Skip to content

Commit

Permalink
release test
Browse files Browse the repository at this point in the history
  • Loading branch information
@jdbass
jdbass committed May 16, 2024
1 parent 035fbd0 commit 3213e4b
Show file tree
Hide file tree
Showing 8 changed files with 175 additions and 232 deletions.
302 changes: 105 additions & 197 deletions .github/workflows/deploy-production.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,125 +5,95 @@ concurrency:
cancel-in-progress: true

on:
workflow_dispatch
release:
types: [published]

permissions:
id-token: write # This is required for requesting the JWT
contents: read # This is required for actions/checkout

jobs:
detect-changes:
runs-on: ubuntu-latest
environment: production
outputs:
deploy-iac: ${{ steps.check.outputs.deploy-iac }}
deploy-backend: ${{ steps.check.outputs.deploy-backend }}
deploy-frontend: ${{ steps.check.outputs.deploy-frontend }}
steps:
- uses: actions/checkout@v4

- uses: dorny/paths-filter@v3
id: check
with:
filters: |
deploy-iac:
- 'tofu/modules/**'
- 'tofu/environments/stage/**'
- '.github/workflows/deploy-production.yml'
deploy-backend:
- 'backend/**'
- 'tofu/modules/services/backend-service/**'
- 'tofu/environments/stage/services/backend-service/**'
- '.github/workflows/deploy-production.yml'
deploy-frontend:
- 'frontend/**'
- 'tofu/modules/services/frontend-infra/**'
- 'tofu/environments/stage/services/frontend-infra/**'
- '.github/workflows/deploy-production.yml'
deploy-iac:
needs: detect-changes
if: needs.detect-changes.outputs.deploy-iac == 'true'
environment: production
runs-on: ubuntu-latest
outputs:
bucket: ${{ steps.output-bucket-name.outputs.bucket }}
env:
TF_VAR_region: ${{ vars.AWS_REGION }}
TF_VAR_environment: ${{ vars.ENV_SHORT_NAME }}
TF_VAR_name_prefix: "tb-${{ vars.PROJECT_SHORT_NAME }}-${{ vars.ENV_SHORT_NAME }}"
TF_VAR_app_env: ${{ vars.APP_ENV }}
TF_VAR_db_enc_secret: ${{ vars.DB_ENCRYPTED_SECRET }}
TF_VAR_frontend_url: ${{ vars.FRONTEND_URL }}
TF_VAR_fxa_secret: ${{ vars.FXA_SECRET }}
TF_VAR_google_oauth_secret: ${{ vars.GOOGLE_OAUTH_SECRET }}
TF_VAR_log_level: ${{ vars.LOG_LEVEL }}
TF_VAR_short_base_url: ${{ vars.SHORT_BASE_URL }}
TF_VAR_smtp_secret: ${{ vars.SMTP_SECRET }}
TF_VAR_zoom_callback: ${{ vars.ZOOM_CALLBACK }}
TF_VAR_zoom_secret: ${{ vars.zoom_secret }}
TF_VAR_sentry_dsn: ${{ vars.SENTRY_DSN }}
# env:
# TF_VAR_region: ${{ vars.AWS_REGION }}
# TF_VAR_environment: ${{ vars.ENV_SHORT_NAME }}
# TF_VAR_name_prefix: "tb-${{ vars.PROJECT_SHORT_NAME }}-${{ vars.ENV_SHORT_NAME }}"
# TF_VAR_app_env: ${{ vars.APP_ENV }}
# TF_VAR_db_enc_secret: ${{ vars.DB_ENCRYPTED_SECRET }}
# TF_VAR_frontend_url: ${{ vars.FRONTEND_URL }}
# TF_VAR_fxa_secret: ${{ vars.FXA_SECRET }}
# TF_VAR_google_oauth_secret: ${{ vars.GOOGLE_OAUTH_SECRET }}
# TF_VAR_log_level: ${{ vars.LOG_LEVEL }}
# TF_VAR_short_base_url: ${{ vars.SHORT_BASE_URL }}
# TF_VAR_smtp_secret: ${{ vars.SMTP_SECRET }}
# TF_VAR_zoom_callback: ${{ vars.ZOOM_CALLBACK }}
# TF_VAR_zoom_secret: ${{ vars.zoom_secret }}
# TF_VAR_sentry_dsn: ${{ vars.SENTRY_DSN }}
steps:
- uses: actions/checkout@v4

- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.IAM_ROLE }}
role-session-name: Appointment_GitHub_to_AWS_via_FederatedOIDC
aws-region: ${{ vars.AWS_REGION }}

- name: install opentofu
uses: opentofu/setup-opentofu@v1
with:
tofu_version: ${{ vars.TF_VERSION }}
tofu_wrapper: false

