Migrate the config.yaml generation to PKL #316
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy to AWS EKS | |
| on: | |
| push: | |
| branches: | |
| - master | |
| - stage | |
| # For future | |
| # release: | |
| # types: [created] | |
| env: | |
| API_URL: ${{ secrets.API_URL }} | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY }} | |
| AWS_DEFAULT_REGION: us-east-1 | |
| AWS_SDK_BUCKET: ${{ secrets.DEVELOPMENT_AWS_SDK_BUCKET }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| ECR_REGISTRY: ${{ secrets.ECR_REGISTRY }} | |
| GITHUB_SHA: ${{ github.sha }} | |
| KUBE_CONFIG: ${{ secrets.KUBE_CONFIG }} | |
| NEW_RELIC_LICENSE_KEY: ${{ secrets.NEW_RELIC_LICENSE_KEY }} | |
| IMAGE: aletheiafact-production | |
| ENVIRONMENT: development | |
| UMAMI_SITE_ID: ${{ secrets.DEVELOPMENT_UMAMI_SITE_ID }} | |
| MONGODB_URI: ${{ secrets.DEVELOPMENT_MONGODB_URI }} | |
| MONGODB_NAME: ${{ secrets.DEVELOPMENT_MONGODB_NAME }} | |
| ORY_SDK_URL: ${{ secrets.DEVELOPMENT_ORY_SDK_URL }} | |
| ORY_ACCESS_TOKEN: ${{ secrets.DEVELOPMENT_ORY_ACCESS_TOKEN }} | |
| ALETHEIA_SCHEMA_ID: ${{ secrets.DEVELOPMENT_ALETHEIA_SCHEMA_ID }} | |
| RECAPTCHA_SITEKEY: ${{ secrets.RECAPTCHA_SITEKEY }} | |
| NOVU_API_KEY: ${{ secrets.DEVELOPMENT_NOVU_API_KEY }} | |
| NOVU_APPLICATION_IDENTIFIER: ${{ secrets.DEVELOPMENT_NOVU_APPLICATION_IDENTIFIER }} | |
| NEW_RELIC_APP_NAME: ${{ secrets.DEVELOPMENT_NEW_RELIC_APP_NAME }} | |
| GITLAB_FEATURE_FLAG_URL: ${{ secrets.GITLAB_FEATURE_FLAG_URL }} | |
| GITLAB_FEATURE_FLAG_INSTANCE_ID: ${{ secrets.GITLAB_FEATURE_FLAG_INSTANCE_ID }} | |
| # Needed env variables for first build on next | |
| NEXT_PUBLIC_UMAMI_SITE_ID: ${{ secrets.DEVELOPMENT_UMAMI_SITE_ID }} | |
| NEXT_PUBLIC_RECAPTCHA_SITEKEY: ${{ secrets.RECAPTCHA_SITEKEY }} | |
| AGENTS_API_URL: ${{ secrets.DEVELOPMENT_AGENTS_API_URL }} | |
| OPENAI_API_KEY: ${{ secrets.DEVELOPMENT_OPENAI_API_KEY }} | |
| ZENVIA_API_URL: ${{ secrets.DEVELOPMENT_ZENVIA_API_URL }} | |
| ZENVIA_API_TOKEN: ${{ secrets.DEVELOPMENT_ZENVIA_API_URL }} | |
| AGENCIA_ACCESS_TOKEN: ${{ secrets.DEVELOPMENT_AGENCIA_ACCESS_TOKEN }} | |
| jobs: | |
| setup-build-publish: | |
| name: Build & Publish | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v2 | |
| - name: Check Environment | |
| if: endsWith(github.ref, '/master') | |
| run: | | |
| sed -i '11{s/test.//}' deployment/app.yml | |
| sed -i '21{s/test.//}' deployment/app.yml | |
| sed -i '11{s/testws./ws./}' deployment/websocket.yml | |
| sed -i '11{s/test.//}' config.seed.example.yaml | |
| echo "ENVIRONMENT=production" >> $GITHUB_ENV | |
| echo "UMAMI_SITE_ID=${{ secrets.PRODUCTION_UMAMI_SITE_ID }}" >> $GITHUB_ENV | |
