Merge pull request #1345 from AletheiaFact/copilot-improvements #308
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Deploy to AWS EKS | |
on: | |
push: | |
branches: | |
- master | |
- stage | |
# For future | |
# release: | |
# types: [created] | |
env: | |
API_URL: ${{ secrets.API_URL }} | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY }} | |
AWS_DEFAULT_REGION: us-east-1 | |
AWS_SDK_BUCKET: ${{ secrets.DEVELOPMENT_AWS_SDK_BUCKET }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
ECR_REGISTRY: ${{ secrets.ECR_REGISTRY }} | |
GITHUB_SHA: ${{ github.sha }} | |
KUBE_CONFIG: ${{ secrets.KUBE_CONFIG }} | |
NEW_RELIC_LICENSE_KEY: ${{ secrets.NEW_RELIC_LICENSE_KEY }} | |
IMAGE: aletheiafact-production | |
ENVIRONMENT: development | |
UMAMI_SITE_ID: ${{ secrets.DEVELOPMENT_UMAMI_SITE_ID }} | |
MONGODB_URI: ${{ secrets.DEVELOPMENT_MONGODB_URI }} | |
MONGODB_NAME: ${{ secrets.DEVELOPMENT_MONGODB_NAME }} | |
ORY_SDK_URL: ${{ secrets.DEVELOPMENT_ORY_SDK_URL }} | |
ORY_ACCESS_TOKEN: ${{ secrets.DEVELOPMENT_ORY_ACCESS_TOKEN }} | |
ALETHEIA_SCHEMA_ID: ${{ secrets.DEVELOPMENT_ALETHEIA_SCHEMA_ID }} | |
RECAPTCHA_SITEKEY: ${{ secrets.RECAPTCHA_SITEKEY }} | |
NOVU_API_KEY: ${{ secrets.DEVELOPMENT_NOVU_API_KEY }} | |
NOVU_APPLICATION_IDENTIFIER: ${{ secrets.DEVELOPMENT_NOVU_APPLICATION_IDENTIFIER }} | |
NEW_RELIC_APP_NAME: ${{ secrets.DEVELOPMENT_NEW_RELIC_APP_NAME }} | |
GITLAB_FEATURE_FLAG_URL: ${{ secrets.GITLAB_FEATURE_FLAG_URL }} | |
GITLAB_FEATURE_FLAG_INSTANCE_ID: ${{ secrets.GITLAB_FEATURE_FLAG_INSTANCE_ID }} | |
# Needed env variables for first build on next | |
NEXT_PUBLIC_UMAMI_SITE_ID: ${{ secrets.DEVELOPMENT_UMAMI_SITE_ID }} | |
NEXT_PUBLIC_RECAPTCHA_SITEKEY: ${{ secrets.RECAPTCHA_SITEKEY }} | |
AGENTS_API_URL: ${{ secrets.DEVELOPMENT_AGENTS_API_URL }} | |
OPENAI_API_KEY: ${{ secrets.DEVELOPMENT_OPENAI_API_KEY }} | |
ZENVIA_API_URL: ${{ secrets.DEVELOPMENT_ZENVIA_API_URL }} | |
ZENVIA_API_TOKEN: ${{ secrets.DEVELOPMENT_ZENVIA_API_URL }} | |
AGENCIA_ACCESS_TOKEN: ${{ secrets.DEVELOPMENT_AGENCIA_ACCESS_TOKEN }} | |
jobs: | |
setup-build-publish: | |
name: Build & Publish | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v2 | |
- name: Check Environment | |
if: endsWith(github.ref, '/master') | |
run: | | |
sed -i '11{s/test.//}' deployment/app.yml | |
sed -i '21{s/test.//}' deployment/app.yml | |
sed -i '11{s/testws./ws./}' deployment/websocket.yml | |
sed -i '11{s/test.//}' config.seed.example.yaml | |
echo "ENVIRONMENT=production" >> $GITHUB_ENV | |
echo "UMAMI_SITE_ID=${{ secrets.PRODUCTION_UMAMI_SITE_ID }}" >> $GITHUB_ENV | |
echo "NEXT_PUBLIC_UMAMI_SITE_ID=${{ secrets.PRODUCTION_UMAMI_SITE_ID }}" >> $GITHUB_ENV | |
echo "MONGODB_URI=${{ secrets.PRODUCTION_MONGODB_URI }}" >> $GITHUB_ENV | |
echo "ORY_SDK_URL=${{ secrets.PRODUCTION_ORY_SDK_URL }}" >> $GITHUB_ENV | |
echo "ORY_ACCESS_TOKEN=${{ secrets.PRODUCTION_ORY_ACCESS_TOKEN }}" >> $GITHUB_ENV | |
