env typo #16
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Deploy production | |
on: | |
push: | |
tags: | |
- 'v[0-9]+.[0-9]+.[0-9]+' | |
jobs: | |
run-reusable-lint-and-test: | |
uses: ./.github/workflows/reusable_lint_and_test.yaml | |
secrets: inherit | |
deploy-production: | |
needs: run-reusable-lint-and-test | |
if: startsWith(github.ref, 'refs/tags/v') | |
runs-on: ubuntu-latest | |
env: | |
DEPLOYMENT_NAME: "production" | |
ECR_REGISTRY: ${{ secrets.PROD_EC2_ECR_REGISTRY }} | |
ECR_REGISTRY_IMAGE: ${{ secrets.PROD_EC2_ECR_REGISTRY_IMAGE }} | |
PRIVATE_KEY: ${{ secrets.PROD_SSH_PRIVATE_KEY }} | |
HOSTNAME: ${{ secrets.PROD_SSH_HOST }} | |
USER_NAME: ${{ secrets.PROD_USER_NAME }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set up Python | |
uses: actions/setup-python@v4 | |
with: | |
python-version: '3.9' | |
- name: configure aws access credentials | |
run: | | |
mkdir -p ~/.aws | |
echo -e "[default]\nregion=eu-central-1" > ~/.aws/config | |
echo -e "[default]\naws_access_key_id=${{ secrets.PRODDATA_AWS_ACCESS_KEY_ID }}\naws_secret_access_key=${{ secrets.PRODDATA_AWS_SECRET_ACCESS_KEY }}" > ~/.aws/credentials | |
- name: install pipenv and aws | |
run: | | |
pip install pipenv==2021.5.29 | |
pip install awscli --no-build-isolation | |
- name: download process definitions | |
run: | | |
chmod +x download-process-definitions.sh | |
./download-process-definitions.sh | |
- name: install dependencies needed for deployment | |
working-directory: ./rest | |
run: pipenv install --dev | |
- name: create env file | |
working-directory: ./rest/ | |
run: | | |
echo "AWS_ACCESS_KEY_ID=${{ secrets.PRODDATA_AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY=${{ secrets.PRODDATA_AWS_SECRET_ACCESS_KEY }} | |
SH_CLIENT_ID=${{ secrets.PRODUCTION_SH_CLIENT_ID }} | |
SH_CLIENT_SECRET=${{ secrets.PRODUCTION_SH_CLIENT_SECRET }} | |
BACKEND_VERSION=$GITHUB_REF_NAME | |
RESULTS_S3_BUCKET_NAME_MAIN=${{ secrets.RESULTS_S3_BUCKET_NAME_MAIN_PRODUCTION }} | |
RESULTS_S3_BUCKET_NAME_CREODIAS=${{ secrets.RESULTS_S3_BUCKET_NAME_CREODIAS_PRODUCTION }} | |
RESULTS_S3_BUCKET_NAME_USWEST=${{ secrets.RESULTS_S3_BUCKET_NAME_USWEST_PRODUCTION }} | |
RESULTS_S3_BUCKET_ACCESS_KEY_ID_MAIN=${{ secrets.RESULTS_S3_BUCKET_ACCESS_KEY_ID_MAIN_PRODUCTION }} | |
RESULTS_S3_BUCKET_ACCESS_KEY_ID_CREODIAS=${{ secrets.RESULTS_S3_BUCKET_ACCESS_KEY_ID_CREODIAS_PRODUCTION }} | |
RESULTS_S3_BUCKET_ACCESS_KEY_ID_USWEST=${{ secrets.RESULTS_S3_BUCKET_ACCESS_KEY_ID_USWEST_PRODUCTION }} | |
RESULTS_S3_BUCKET_SECRET_ACCESS_KEY_MAIN=${{ secrets.RESULTS_S3_BUCKET_SECRET_ACCESS_KEY_MAIN_PRODUCTION }} | |
RESULTS_S3_BUCKET_SECRET_ACCESS_KEY_CREODIAS=${{ secrets.RESULTS_S3_BUCKET_SECRET_ACCESS_KEY_CREODIAS_PRODUCTION }} | |
RESULTS_S3_BUCKET_SECRET_ACCESS_KEY_USWEST=${{ secrets.RESULTS_S3_BUCKET_SECRET_ACCESS_KEY_USWEST_PRODUCTION }} | |
USAGE_REPORTING_BASE_URL=${{ secrets.USAGE_REPORTING_BASE_URL_PRODUCTION }} | |
USAGE_REPORTING_AUTH_URL=${{ secrets.USAGE_REPORTING_AUTH_URL_PRODUCTION }} | |
USAGE_REPORTING_AUTH_CLIENT_ID=${{ secrets.USAGE_REPORTING_AUTH_CLIENT_ID_PRODUCTION }} | |
USAGE_REPORTING_AUTH_CLIENT_SECRET=${{ secrets.USAGE_REPORTING_AUTH_CLIENT_SECRET_PRODUCTION }} | |
LOGGING_LEVEL=${{ secrets.LOGGING_LEVEL_PRODUCTION }} | |
DEPLOYMENT_TYPE=production | |
" > .env | |
- name: build docker image with correct tags | |
working-directory: ./rest | |
run: docker build -t "$ECR_REGISTRY/$ECR_REGISTRY_IMAGE:$GITHUB_REF_NAME" -t "$ECR_REGISTRY/$ECR_REGISTRY_IMAGE:latest" --build-arg VERSION=$GITHUB_REF_NAME --build-arg VCS_REF=$GITHUB_SHA --build-arg BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ') . | |
- name: login for AWS ECR docker | |
working-directory: ./rest | |
run: aws ecr get-login-password --region eu-central-1 | docker login --username AWS --password-stdin "$ECR_REGISTRY" | |
- name: push docker images (versioned with CI tag and "latest") to AWS ECR with docker | |
working-directory: ./rest | |
run: | | |
docker push "$ECR_REGISTRY/$ECR_REGISTRY_IMAGE:$GITHUB_REF_NAME" | |
docker push "$ECR_REGISTRY/$ECR_REGISTRY_IMAGE:latest" | |
- name: copy env file | |
working-directory: ./rest | |
run: | | |
echo "${PRIVATE_KEY}" > private_key && chmod 600 private_key | |
scp -o StrictHostKeyChecking=no -i private_key ./.env ${USER_NAME}@${HOSTNAME}:openEO/.env | |
- name: pull docker image and run | |
uses: appleboy/[email protected] | |
with: | |
key: ${{ secrets.PROD_SSH_PRIVATE_KEY }} | |
host: ${{ secrets.PROD_SSH_HOST }} | |
username: ${{ secrets.PROD_USER_NAME }} | |
envs: ECR_REGISTRY, ECR_REGISTRY_IMAGE | |
script: | | |
aws ecr get-login-password --region eu-central-1 | docker login --username AWS --password-stdin "$ECR_REGISTRY/$ECR_REGISTRY_IMAGE" | |
docker pull "$ECR_REGISTRY/$ECR_REGISTRY_IMAGE:latest" | |
# stop and remove all containers | |
docker ps -aq | xargs docker stop | xargs docker rm | |
cd openEO | |
docker run -p 8000:8000 -d --env-file .env "$ECR_REGISTRY/$ECR_REGISTRY_IMAGE:latest" | |
# remove all dangling images | |
docker image prune --force | |