From e40d6a55d0e60e022c2aa52fc63774b4570f946c Mon Sep 17 00:00:00 2001 From: Ziga Cernigoj Date: Fri, 20 Oct 2023 12:53:34 +0200 Subject: [PATCH] add deploy-production workflow --- .github/workflows/deploy_production.yaml | 97 ++++++++++++++++++++++++ 1 file changed, 97 insertions(+) create mode 100644 .github/workflows/deploy_production.yaml diff --git a/.github/workflows/deploy_production.yaml b/.github/workflows/deploy_production.yaml new file mode 100644 index 00000000..262119a9 --- /dev/null +++ b/.github/workflows/deploy_production.yaml @@ -0,0 +1,97 @@ +name: Deploy production +on: + push: + tags: + - 'v[0-9]+.[0-9]+.[0-9]+' + +jobs: + + run-reusable-lint-and-test: + uses: ./.github/workflows/reusable_lint_and_test.yaml + secrets: inherit + + deploy-testing: + needs: run-reusable-lint-and-test + + if: startsWith(github.ref, 'refs/tags/v') + + runs-on: ubuntu-latest + + env: + DEPLOYMENT_NAME: "production-docker" + PROD_ECR_REGISTRY: ${{ secrets.PROD_ECR_REGISTRY }} + PROD_ECR_REGISTRY_IMAGE: ${{ secrets.PROD_ECR_REGISTRY_IMAGE }} + + steps: + - uses: actions/checkout@v4 + + - name: Set up Python + uses: actions/setup-python@v4 + with: + python-version: '3.9' + + - name: configure aws access credentials + run: | + mkdir -p ~/.aws + echo -e "[default]\nregion=eu-central-1" > ~/.aws/config + echo -e "[default]\naws_access_key_id=${{ secrets.PRODZAPPA_AWS_ACCESS_KEY_ID }}\naws_secret_access_key=${{ secrets.PRODZAPPA_AWS_SECRET_ACCESS_KEY }}" > ~/.aws/credentials + + - name: install pipenv and aws + run: | + pip install pipenv==2021.5.29 + pip install awscli --no-build-isolation + + - name: download process definitions + run: | + chmod +x download-process-definitions.sh + ./download-process-definitions.sh + + - name: install dependencies needed for deployment + working-directory: ./rest + run: pipenv install --dev + + - name: create zappa_settings.json on-the-fly + working-directory: ./rest + run: | + cp zappa_settings.json.template zappa_settings.json + sed -i "s/@@AWS_ACCESS_KEY_ID@@/${{ secrets.PRODDATA_AWS_ACCESS_KEY_ID }}/g" zappa_settings.json + sed -i "s#@@AWS_SECRET_ACCESS_KEY@@#${{ secrets.PRODDATA_AWS_SECRET_ACCESS_KEY }}#g" zappa_settings.json + sed -i "s/@@TESTING_SH_CLIENT_ID@@/${{ secrets.PRODUCTION_SH_CLIENT_ID }}/g" zappa_settings.json + sed -i "s/@@TESTING_SH_CLIENT_SECRET@@/${{ secrets.PRODUCTION_SH_CLIENT_SECRET }}/g" zappa_settings.json + sed -i "s/@@BACKEND_VERSION@@/$GITHUB_REF_NAME/g" zappa_settings.json + sed -i "s/@@RESULTS_S3_BUCKET_NAME_MAIN@@/${{ secrets.RESULTS_S3_BUCKET_NAME_MAIN_PRODUCTION }}/g" zappa_settings.json + sed -i "s/@@RESULTS_S3_BUCKET_NAME_CREODIAS@@/${{ secrets.RESULTS_S3_BUCKET_NAME_CREODIAS_PRODUCTION }}/g" zappa_settings.json + sed -i "s/@@RESULTS_S3_BUCKET_NAME_USWEST@@/${{ secrets.RESULTS_S3_BUCKET_NAME_USWEST_PRODUCTION }}/g" zappa_settings.json + sed -i "s/@@RESULTS_S3_BUCKET_ACCESS_KEY_ID_MAIN@@/${{ secrets.RESULTS_S3_BUCKET_ACCESS_KEY_ID_MAIN_PRODUCTION }}/g" zappa_settings.json + sed -i "s/@@RESULTS_S3_BUCKET_ACCESS_KEY_ID_CREODIAS@@/${{ secrets.RESULTS_S3_BUCKET_ACCESS_KEY_ID_CREODIAS_PRODUCTION }}/g" zappa_settings.json + sed -i "s/@@RESULTS_S3_BUCKET_ACCESS_KEY_ID_USWEST@@/${{ secrets.RESULTS_S3_BUCKET_ACCESS_KEY_ID_USWEST_PRODUCTION }}/g" zappa_settings.json + sed -i "s#@@RESULTS_S3_BUCKET_SECRET_ACCESS_KEY_MAIN@@#${{ secrets.RESULTS_S3_BUCKET_SECRET_ACCESS_KEY_MAIN_PRODUCTION }}#g" zappa_settings.json + sed -i "s/@@RESULTS_S3_BUCKET_SECRET_ACCESS_KEY_CREODIAS@@/${{ secrets.RESULTS_S3_BUCKET_SECRET_ACCESS_KEY_CREODIAS_PRODUCTION }}/g" zappa_settings.json + sed -i "s#@@RESULTS_S3_BUCKET_SECRET_ACCESS_KEY_USWEST@@#${{ secrets.RESULTS_S3_BUCKET_SECRET_ACCESS_KEY_USWEST_PRODUCTION }}#g" zappa_settings.json + sed -i "s#@@USAGE_REPORTING_BASE_URL_TESTING@@#${{ secrets.USAGE_REPORTING_BASE_URL_PRODUCTION }}#g" zappa_settings.json + sed -i "s#@@USAGE_REPORTING_AUTH_URL_TESTING@@#${{ secrets.USAGE_REPORTING_AUTH_URL_PRODUCTION }}#g" zappa_settings.json + sed -i "s#@@USAGE_REPORTING_AUTH_CLIENT_ID_TESTING@@#${{ secrets.USAGE_REPORTING_AUTH_CLIENT_ID_PRODUCTION }}#g" zappa_settings.json + sed -i "s#@@USAGE_REPORTING_AUTH_CLIENT_SECRET_TESTING@@#${{ secrets.USAGE_REPORTING_AUTH_CLIENT_SECRET_PRODUCTION }}#g" zappa_settings.json + sed -i "s#@@LOGGING_LEVEL@@#${{ secrets.LOGGING_LEVEL_PRODUCTION }}#g" zappa_settings.json + + - name: generate zappa_settings.py for docker image from zappa_settings.json + working-directory: ./rest + run: pipenv run zappa save-python-settings-file "$DEPLOYMENT_NAME" + + - name: build docker image with correct tags + working-directory: ./rest + run: docker build -t "$PROD_ECR_REGISTRY/$PROD_ECR_REGISTRY_IMAGE:$GITHUB_REF_NAME" -t "$PROD_ECR_REGISTRY/$PROD_ECR_REGISTRY_IMAGE:latest" --build-arg VERSION=$GITHUB_REF_NAME --build-arg VCS_REF=$GITHUB_SHA --build-arg BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ') . + + - name: login for AWS ECR docker + working-directory: ./rest + run: aws ecr get-login-password --region eu-central-1 | docker login --username AWS --password-stdin "$PROD_ECR_REGISTRY" + + - name: push docker images (versioned with CI tag and "latest") to AWS ECR with docker + working-directory: ./rest + run: | + docker push "$PROD_ECR_REGISTRY/$PROD_ECR_REGISTRY_IMAGE:$GITHUB_REF_NAME" + docker push "$PROD_ECR_REGISTRY/$PROD_ECR_REGISTRY_IMAGE:latest" + + - name: deploy lambda with new docker image + working-directory: ./rest + run: pipenv run zappa deploy "$DEPLOYMENT_NAME" -d "$PROD_ECR_REGISTRY/$PROD_ECR_REGISTRY_IMAGE:latest" || pipenv run zappa update "$DEPLOYMENT_NAME" -d "$PROD_ECR_REGISTRY/$PROD_ECR_REGISTRY_IMAGE:latest" \ No newline at end of file