echo "ALETHEIA_SCHEMA_ID=${{ secrets.PRODUCTION_ALETHEIA_SCHEMA_ID }}" >> $GITHUB_ENV | |
echo "API_URL=${{ secrets.API_URL_PRODUCTION }}" >> $GITHUB_ENV | |
echo "MONGODB_NAME=${{ secrets.PRODUCTION_MONGODB_NAME }}" >> $GITHUB_ENV | |
echo "AWS_SDK_BUCKET=${{ secrets.PRODUCTION_AWS_SDK_BUCKET }}" >> $GITHUB_ENV | |
echo "AWS_ACCESS_KEY_ID=${{ secrets.PRODUCTION_AWS_ACCESS_KEY_ID }}" >> $GITHUB_ENV | |
echo "AWS_SECRET_ACCESS_KEY=${{ secrets.PRODUCTION_AWS_SECRET_ACCESS_KEY }}" >> $GITHUB_ENV | |
echo "NOVU_API_KEY=${{ secrets.PRODUCTION_NOVU_API_KEY }}" >> $GITHUB_ENV | |
echo "NOVU_APPLICATION_IDENTIFIER=${{ secrets.PRODUCTION_NOVU_APPLICATION_IDENTIFIER }}" >> $GITHUB_ENV | |
echo "NEW_RELIC_APP_NAME=${{ secrets.PRODUCTION_NEW_RELIC_APP_NAME }}" >> $GITHUB_ENV | |
echo "NEXT_PUBLIC_ORY_SDK_URL=${{ secrets.ORY_SDK_URL }}" >> $GITHUB_ENV | |
echo "AGENTS_API_URL=${{ secrets.PRODUCTION_AGENTS_API_URL }}" >> $GITHUB_ENV | |
echo "OPENAI_API_KEY=${{ secrets.PRODUCTION_OPENAI_API_KEY }}" >> $GITHUB_ENV | |
echo "ZENVIA_API_URL=${{ secrets.PRODUCTION_ZENVIA_API_URL }}" >> $GITHUB_ENV | |
echo "ZENVIA_API_TOKEN=${{ secrets.PRODUCTION_ZENVIA_API_TOKEN }}" >> $GITHUB_ENV | |
echo "AGENCIA_ACCESS_TOKEN=${{ secrets.PRODUCTION_AGENCIA_ACCESS_TOKEN }}" >> $GITHUB_ENV | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v1 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: us-east-1 | |
- name: Login to Amazon ECR | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v1 | |
# Setting up config.yaml based on environment | |
- name: Set config.yaml | |
env: | |
RECAPTCHA_SECRET: ${{ secrets.RECAPTCHA_SECRETKEY }} | |
run: | | |
sed -i "s%ZENVIA_API_URL%$ZENVIA_API_URL%g" config.$ENVIRONMENT.yaml | |
sed -i "s%ZENVIA_API_TOKEN%$ZENVIA_API_TOKEN%g" config.$ENVIRONMENT.yaml | |
sed -i "s/ENV/$ENVIRONMENT/g" config.$ENVIRONMENT.yaml | |
sed -i "s%RECAPTCHA_SECRET%$RECAPTCHA_SECRET%g" config.$ENVIRONMENT.yaml | |
sed -i "s%MONGODB_URI%$MONGODB_URI%g" config.$ENVIRONMENT.yaml | |
sed -i "s%ORY_SDK_URL%$ORY_SDK_URL%g" config.$ENVIRONMENT.yaml | |
sed -i "s%GITLAB_FEATURE_FLAG_URL%$GITLAB_FEATURE_FLAG_URL%g" config.$ENVIRONMENT.yaml | |
sed -i "s%GITLAB_FEATURE_FLAG_INSTANCE_ID%$GITLAB_FEATURE_FLAG_INSTANCE_ID%g" config.$ENVIRONMENT.yaml | |
sed -i "s/ORY_ACCESS_TOKEN/$ORY_ACCESS_TOKEN/g" config.$ENVIRONMENT.yaml | |
sed -i "s/ALETHEIA_SCHEMA_ID/$ALETHEIA_SCHEMA_ID/g" config.$ENVIRONMENT.yaml | |
sed -i "s%AWS_SDK_BUCKET%$AWS_SDK_BUCKET%g" config.$ENVIRONMENT.yaml | |
sed -i "s%AWS_ACCESS_KEY_ID%$AWS_ACCESS_KEY_ID%g" config.$ENVIRONMENT.yaml | |
sed -i "s%AWS_SECRET_ACCESS_KEY%$AWS_SECRET_ACCESS_KEY%g" config.$ENVIRONMENT.yaml | |
sed -i "s%NOVU_API_KEY%$NOVU_API_KEY%g" config.$ENVIRONMENT.yaml | |
sed -i "s%NOVU_APPLICATION_IDENTIFIER%$NOVU_APPLICATION_IDENTIFIER%g" config.$ENVIRONMENT.yaml | |
sed -i "s%AGENTS_API_URL%$AGENTS_API_URL%g" config.$ENVIRONMENT.yaml | |