| echo "NEXT_PUBLIC_UMAMI_SITE_ID=${{ secrets.PRODUCTION_UMAMI_SITE_ID }}" >> $GITHUB_ENV | |
| echo "MONGODB_URI=${{ secrets.PRODUCTION_MONGODB_URI }}" >> $GITHUB_ENV | |
| echo "ORY_SDK_URL=${{ secrets.PRODUCTION_ORY_SDK_URL }}" >> $GITHUB_ENV | |
| echo "ORY_ACCESS_TOKEN=${{ secrets.PRODUCTION_ORY_ACCESS_TOKEN }}" >> $GITHUB_ENV | |
| echo "ALETHEIA_SCHEMA_ID=${{ secrets.PRODUCTION_ALETHEIA_SCHEMA_ID }}" >> $GITHUB_ENV | |
| echo "API_URL=${{ secrets.API_URL_PRODUCTION }}" >> $GITHUB_ENV | |
| echo "MONGODB_NAME=${{ secrets.PRODUCTION_MONGODB_NAME }}" >> $GITHUB_ENV | |
| echo "AWS_SDK_BUCKET=${{ secrets.PRODUCTION_AWS_SDK_BUCKET }}" >> $GITHUB_ENV | |
| echo "AWS_ACCESS_KEY_ID=${{ secrets.PRODUCTION_AWS_ACCESS_KEY_ID }}" >> $GITHUB_ENV | |
| echo "AWS_SECRET_ACCESS_KEY=${{ secrets.PRODUCTION_AWS_SECRET_ACCESS_KEY }}" >> $GITHUB_ENV | |
| echo "NOVU_API_KEY=${{ secrets.PRODUCTION_NOVU_API_KEY }}" >> $GITHUB_ENV | |
| echo "NOVU_APPLICATION_IDENTIFIER=${{ secrets.PRODUCTION_NOVU_APPLICATION_IDENTIFIER }}" >> $GITHUB_ENV | |
| echo "NEW_RELIC_APP_NAME=${{ secrets.PRODUCTION_NEW_RELIC_APP_NAME }}" >> $GITHUB_ENV | |
| echo "NEXT_PUBLIC_ORY_SDK_URL=${{ secrets.ORY_SDK_URL }}" >> $GITHUB_ENV | |
| echo "AGENTS_API_URL=${{ secrets.PRODUCTION_AGENTS_API_URL }}" >> $GITHUB_ENV | |
| echo "OPENAI_API_KEY=${{ secrets.PRODUCTION_OPENAI_API_KEY }}" >> $GITHUB_ENV | |
| echo "ZENVIA_API_URL=${{ secrets.PRODUCTION_ZENVIA_API_URL }}" >> $GITHUB_ENV | |
| echo "ZENVIA_API_TOKEN=${{ secrets.PRODUCTION_ZENVIA_API_TOKEN }}" >> $GITHUB_ENV | |
| echo "AGENCIA_ACCESS_TOKEN=${{ secrets.PRODUCTION_AGENCIA_ACCESS_TOKEN }}" >> $GITHUB_ENV | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v1 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: us-east-1 | |
| - name: Login to Amazon ECR | |
| id: login-ecr | |
| uses: aws-actions/amazon-ecr-login@v1 | |
| - name: Install pkl | |
| uses: pkl-community/setup-pkl@v0 | |
| with: | |
| pkl-version: 0.25.2 | |
| # Setting up config.yaml based on environment | |
| - name: Set config.yaml | |
| env: | |
| RECAPTCHA_SECRET: ${{ secrets.RECAPTCHA_SECRETKEY }} | |
| run: | | |
| pkl eval -f yaml ./deployment/config/config-file/$ENVIRONMENT.pkl > config.$ENVIRONMENT.yaml | |
| - name: Set migrate-mongo-config.ts | |
| run: | | |
| sed -i "s%MONGODB_URI%$MONGODB_URI%g" migrate-mongo-config-example.ts | |
| sed -i "s%MONGODB_NAME%$MONGODB_NAME%g" migrate-mongo-config-example.ts | |
| # Setting user seed config | |
| - name: Set config.seed.example.yaml | |
| env: | |
| SMTP_HOST: ${{ secrets.SMTP_HOST }} | |
| SMTP_PORT: ${{ secrets.SMTP_PORT }} | |
| SMTP_EMAIL_USER: ${{ secrets.SMTP_EMAIL_USER }} | |