- name: install terragrunt
run: |
sudo wget -q -O /bin/terragrunt "https://github.com/gruntwork-io/terragrunt/releases/download/v${{ vars.TG_VERSION }}/terragrunt_linux_amd64"
sudo chmod +x /bin/terragrunt
terragrunt -v
- name: vpc
working-directory: ./tofu/environments/stage/network/vpc
run: |
terragrunt init -upgrade
terragrunt validate
terragrunt plan -out tfplan
terragrunt apply tfplan
- name: backend-infra
working-directory: ./tofu/environments/stage/services/backend-infra
run: |
terragrunt init -upgrade
terragrunt validate
terragrunt plan -out tfplan
terragrunt apply tfplan
- name: cache
working-directory: ./tofu/environments/stage/data-store/cache
run: |
terragrunt init -upgrade
terragrunt validate
terragrunt plan -out tfplan
terragrunt apply tfplan
- name: database
working-directory: ./tofu/environments/stage/data-store/database
run: |
terragrunt init -upgrade
terragrunt validate
terragrunt plan -out tfplan
terragrunt apply tfplan
- name: frontend-infra
working-directory: ./tofu/environments/stage/services/frontend-infra
run: |
terragrunt init -upgrade
terragrunt validate
terragrunt plan -out tfplan
terragrunt apply tfplan
# - uses: actions/checkout@v4
#
# - name: Configure AWS credentials
# uses: aws-actions/configure-aws-credentials@v4
# with:
# role-to-assume: ${{ secrets.IAM_ROLE }}
# role-session-name: Appointment_GitHub_to_AWS_via_FederatedOIDC
# aws-region: ${{ vars.AWS_REGION }}
#
# - name: install opentofu
# uses: opentofu/setup-opentofu@v1
# with:
# tofu_version: ${{ vars.TF_VERSION }}
# tofu_wrapper: false
#
# - name: install terragrunt
# run: |
# sudo wget -q -O /bin/terragrunt "https://github.com/gruntwork-io/terragrunt/releases/download/v${{ vars.TG_VERSION }}/terragrunt_linux_amd64"
# sudo chmod +x /bin/terragrunt
# terragrunt -v
#
# - name: vpc
# working-directory: ./tofu/environments/stage/network/vpc
# run: |
# terragrunt init -upgrade
# terragrunt validate
# terragrunt plan -out tfplan
# terragrunt apply tfplan
#
# - name: backend-infra
# working-directory: ./tofu/environments/stage/services/backend-infra
# run: |
# terragrunt init -upgrade
# terragrunt validate
# terragrunt plan -out tfplan
# terragrunt apply tfplan
#
# - name: cache
# working-directory: ./tofu/environments/stage/data-store/cache
# run: |
# terragrunt init -upgrade
# terragrunt validate
# terragrunt plan -out tfplan
# terragrunt apply tfplan
#
# - name: database
# working-directory: ./tofu/environments/stage/data-store/database
# run: |
# terragrunt init -upgrade
# terragrunt validate
# terragrunt plan -out tfplan
# terragrunt apply tfplan
#
# - name: frontend-infra
# working-directory: ./tofu/environments/stage/services/frontend-infra
# run: |
# terragrunt init -upgrade
# terragrunt validate
# terragrunt plan -out tfplan
# terragrunt apply tfplan

- name: output-bucket-name
id: output-bucket-name
Expand All @@ -132,69 +102,33 @@ jobs:
output=$(terragrunt output bucket_name | tr -d '"')
echo bucket=$output >> $GITHUB_OUTPUT
deploy-frontend:
needs:
- detect-changes
- deploy-iac
if: needs.detect-changes.outputs.deploy-frontend == 'true'
release-production:
name: Release to Production
needs: deploy-iac
if: startsWith(github.ref_name, 'r-') # the prefix we have added to the tag
environment: production
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
permissions:
id-token: write
contents: read

- name: Setup NPM
uses: actions/setup-node@v4
steps:
- name: Get Artifact from Release
uses: dsaltares/fetch-gh-release-asset@master
with:
node-version: '18.x'

- name: Install dependencies
run: cd frontend && yarn install
version: ${{ github.event.release.id }}
file: frontend.zip

- name: Build project
run: |
cp frontend/.env.prod.example frontend/.env.prod
cd frontend && yarn build --mode ${{ vars.APP_ENV }}
- name: Unzip Artifact
run: unzip frontend.zip

- name: Install AWS CLI
uses: unfor19/install-aws-cli-action@v1
with:
version: 2
arch: amd64

- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
- name: Get ECR tag from Release
id: get_ecr_tag
uses: dsaltares/fetch-gh-release-asset@master
with:
role-to-assume: ${{ secrets.IAM_ROLE }}
role-session-name: Appointment_GitHub_to_AWS_via_FederatedOIDC
aws-region: ${{ vars.AWS_REGION }}