sed -i "s%OPENAI_API_KEY%$OPENAI_API_KEY%g" config.$ENVIRONMENT.yaml | |
sed -i "s%AGENCIA_ACCESS_TOKEN%$AGENCIA_ACCESS_TOKEN%g" config.$ENVIRONMENT.yaml | |
- name: Set migrate-mongo-config.ts | |
run: | | |
sed -i "s%MONGODB_URI%$MONGODB_URI%g" migrate-mongo-config-example.ts | |
sed -i "s%MONGODB_NAME%$MONGODB_NAME%g" migrate-mongo-config-example.ts | |
# Setting user seed config | |
- name: Set config.seed.example.yaml | |
env: | |
SMTP_HOST: ${{ secrets.SMTP_HOST }} | |
SMTP_PORT: ${{ secrets.SMTP_PORT }} | |
SMTP_EMAIL_USER: ${{ secrets.SMTP_EMAIL_USER }} | |
SMTP_EMAIL_PASS: ${{ secrets.SMTP_EMAIL_PASS }} | |
TEST_USER_PASS: ${{ secrets.TEST_USER_PASS }} | |
run: | | |
sed -i "s%SMTP_HOST%$SMTP_HOST%g" config.seed.example.yaml | |
sed -i "s%SMTP_PORT%$SMTP_PORT%g" config.seed.example.yaml | |
sed -i "s%SMTP_EMAIL_USER%$SMTP_EMAIL_USER%g" config.seed.example.yaml | |
sed -i "s%SMTP_EMAIL_PASS%$SMTP_EMAIL_PASS%g" config.seed.example.yaml | |
sed -i "s/TEST_USER_PASS/$TEST_USER_PASS/g" config.seed.example.yaml | |
sed -i "s%MONGODB_URI%$MONGODB_URI%g" config.seed.example.yaml | |
sed -i "s%ORY_SDK_URL%$ORY_SDK_URL%g" config.seed.example.yaml | |
sed -i "s/ORY_ACCESS_TOKEN/$ORY_ACCESS_TOKEN/g" config.seed.example.yaml | |
sed -i "s/ALETHEIA_SCHEMA_ID/$ALETHEIA_SCHEMA_ID/g" config.seed.example.yaml | |
# Build the Docker image | |
- name: Build | |
run: | | |
docker build --build-arg ENVIRONMENT=$ENVIRONMENT \ | |
--build-arg NEXT_PUBLIC_UMAMI_SITE_ID=$NEXT_PUBLIC_UMAMI_SITE_ID \ | |
--build-arg NEXT_PUBLIC_ENVIRONMENT=$ENVIRONMENT \ | |
--build-arg NEXT_PUBLIC_ORY_SDK_URL=$ORY_SDK_URL \ | |
--build-arg NEXT_PUBLIC_RECAPTCHA_SITEKEY=${{ secrets.NEXT_PUBLIC_RECAPTCHA_SITEKEY }} \ | |
-t "$ECR_REGISTRY"/"$IMAGE":"$GITHUB_SHA" . | |
docker tag "$ECR_REGISTRY"/"$IMAGE":"$GITHUB_SHA" "$ECR_REGISTRY"/"$IMAGE":latest | |
# Push the Docker image to Google Container Registry | |
- name: Publish | |
run: | | |
docker push $ECR_REGISTRY/$IMAGE:$GITHUB_SHA | |
if [[ "$ENVIRONMENT" == "production" ]]; then docker push "$ECR_REGISTRY"/"$IMAGE":latest; fi | |
deploy: | |
name: Deploy | |
needs: setup-build-publish | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v2 | |
- name: Check Environment | |
if: endsWith(github.ref, '/master') | |
run: | | |
sed -i '11{s/test.//}' deployment/app.yml | |
sed -i '21{s/test.//}' deployment/app.yml | |
sed -i '11{s/testws./ws./}' deployment/websocket.yml | |
echo "ENVIRONMENT=production" >> $GITHUB_ENV | |
echo "UMAMI_SITE_ID=${{ secrets.PRODUCTION_UMAMI_SITE_ID }}" >> $GITHUB_ENV | |
echo "NEXT_PUBLIC_UMAMI_SITE_ID=${{ secrets.PRODUCTION_UMAMI_SITE_ID }}" >> $GITHUB_ENV | |
echo "MONGODB_URI=${{ secrets.PRODUCTION_MONGODB_URI }}" >> $GITHUB_ENV | |
echo "ORY_SDK_URL=${{ secrets.PRODUCTION_ORY_SDK_URL }}" >> $GITHUB_ENV | |
echo "ORY_ACCESS_TOKEN=${{ secrets.PRODUCTION_ORY_ACCESS_TOKEN }}" >> $GITHUB_ENV | |