| SMTP_EMAIL_PASS: ${{ secrets.SMTP_EMAIL_PASS }} | |
| TEST_USER_PASS: ${{ secrets.TEST_USER_PASS }} | |
| run: | | |
| sed -i "s%SMTP_HOST%$SMTP_HOST%g" config.seed.example.yaml | |
| sed -i "s%SMTP_PORT%$SMTP_PORT%g" config.seed.example.yaml | |
| sed -i "s%SMTP_EMAIL_USER%$SMTP_EMAIL_USER%g" config.seed.example.yaml | |
| sed -i "s%SMTP_EMAIL_PASS%$SMTP_EMAIL_PASS%g" config.seed.example.yaml | |
| sed -i "s/TEST_USER_PASS/$TEST_USER_PASS/g" config.seed.example.yaml | |
| sed -i "s%MONGODB_URI%$MONGODB_URI%g" config.seed.example.yaml | |
| sed -i "s%ORY_SDK_URL%$ORY_SDK_URL%g" config.seed.example.yaml | |
| sed -i "s/ORY_ACCESS_TOKEN/$ORY_ACCESS_TOKEN/g" config.seed.example.yaml | |
| sed -i "s/ALETHEIA_SCHEMA_ID/$ALETHEIA_SCHEMA_ID/g" config.seed.example.yaml | |
| # Build the Docker image | |
| - name: Build | |
| run: | | |
| docker build --build-arg ENVIRONMENT=$ENVIRONMENT \ | |
| --build-arg NEXT_PUBLIC_UMAMI_SITE_ID=$NEXT_PUBLIC_UMAMI_SITE_ID \ | |
| --build-arg NEXT_PUBLIC_ENVIRONMENT=$ENVIRONMENT \ | |
| --build-arg NEXT_PUBLIC_ORY_SDK_URL=$ORY_SDK_URL \ | |
| --build-arg NEXT_PUBLIC_RECAPTCHA_SITEKEY=${{ secrets.NEXT_PUBLIC_RECAPTCHA_SITEKEY }} \ | |
| -t "$ECR_REGISTRY"/"$IMAGE":"$GITHUB_SHA" . | |
| docker tag "$ECR_REGISTRY"/"$IMAGE":"$GITHUB_SHA" "$ECR_REGISTRY"/"$IMAGE":latest | |
| # Push the Docker image to Google Container Registry | |
| - name: Publish | |
| run: | | |
| docker push $ECR_REGISTRY/$IMAGE:$GITHUB_SHA | |
| if [[ "$ENVIRONMENT" == "production" ]]; then docker push "$ECR_REGISTRY"/"$IMAGE":latest; fi | |
| deploy: | |
| name: Deploy | |
| needs: setup-build-publish | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v2 | |
| - name: Check Environment | |
| if: endsWith(github.ref, '/master') | |
| run: | | |
| sed -i '11{s/test.//}' deployment/app.yml | |
| sed -i '21{s/test.//}' deployment/app.yml | |
| sed -i '11{s/testws./ws./}' deployment/websocket.yml | |
| echo "ENVIRONMENT=production" >> $GITHUB_ENV | |
| echo "UMAMI_SITE_ID=${{ secrets.PRODUCTION_UMAMI_SITE_ID }}" >> $GITHUB_ENV | |
| echo "NEXT_PUBLIC_UMAMI_SITE_ID=${{ secrets.PRODUCTION_UMAMI_SITE_ID }}" >> $GITHUB_ENV | |
| echo "MONGODB_URI=${{ secrets.PRODUCTION_MONGODB_URI }}" >> $GITHUB_ENV | |
| echo "ORY_SDK_URL=${{ secrets.PRODUCTION_ORY_SDK_URL }}" >> $GITHUB_ENV | |
| echo "ORY_ACCESS_TOKEN=${{ secrets.PRODUCTION_ORY_ACCESS_TOKEN }}" >> $GITHUB_ENV | |
| echo "ALETHEIA_SCHEMA_ID=${{ secrets.PRODUCTION_ALETHEIA_SCHEMA_ID }}" >> $GITHUB_ENV | |
| echo "API_URL=${{ secrets.API_URL_PRODUCTION }}" >> $GITHUB_ENV | |
| echo "MONGODB_NAME=${{ secrets.PRODUCTION_MONGODB_NAME }}" >> $GITHUB_ENV | |
| echo "AWS_SDK_BUCKET=${{ secrets.PRODUCTION_AWS_SDK_BUCKET }}" >> $GITHUB_ENV | |
