Skip to content

Commit

Permalink
Cleanup workflow triggers (#425)
Browse files Browse the repository at this point in the history 
* updated staging deployment job triggers

* add tofu/terragrunt install to staging frontend deployment

* add env variables to frontend deployment

* verify artifact paths

* compress deployment artifacts

* remove branch trigger
  • Loading branch information
@jdbass
jdbass authored May 24, 2024
1 parent 501e543 commit 731c05c
Show file tree
Hide file tree
Showing 3 changed files with 56 additions and 40 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/deploy-production.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -135,7 +135,7 @@ jobs:
uses: dsaltares/fetch-gh-release-asset@master
with:
version: ${{ github.event.release.id }}
file: ecr_tag.txt
file: ecr_tag.zip
target: ./tofu/environments/prod/services/backend-service

- name: Unzip ECR tag
Expand Down
92 changes: 54 additions & 38 deletions .github/workflows/deploy-staging.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,8 @@ jobs:
environment: staging
outputs:
deploy-iac: ${{ steps.check.outputs.deploy-iac }}
deploy-app: ${{ steps.check.outputs.deploy-app }}
deploy-backend: ${{ steps.check.outputs.deploy-backend }}
deploy-frontend: ${{ steps.check.outputs.deploy-frontend }}
steps:
- uses: actions/checkout@v4

Expand All @@ -31,38 +32,27 @@ jobs:
- 'tofu/modules/**'
- 'tofu/environments/stage/**'
- '.github/workflows/deploy-staging.yml'
deploy-app:
deploy-backend:
- 'backend/**'
- 'tofu/modules/services/backend-service/**'
- 'tofu/environments/stage/services/backend-service/**'
- '.github/workflows/deploy-staging.yml'
deploy-frontend:
- 'frontend/**'
- 'tofu/modules/services/frontend-infra/**'
- 'tofu/environments/stage/services/frontend-infra/**'
- '.github/workflows/deploy-staging.yml'
deploy-iac:
needs: detect-changes

if: needs.detect-changes.outputs.deploy-iac == 'true'
environment: staging
runs-on: ubuntu-latest
outputs:
bucket: ${{ steps.output-bucket-name.outputs.bucket }}
cloudfront_id: ${{ steps.output-cloudfront-distro.outputs.cloudfront_id }}
env:
TF_VAR_region: ${{ vars.AWS_REGION }}
TF_VAR_environment: ${{ vars.ENV_SHORT_NAME }}
TF_VAR_name_prefix: "tb-${{ vars.PROJECT_SHORT_NAME }}-${{ vars.ENV_SHORT_NAME }}"
TF_VAR_app_env: ${{ vars.APP_ENV }}
TF_VAR_db_enc_secret: ${{ vars.DB_ENCRYPTED_SECRET }}
TF_VAR_frontend_url: ${{ vars.FRONTEND_URL }}
TF_VAR_fxa_secret: ${{ vars.FXA_SECRET }}
TF_VAR_google_oauth_secret: ${{ vars.GOOGLE_OAUTH_SECRET }}
TF_VAR_log_level: ${{ vars.LOG_LEVEL }}
TF_VAR_short_base_url: ${{ vars.SHORT_BASE_URL }}
TF_VAR_smtp_secret: ${{ vars.SMTP_SECRET }}
TF_VAR_zoom_callback: ${{ vars.ZOOM_CALLBACK }}
TF_VAR_zoom_secret: ${{ vars.zoom_secret }}
TF_VAR_sentry_dsn: ${{ vars.SENTRY_DSN }}
steps:
- uses: actions/checkout@v4

Expand Down Expand Up @@ -125,27 +115,21 @@ jobs:
terragrunt plan -out tfplan
terragrunt apply tfplan
- name: output-bucket-name
id: output-bucket-name
working-directory: ./tofu/environments/stage/services/frontend-infra
run: |
output=$(terragrunt output bucket_name | tr -d '"')
echo bucket=$output >> $GITHUB_OUTPUT
- name: output-cloudfront-distro
id: output-cloudfront-distro
working-directory: ./tofu/environments/stage/services/frontend-infra
run: |
output=$(terragrunt output cloudfront_id)
echo cloudfront_id=$output >> $GITHUB_OUTPUT
deploy-frontend:
needs:
- detect-changes
- deploy-iac
if: always() && needs.detect-changes.outputs.deploy-app == 'true'

if: |
always() &&
(needs.deploy-iac.result == 'success' || needs.deploy-iac.result == 'skipped') &&
needs.detect-changes.outputs.deploy-frontend == 'true'
environment: staging
runs-on: ubuntu-latest
env:
TF_VAR_region: ${{ vars.AWS_REGION }}
TF_VAR_environment: ${{ vars.ENV_SHORT_NAME }}
TF_VAR_name_prefix: "tb-${{ vars.PROJECT_SHORT_NAME }}-${{ vars.ENV_SHORT_NAME }}"
steps:
- uses: actions/checkout@v4