echo "ALETHEIA_SCHEMA_ID=${{ secrets.PRODUCTION_ALETHEIA_SCHEMA_ID }}" >> $GITHUB_ENV | |
echo "API_URL=${{ secrets.API_URL_PRODUCTION }}" >> $GITHUB_ENV | |
echo "MONGODB_NAME=${{ secrets.PRODUCTION_MONGODB_NAME }}" >> $GITHUB_ENV | |
echo "AWS_SDK_BUCKET=${{ secrets.PRODUCTION_AWS_SDK_BUCKET }}" >> $GITHUB_ENV | |
echo "AWS_ACCESS_KEY_ID=${{ secrets.PRODUCTION_AWS_ACCESS_KEY_ID }}" >> $GITHUB_ENV | |
echo "AWS_SECRET_ACCESS_KEY=${{ secrets.PRODUCTION_AWS_SECRET_ACCESS_KEY }}" >> $GITHUB_ENV | |
echo "NOVU_API_KEY=${{ secrets.PRODUCTION_NOVU_API_KEY }}" >> $GITHUB_ENV | |
echo "NOVU_APPLICATION_IDENTIFIER=${{ secrets.PRODUCTION_NOVU_APPLICATION_IDENTIFIER }}" >> $GITHUB_ENV | |
echo "OPENAI_API_KEY=${{ secrets.PRODUCTION_OPENAI_API_KEY }}" >> $GITHUB_ENV | |
echo "ZENVIA_API_URL=${{ secrets.PRODUCTION_ZENVIA_API_URL }}" >> $GITHUB_ENV | |
echo "ZENVIA_API_TOKEN=${{ secrets.PRODUCTION_ZENVIA_API_TOKEN }}" >> $GITHUB_ENV | |
echo "AGENCIA_ACCESS_TOKEN=${{ secrets.PRODUCTION_AGENCIA_ACCESS_TOKEN }}" >> $GITHUB_ENV | |
- name: Set environment | |
run: | | |
sed -i 's%ENVIRONMENT%${{ env.ENVIRONMENT }}%g' deployment/app.yml | |
sed -i 's%ENV_NAME_STUB%NEXT_PUBLIC_ENVIRONMENT%g' deployment/app.yml | |
sed -i 's%ENVIRONMENT%${{ env.ENVIRONMENT }}%g' deployment/websocket.yml | |
sed -i "s%UMAMI_SITE_ID_STUB%${{ env.UMAMI_SITE_ID }}%g" deployment/app.yml | |
sed -i "s%RECAPTCHA_SITEKEY_STUB%${{ env.RECAPTCHA_SITEKEY }}%g" deployment/app.yml | |
sed -i "s%ORY_SDK_URL_STUB%${{ env.ORY_SDK_URL }}%g" deployment/app.yml | |
sed -i "s%ORY_ACCESS_TOKEN_STUB%${{ env.ORY_ACCESS_TOKEN }}%g" deployment/app.yml | |
sed -i "s%NEW_RELIC_LICENSE_KEY_STUB%${{ env.NEW_RELIC_LICENSE_KEY }}%g" deployment/app.yml | |
sed -i "s%NEW_RELIC_APP_NAME_STUB%${{ env.NEW_RELIC_APP_NAME }}%g" deployment/app.yml | |
sed -i "s%NEXT_PUBLIC_ORYSDKURL_STUB%${{ env.ORY_SDK_URL }}%g" deployment/app.yml | |
sed -i "s%OPENAI_API_KEY_STUB%${{ env.OPENAI_API_KEY }}%g" deployment/app.yml | |
- name: Set deployment | |
run: | | |
sed -i "s/TAG/$GITHUB_SHA/" deployment/app.yml | |
sed -i "s/TAG/$GITHUB_SHA/" deployment/websocket.yml | |
- name: Applying Kubernetes Deployment | |
uses: giovannirossini/[email protected] | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: "us-east-1" | |
cluster-name: "production" | |
command: kubectl apply -f ./deployment/ | |
- name: Validation | |
uses: giovannirossini/[email protected] | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: "us-east-1" | |
cluster-name: "production" | |
command: kubectl rollout status deployments/aletheia -n ${{ env.ENVIRONMENT }} --timeout=360s | |
if: success() | |
- name: Rollback | |
uses: giovannirossini/[email protected] | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: "us-east-1" | |
cluster-name: "production" | |
command: kubectl rollout undo deployments/aletheia -n ${{ env.ENVIRONMENT }} | |
if: failure() |