| echo "AWS_ACCESS_KEY_ID=${{ secrets.PRODUCTION_AWS_ACCESS_KEY_ID }}" >> $GITHUB_ENV | |
| echo "AWS_SECRET_ACCESS_KEY=${{ secrets.PRODUCTION_AWS_SECRET_ACCESS_KEY }}" >> $GITHUB_ENV | |
| echo "NOVU_API_KEY=${{ secrets.PRODUCTION_NOVU_API_KEY }}" >> $GITHUB_ENV | |
| echo "NOVU_APPLICATION_IDENTIFIER=${{ secrets.PRODUCTION_NOVU_APPLICATION_IDENTIFIER }}" >> $GITHUB_ENV | |
| echo "OPENAI_API_KEY=${{ secrets.PRODUCTION_OPENAI_API_KEY }}" >> $GITHUB_ENV | |
| echo "ZENVIA_API_URL=${{ secrets.PRODUCTION_ZENVIA_API_URL }}" >> $GITHUB_ENV | |
| echo "ZENVIA_API_TOKEN=${{ secrets.PRODUCTION_ZENVIA_API_TOKEN }}" >> $GITHUB_ENV | |
| echo "AGENCIA_ACCESS_TOKEN=${{ secrets.PRODUCTION_AGENCIA_ACCESS_TOKEN }}" >> $GITHUB_ENV | |
| - name: Set environment | |
| run: | | |
| sed -i 's%ENVIRONMENT%${{ env.ENVIRONMENT }}%g' deployment/app.yml | |
| sed -i 's%ENV_NAME_STUB%NEXT_PUBLIC_ENVIRONMENT%g' deployment/app.yml | |
| sed -i 's%ENVIRONMENT%${{ env.ENVIRONMENT }}%g' deployment/websocket.yml | |
| sed -i "s%UMAMI_SITE_ID_STUB%${{ env.UMAMI_SITE_ID }}%g" deployment/app.yml | |
| sed -i "s%RECAPTCHA_SITEKEY_STUB%${{ env.RECAPTCHA_SITEKEY }}%g" deployment/app.yml | |
| sed -i "s%ORY_SDK_URL_STUB%${{ env.ORY_SDK_URL }}%g" deployment/app.yml | |
| sed -i "s%ORY_ACCESS_TOKEN_STUB%${{ env.ORY_ACCESS_TOKEN }}%g" deployment/app.yml | |
| sed -i "s%NEW_RELIC_LICENSE_KEY_STUB%${{ env.NEW_RELIC_LICENSE_KEY }}%g" deployment/app.yml | |
| sed -i "s%NEW_RELIC_APP_NAME_STUB%${{ env.NEW_RELIC_APP_NAME }}%g" deployment/app.yml | |
| sed -i "s%NEXT_PUBLIC_ORYSDKURL_STUB%${{ env.ORY_SDK_URL }}%g" deployment/app.yml | |
| sed -i "s%OPENAI_API_KEY_STUB%${{ env.OPENAI_API_KEY }}%g" deployment/app.yml | |
| - name: Set deployment | |
| run: | | |
| sed -i "s/TAG/$GITHUB_SHA/" deployment/app.yml | |
| sed -i "s/TAG/$GITHUB_SHA/" deployment/websocket.yml | |
| - name: Applying Kubernetes Deployment | |
| uses: giovannirossini/[email protected] | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: "us-east-1" | |
| cluster-name: "production" | |
| command: kubectl apply -f ./deployment/ | |
| - name: Validation | |
| uses: giovannirossini/[email protected] | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: "us-east-1" | |
| cluster-name: "production" | |
| command: kubectl rollout status deployments/aletheia -n ${{ env.ENVIRONMENT }} --timeout=360s | |
| if: success() | |
| - name: Rollback | |
| uses: giovannirossini/[email protected] | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: "us-east-1" | |
| cluster-name: "production" | |
| command: kubectl rollout undo deployments/aletheia -n ${{ env.ENVIRONMENT }} | |
| if: failure() |