Expand All @@ -162,6 +146,18 @@ jobs:
cp frontend/.env.stage.example frontend/.env.stage
cd frontend && yarn build --mode ${{ vars.APP_ENV }}
- name: install opentofu
uses: opentofu/setup-opentofu@v1
with:
tofu_version: ${{ vars.TF_VERSION }}
tofu_wrapper: false

- name: install terragrunt
run: |
sudo wget -q -O /bin/terragrunt "https://github.com/gruntwork-io/terragrunt/releases/download/v${{ vars.TG_VERSION }}/terragrunt_linux_amd64"
sudo chmod +x /bin/terragrunt
terragrunt -v
- name: Install AWS CLI
uses: unfor19/install-aws-cli-action@v1
with:
Expand All @@ -175,25 +171,39 @@ jobs:
role-session-name: Appointment_GitHub_to_AWS_via_FederatedOIDC
aws-region: ${{ vars.AWS_REGION }}

- name: Invalidate Cloudfront cache
run: aws cloudfront create-invalidation --distribution-id ${{ needs.deploy-iac.outputs.cloudfront_id }} --paths "/*"
- name: Create Frontend Archive
run: zip frontend.zip frontend/dist

- name: Archive Frontend
uses: actions/upload-artifact@v4
with:
name: frontend
path: frontend/dist
path: frontend.zip

- name: Get frontend bucket & distribution
id: get-frontend-resources
working-directory: ./tofu/environments/stage/services/frontend-infra
run: |
echo "bucket=$(terragrunt output bucket_name | tr -d '"')" >> $GITHUB_OUTPUT
echo "distribution=$(terragrunt output cloudfront_id)" >> $GITHUB_OUTPUT
- name: Deploy frontend to S3
run: aws s3 sync frontend/dist "s3://${{ needs.deploy-iac.outputs.bucket }}"
run: aws s3 sync frontend/dist "s3://${{ steps.get-frontend-resources.outputs.bucket }}"

- name: Invalidate Cloudfront cache
run: aws cloudfront create-invalidation --distribution-id ${{ steps.get-frontend-resources.outputs.distribution }} --paths "/*"



deploy-backend:
needs:
- detect-changes
- deploy-iac
if: always() && needs.detect-changes.outputs.deploy-app == 'true'

if: |
always() &&
(needs.deploy-iac.result == 'success' || needs.deploy-iac.result == 'skipped') &&
needs.detect-changes.outputs.deploy-backend == 'true'
environment: staging
runs-on: ubuntu-latest
env:
Expand Down Expand Up @@ -251,12 +261,13 @@ jobs:
docker push $ECR_TAG
echo "image_backend=$ECR_TAG" >> $GITHUB_OUTPUT
echo $ECR_TAG > ecr_tag.txt
zip ecr_tag.zip ecr_tag.txt
- name: Archive ECR tag
uses: actions/upload-artifact@v4
with:
name: ecr_tag
path: ecr_tag.txt
path: ecr_tag.zip

- name: deploy backend-service
working-directory: ./tofu/environments/stage/services/backend-service
Expand All @@ -271,7 +282,11 @@ jobs:
- detect-changes
- deploy-backend
- deploy-frontend
if: always() && needs.detect-changes.outputs.deploy-app == 'true'

if: |
needs.detect-changes.outputs.deploy-backend == 'true' &&
needs.detect-changes.outputs.deploy-frontend == 'true'
environment: staging
runs-on: ubuntu-latest
steps:
Expand All @@ -286,6 +301,7 @@ jobs:
with:
name:
ecr_tag
- run: ls

- name: create release tag
id: create-release-tag
Expand Down
2 changes: 1 addition & 1 deletion tofu/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -170,7 +170,7 @@ The application backend is deployed as an ECS service via terragrunt

#### Frontend

The application frontend is deployed to an S3 bucket fronted by Cloudfront. As such it can be deployed by deploying files to S3 and creating a Cloudfront invalidation.
The application frontend is deployed to an S3 bucket fronted by Cloudfront. As such it can be deployed by uploadingx files to S3 and creating a Cloudfront invalidation.

- aws s3 sync frontend/dist \<Appointment Environment Frontend S3 Bucket URI>
- aws cloudfront create-invalidation --distribution-id \<Appointment Environment Cloudfront Distribution ID> --paths "/*"

0 comments on commit 731c05c

Please sign in to comment.