feat(infra): added AWS metric pagerduty alerts to infra (#392) #145
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Deploy API to Review | |
on: | |
push: | |
branches: [main] | |
jobs: | |
test: | |
runs-on: ubuntu-latest | |
services: | |
redis: | |
image: redis | |
# Set health checks to wait until redis has started | |
options: >- | |
--health-cmd "redis-cli ping" | |
--health-interval 10s | |
--health-timeout 5s | |
--health-retries 5 | |
ports: | |
- 6379:6379 | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-python@v4 | |
with: | |
python-version: "3.11" | |
- name: Install pipenv | |
run: pip3 install pipenv | |
- name: Generate requirements.txt | |
working-directory: ./api | |
run: pipenv requirements --dev > requirements.txt | |
- name: Install API dependencies | |
working-directory: ./api | |
run: pip3 install -r requirements.txt | |
- name: Django Check | |
working-directory: ./api | |
env: | |
CERAMIC_CACHE_SCORER_ID: "" | |
run: python manage.py check | |
- name: Run API unittests | |
working-directory: ./api | |
env: | |
CERAMIC_CACHE_SCORER_ID: "" | |
run: pytest | |
build-api: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-python@v4 | |
with: | |
python-version: "3.11" | |
- name: Declare some variables | |
id: vars | |
shell: bash | |
run: echo "::set-output name=sha_short::$(git rev-parse --short HEAD)" | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v1 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: ${{ secrets.AWS_DEFAULT_REGION }} | |
- name: Login to Amazon ECR Public | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v1 | |
with: | |
registry-type: public | |
- name: Build, tag, and push image to Amazon ECR | |
env: | |
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
ECR_REGISTRY_ALIAS: i8r3d4s6 | |
ECR_REPOSITORY: passport-scorer | |
IMAGE_TAG: ${{ steps.vars.outputs.sha_short }} | |
run: | | |
docker build -t $ECR_REGISTRY/$ECR_REGISTRY_ALIAS/$ECR_REPOSITORY:$IMAGE_TAG -f api/Dockerfile ./api/ | |
docker push $ECR_REGISTRY/$ECR_REGISTRY_ALIAS/$ECR_REPOSITORY:$IMAGE_TAG | |
outputs: | |
dockerTag: ${{ steps.vars.outputs.sha_short }} | |
build-verifier: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-python@v4 | |
with: | |
python-version: "3.11" | |
- name: Declare some variables | |
id: vars | |
shell: bash | |
run: echo "::set-output name=sha_short::$(git rev-parse --short HEAD)" | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v1 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: ${{ secrets.AWS_DEFAULT_REGION }} | |
- name: Login to Amazon ECR Public | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v1 | |
with: | |
registry-type: public | |
- name: Build, tag, and push image to Amazon ECR | |
env: | |
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
ECR_REGISTRY_ALIAS: i8r3d4s6 | |
ECR_REPOSITORY: passport-verifier | |
IMAGE_TAG: ${{ steps.vars.outputs.sha_short }} | |
run: | | |
docker build -t $ECR_REGISTRY/$ECR_REGISTRY_ALIAS/$ECR_REPOSITORY:$IMAGE_TAG -f verifier/Dockerfile ./verifier/ | |
docker push $ECR_REGISTRY/$ECR_REGISTRY_ALIAS/$ECR_REPOSITORY:$IMAGE_TAG | |
outputs: | |
dockerTag: ${{ steps.vars.outputs.sha_short }} | |
deploy-review: | |
needs: [test, build-api, build-verifier] | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Use Node.js | |
uses: actions/setup-node@v2 | |
with: | |
cache: "yarn" | |
cache-dependency-path: infra/package-lock.json | |
# Update the pulumi stack with new image | |
- run: | | |
npm install | |
cd review | |
pulumi stack select -c gitcoin/passport-scorer/review | |
pulumi config -s gitcoin/passport-scorer/review set aws:region us-east-1 --non-interactive | |
working-directory: infra | |
env: | |
PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} | |
- uses: pulumi/actions@v3 | |
id: pulumi | |
with: | |
command: up | |
stack-name: gitcoin/passport-scorer/review | |
upsert: false | |
work-dir: infra/review | |
env: | |
PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
DOCKER_GTC_PASSPORT_SCORER_IMAGE: public.ecr.aws/i8r3d4s6/passport-scorer:${{ needs.build-api.outputs.dockerTag }} | |
DOCKER_GTC_PASSPORT_VERIFIER_IMAGE: public.ecr.aws/i8r3d4s6/passport-verifier:${{ needs.build-verifier.outputs.dockerTag }} | |
ROUTE_53_ZONE: ${{ secrets.ROUTE53_ZONE_ID }} | |
DOMAIN: ${{ secrets.DOMAIN }} | |
SCORER_SERVER_SSM_ARN: ${{ secrets.SCORER_SERVER_SSM_ARN }} | |
DB_USER: ${{ secrets.DB_USER }} | |
DB_NAME: ${{ secrets.DB_NAME }} | |
DB_PASSWORD: ${{ secrets.DB_PASSWORD }} |