Deploy Application #9
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy Application | |
| on: | |
| workflow_run: | |
| workflows: ["Build Pipeline"] | |
| types: [completed] | |
| jobs: | |
| setup: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| DB_USERNAME: ${{ steps.get-secrets.outputs.db_username }} | |
| DB_PASSWORD: ${{ steps.get-secrets.outputs.db_password }} | |
| DB_HOST: ${{ steps.get-secrets.outputs.db_host }} | |
| DB_NAME: ${{ steps.get-secrets.outputs.db_name }} | |
| DJANGO_KEY: ${{ steps.get-secrets.outputs.django_key }} | |
| AWS_STORAGE_BUCKET_NAME: ${{ steps.get-secrets.outputs.aws_storage_bucket_name }} | |
| AWS_S3_REGION_NAME: ${{ steps.get-secrets.outputs.aws_s3_region_name }} | |
| COGNITO_USER_POOL_ID: ${{ steps.get-secrets.outputs.cognito_user_pool_Id }} | |
| COGNITO_APP_CLIENT_ID: ${{ steps.get-secrets.outputs.cognito_app_client_id }} | |
| COGNITO_APP_CLIENT_SECRET: ${{ steps.get-secrets.outputs.congito_app_client_secret }} | |
| steps: | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v1 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: ap-southeast-1 | |
| - name: Retrieve secrets from AWS Secrets Manager | |
| id: get-secrets | |
| run: | | |
| DB_SECRET_STRING=$(aws secretsmanager get-secret-value --secret-id db_credentials --query SecretString --output text) | |
| echo "db_username=$(echo $DB_SECRET_STRING | jq -r .username)" >> $GITHUB_OUTPUT | |
| echo "db_password=$(echo $DB_SECRET_STRING | jq -r .password)" >> $GITHUB_OUTPUT | |
| echo "db_host=$(echo $DB_SECRET_STRING | jq -r .host)" >> $GITHUB_OUTPUT | |
| echo "db_name=$(echo $DB_SECRET_STRING | jq -r .dbname)" >> $GITHUB_OUTPUT | |
| SECRET_STRING=$(aws secretsmanager get-secret-value --secret-id secrets --query SecretString --output text) | |
| echo "django_key=$(echo $SECRET_STRING | jq -r .DJANGO_KEY)" >> $GITHUB_OUTPUT | |
| echo "aws_storage_bucket_name=$(echo $SECRET_STRING | jq -r .AWS_STORAGE_BUCKET_NAME)" >> $GITHUB_OUTPUT | |
| echo "aws_s3_region_name=$(echo $SECRET_STRING | jq -r .AWS_S3_REGION_NAME)" >> $GITHUB_OUTPUT | |
| echo "cognito_user_pool_Id=$(echo $SECRET_STRING | jq -r .COGNITO_USER_POOL_ID)" >> $GITHUB_OUTPUT | |
| echo "cognito_app_client_id=$(echo $SECRET_STRING | jq -r .COGNITO_APP_CLIENT_ID)" >> $GITHUB_OUTPUT | |
| echo "congito_app_client_secret=$(echo $SECRET_STRING | jq -r .COGNITO_APP_CLIENT_SECRET)" >> $GITHUB_OUTPUT | |
| terraform: | |
| env: | |
| TF_CLOUD_ORGANIZATION: "microvan" | |
| TF_API_TOKEN: "${{ secrets.TF_API_TOKEN }}" | |
| TF_WORKSPACE: "microvan" | |
| CONFIG_DIRECTORY: "./terraform" | |
| name: "Terraform Apply" | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| - name: Upload Configuration | |
| uses: hashicorp/tfc-workflows-github/actions/[email protected] | |
| id: apply-upload | |
| with: | |
| workspace: ${{ env.TF_WORKSPACE }} | |
| directory: ${{ env.CONFIG_DIRECTORY }} | |
| - name: Create Apply Run | |
| uses: hashicorp/tfc-workflows-github/actions/[email protected] | |
| id: apply-run | |
| with: | |
| workspace: ${{ env.TF_WORKSPACE }} | |
| configuration_version: ${{ steps.apply-upload.outputs.configuration_version_id }} | |
| - name: Apply | |
| uses: hashicorp/tfc-workflows-github/actions/[email protected] | |
| if: fromJSON(steps.apply-run.outputs.payload).data.attributes.actions.IsConfirmable | |
| id: apply | |
| with: | |
| run: ${{ steps.apply-run.outputs.run_id }} | |
| comment: "Apply Run from GitHub Actions CI ${{ github.sha }}" | |
| deploy_backend: | |
| needs: ["terraform", "setup"] | |
| runs-on: ubuntu-latest | |
| defaults: | |
| run: | |
| working-directory: ./backend | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| DB_USERNAME: ${{ needs.setup.outputs.DB_USERNAME }} | |
| DB_PASSWORD: ${{ needs.setup.outputs.DB_PASSWORD }} | |
| DB_HOST: ${{ needs.setup.outputs.DB_HOST }} | |
| DB_NAME: ${{ needs.setup.outputs.DB_NAME }} | |
| SECRET_KEY: ${{ needs.setup.outputs.DJANGO_KEY }} | |
| AWS_STORAGE_BUCKET_NAME: ${{ needs.setup.outputs.AWS_STORAGE_BUCKET_NAME }} | |
| AWS_S3_REGION_NAME: ${{ needs.setup.outputs.AWS_S3_REGION_NAME }} | |
| COGNITO_USER_POOL_ID: ${{ needs.setup.outputs.COGNITO_USER_POOL_ID }} | |
| COGNITO_APP_CLIENT_ID: ${{ needs.setup.outputs.COGNITO_APP_CLIENT_ID }} | |
| COGNITO_APP_CLIENT_SECRET: ${{ needs.setup.outputs.COGNITO_APP_CLIENT_SECRET }} | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v3 | |
| with: | |
| python-version: '3.10' | |
| - name: Install dependencies | |
| run: | | |
| pip install pipenv | |
| pipenv install --dev | |
| - name: Zappa Deploy or Update | |
| run: | | |
| pipenv run zappa update production | |
| - name: Apply Django migrations | |
| run: | | |
| pipenv run zappa manage production "migrate" | |
| deploy_frontend: | |
| needs: ["terraform", "setup"] | |
| runs-on: ubuntu-latest | |
| defaults: | |
| run: | |
| working-directory: ./frontend | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Node.js | |
| uses: actions/setup-node@v3 | |
| with: | |
| node-version: '14' | |
| - name: Install dependencies | |
| run: | | |
| npm install | |
| - name: Build | |
| run: | | |
| npm run build | |
| - name: Install Railway | |
| run: npm i -g @railway/cli | |
| - name: Deploy | |
| run: railway up | |
| env: | |
| RAILWAY_TOKEN: ${{ secrets.RAILWAY_TOKEN }} |