gitcoin/passport-scorer/staging
upsert: false
work-dir: infra/staging
env:
PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID_STAGING }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY_STAGING }}
DOCKER_GTC_PASSPORT_SCORER_IMAGE: public.ecr.aws/t1g3k9q8/passport-scorer:${{ needs.build-api.outputs.dockerTag }}
DOCKER_GTC_PASSPORT_VERIFIER_IMAGE: public.ecr.aws/t1g3k9q8/passport-verifier:${{ needs.build-verifier.outputs.dockerTag }}
ROUTE_53_ZONE: ${{ secrets.ROUTE53_ZONE_ID }}
DOMAIN: ${{ secrets.DOMAIN_STAGING }}
SCORER_SERVER_SSM_ARN: ${{ secrets.SCORER_SERVER_SSM_ARN }}
FLOWER_USER: ${{ secrets.FLOWER_USER }}
FLOWER_PASSWORD: ${{ secrets.FLOWER_PASSWORD }}
DB_USER: ${{ secrets.DB_USER_STAGING }}
DB_NAME: ${{ secrets.DB_NAME_STAGING }}
DB_PASSWORD: ${{ secrets.DB_PASSWORD_STAGING }}
REDASH_DB_NAME: ${{ secrets.REDASH_DB_NAME }}
REDASH_DB_PASSWORD: ${{ secrets.REDASH_DB_PASSWORD }}
REDASH_DB_USER: ${{ secrets.REDASH_DB_USER }}
REDASH_SECRET_KEY: ${{ secrets.REDASH_SECRET_KEY }}