- name: Deploy frontend to S3
run: aws s3 sync frontend/dist "s3://${{ needs.deploy-iac.outputs.bucket }}"

deploy-backend:
needs:
- detect-changes
- deploy-iac
if: needs.detect-changes.outputs.deploy-backend == 'true'
environment: production
runs-on: ubuntu-latest
env:
TF_VAR_region: ${{ vars.AWS_REGION }}
TF_VAR_environment: ${{ vars.ENV_SHORT_NAME }}
TF_VAR_name_prefix: "tb-${{ vars.PROJECT_SHORT_NAME }}-${{ vars.ENV_SHORT_NAME }}"
TF_VAR_app_env: ${{ vars.APP_ENV }}
TF_VAR_db_enc_secret: ${{ vars.DB_ENCRYPTED_SECRET }}
TF_VAR_frontend_url: ${{ vars.FRONTEND_URL }}
TF_VAR_fxa_secret: ${{ vars.FXA_SECRET }}
TF_VAR_google_oauth_secret: ${{ vars.GOOGLE_OAUTH_SECRET }}
TF_VAR_log_level: ${{ vars.LOG_LEVEL }}
TF_VAR_short_base_url: ${{ vars.SHORT_BASE_URL }}
TF_VAR_smtp_secret: ${{ vars.SMTP_SECRET }}
TF_VAR_zoom_callback: ${{ vars.ZOOM_CALLBACK }}
TF_VAR_zoom_secret: ${{ vars.ZOOM_SECRET }}
TF_VAR_sentry_dsn: ${{ vars.SENTRY_DSN }}
steps:
- uses: actions/checkout@v4
version: ${{ github.event.release.id }}
file: ecr_tag.txt
target: ./tofu/environments/stage/services/backend-service

- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
Expand All @@ -203,40 +137,14 @@ jobs:
role-session-name: Appointment_GitHub_to_AWS_via_FederatedOIDC
aws-region: ${{ vars.AWS_REGION }}

- name: install opentofu
uses: opentofu/setup-opentofu@v1
with:
tofu_version: ${{ vars.TF_VERSION }}
tofu_wrapper: false

- name: install terragrunt
run: |
sudo wget -q -O /bin/terragrunt "https://github.com/gruntwork-io/terragrunt/releases/download/v${{ vars.TG_VERSION }}/terragrunt_linux_amd64"
sudo chmod +x /bin/terragrunt
terragrunt -v
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
with:
mask-password: 'true'

- name: Build, tag, and push backend image to Amazon ECR
id: build-backend
env:
ECR_TAG: '${{ steps.login-ecr.outputs.registry }}/${{ vars.PROJECT }}:backend-${{ github.sha }}'
run: |
# Build a docker container and
# push it to ECR so that it can
# be deployed to ECS.
docker build -t $ECR_TAG ./backend -f ./backend/deploy.dockerfile
docker push $ECR_TAG
echo "image_backend=$ECR_TAG" >> $GITHUB_OUTPUT
- name: backend-service
working-directory: ./tofu/environments/prod/services/backend-service
- name: Deploy Backend
working-directory: ./tofu/environments/stage/services/backend-service
run: |
terragrunt init -upgrade
terragrunt validate
terragrunt plan -var 'image=${{ steps.build-backend.outputs.image_backend }}' -out tfplan
terragrunt apply tfplan
terragrunt plan -var "image=$(cat steps.get_ecr_tag.outputs.*)" -out tfplan
cat tfplan
# terragrunt apply tfplan

# - name: Deploy frontend to S3
# run: aws s3 sync ./frontend/frontend/dist "s3://${{ needs.deploy-iac.outputs.bucket }}"
23 changes: 19 additions & 4 deletions .github/workflows/deploy-staging.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -175,8 +175,8 @@ jobs:
- name: Archive Frontend
uses: actions/upload-artifact@v4
with:
name: frontend-${{ github.sha }}
path: frontend-${{ github.sha }}.zip
name: frontend
path: frontend.zip

- name: Deploy frontend to S3
run: aws s3 sync frontend/dist "s3://${{ needs.deploy-iac.outputs.bucket }}"
Expand Down Expand Up @@ -244,6 +244,13 @@ jobs:
docker build -t $ECR_TAG ./backend -f ./backend/deploy.dockerfile
docker push $ECR_TAG
echo "image_backend=$ECR_TAG" >> $GITHUB_OUTPUT
echo $ECR_TAG | cat ecr_tag.txt
- name: Archive ECR tag
uses: actions/upload-artifact@v4
with:
name: ecr_tag
path: ecr_tag.txt

- name: deploy backend-service
working-directory: ./tofu/environments/stage/services/backend-service
Expand All @@ -266,7 +273,13 @@ jobs:
uses: actions/download-artifact@v4
with:
name:
frontend-${{ github.sha }}
frontend

- name: download ecr tag
uses: actions/download-artifact@v4
with:
name:
ecr_tag.txt

- name: create release tag
id: create-release-tag
Expand All @@ -286,4 +299,6 @@ jobs:
## How to Promote?
In order to promote this to prod, edit the draft and press **"Publish release"**.
draft: true
files: frontend-${{ github.sha }}.zip
files: |
frontend.zip
ecr_tag.txt
Loading

0 comments on commit 3213e4b

Please sign in to comment.