-
-
Notifications
You must be signed in to change notification settings - Fork 16
157 lines (144 loc) · 6.37 KB
/
aws.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
name: Deploy to AWS EKS
on:
push:
branches:
- master
- stage
- ufpb-labcheck
# For future
# release:
# types: [created]
env:
ECR_REGISTRY: ${{ secrets.ECR_REGISTRY }}
KUBE_CONFIG: ${{ secrets.KUBE_CONFIG }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY }}
AWS_DEFAULT_REGION: us-east-1
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
jobs:
setup-build-publish:
name: Build & Publish
runs-on: ubuntu-latest
environment: ${{ github.ref_name == 'stage' && 'development' || github.ref_name == 'master' && 'production' || github.ref_name }}
env:
ENVIRONMENT: ${{ github.ref_name == 'stage' && 'development' || github.ref_name == 'master' && 'production' || github.ref_name }}
AWS_SDK_BUCKET: ${{ secrets.AWS_SDK_BUCKET }}
API_URL: ${{ secrets.API_URL }}
GITHUB_SHA: ${{ github.sha }}
IMAGE: aletheiafact-production
ENV: ${{ github.ref_name == 'stage' && 'development' || github.ref_name == 'master' && 'production' || github.ref_name }}
NEW_RELIC_LICENSE_KEY: ${{ secrets.NEW_RELIC_LICENSE_KEY }}
UMAMI_SITE_ID: ${{ secrets.UMAMI_SITE_ID }}
MONGODB_URI: ${{ secrets.MONGODB_URI }}
MONGODB_NAME: ${{ secrets.MONGODB_NAME }}
ORY_SDK_URL: ${{ secrets.ORY_SDK_URL }}
ORY_ACCESS_TOKEN: ${{ secrets.ORY_ACCESS_TOKEN }}
ORYCLOUD: "enabled"
ALETHEIA_SCHEMA_ID: ${{ secrets.ALETHEIA_SCHEMA_ID }}
RECAPTCHA_SITEKEY: ${{ secrets.RECAPTCHA_SITEKEY }}
NOVU_API_KEY: ${{ secrets.NOVU_API_KEY }}
NOVU_APPLICATION_IDENTIFIER: ${{ secrets.NOVU_APPLICATION_IDENTIFIER }}
NEW_RELIC_APP_NAME: ${{ secrets.NEW_RELIC_APP_NAME }}
GITLAB_FEATURE_FLAG_URL: ${{ secrets.GITLAB_FEATURE_FLAG_URL }}
GITLAB_FEATURE_FLAG_INSTANCE_ID: ${{ secrets.GITLAB_FEATURE_FLAG_INSTANCE_ID }}
# Needed env variables for first build on next
NEXT_PUBLIC_UMAMI_SITE_ID: ${{ secrets.UMAMI_SITE_ID }}
NEXT_PUBLIC_RECAPTCHA_SITEKEY: ${{ secrets.RECAPTCHA_SITEKEY }}
AGENTS_API_URL: ${{ secrets.AGENTS_API_URL }}
OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
ZENVIA_API_URL: ${{ secrets.ZENVIA_API_URL }}
ZENVIA_API_TOKEN: ${{ secrets.ZENVIA_API_TOKEN }}
AGENCIA_ACCESS_TOKEN: ${{ secrets.AGENCIA_ACCESS_TOKEN }}
RECAPTCHA_SECRET: ${{ secrets.RECAPTCHA_SECRETKEY }}
TAG: ${{ github.sha}}
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-1
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1
- name: Install pkl
uses: pkl-community/setup-pkl@v0
with:
pkl-version: 0.25.2
# Setting up config.yaml based on environment
- name: Set config.yaml
run: |
pkl eval -f yaml ./deployment/config/config-file/$ENVIRONMENT.pkl > config.$ENVIRONMENT.yaml
- name: Set migrate-mongo-config.ts
run: |
sed -i "s%MONGODB_URI%$MONGODB_URI%g" migrate-mongo-config-example.ts
sed -i "s%MONGODB_NAME%$MONGODB_NAME%g" migrate-mongo-config-example.ts
# Build the Docker image
- name: Build
run: |
docker build --build-arg ENVIRONMENT=$ENVIRONMENT \
--build-arg NEXT_PUBLIC_UMAMI_SITE_ID=$NEXT_PUBLIC_UMAMI_SITE_ID \
--build-arg NEXT_PUBLIC_ENVIRONMENT=$ENVIRONMENT \
--build-arg NEXT_PUBLIC_ORY_SDK_URL=$ORY_SDK_URL \
--build-arg NEXT_PUBLIC_ORYCLOUD=$ORYCLOUD \
--build-arg NEXT_PUBLIC_RECAPTCHA_SITEKEY=${{ secrets.NEXT_PUBLIC_RECAPTCHA_SITEKEY }} \
-t "$ECR_REGISTRY"/"$IMAGE":"$GITHUB_SHA" .
docker tag "$ECR_REGISTRY"/"$IMAGE":"$GITHUB_SHA" "$ECR_REGISTRY"/"$IMAGE":latest
# Push the Docker image to Google Container Registry
- name: Publish
run: |
docker push $ECR_REGISTRY/$IMAGE:$GITHUB_SHA
if [[ "$ENVIRONMENT" == "production" ]]; then docker push "$ECR_REGISTRY"/"$IMAGE":latest; fi
deploy:
name: Deploy
needs: setup-build-publish
runs-on: ubuntu-latest
environment: ${{ github.ref_name == 'stage' && 'development' || github.ref_name == 'master' && 'production' || github.ref_name }}
env:
ENVIRONMENT: ${{ github.ref_name == 'stage' && 'development' || github.ref_name == 'master' && 'production' || github.ref_name }}
KUBE_CONFIG: ${{ secrets.KUBE_CONFIG }}
NEW_RELIC_LICENSE_KEY: ${{ secrets.NEW_RELIC_LICENSE_KEY }}
UMAMI_SITE_ID: ${{ secrets.UMAMI_SITE_ID }}
ORY_SDK_URL: ${{ secrets.ORY_SDK_URL }}
ORY_ACCESS_TOKEN: ${{ secrets.ORY_ACCESS_TOKEN }}
RECAPTCHA_SITEKEY: ${{ secrets.RECAPTCHA_SITEKEY }}
OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
ORYCLOUD: "enabled"
TAG: ${{ github.sha}}
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Install pkl
uses: pkl-community/setup-pkl@v0
with:
pkl-version: 0.25.2
- name: Set deployment/app.yml
run: |
pkl eval -f yaml ./deployment/k8s/$ENVIRONMENT.pkl > deployment/app.yml
- name: Applying Kubernetes Deployment
uses: giovannirossini/[email protected]
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: "us-east-1"
cluster-name: "production"
command: kubectl apply -f ./deployment/
- name: Validation
uses: giovannirossini/[email protected]
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: "us-east-1"
cluster-name: "production"
command: kubectl rollout status deployments/aletheia -n ${{ env.ENVIRONMENT }} --timeout=360s
if: success()
- name: Rollback
uses: giovannirossini/[email protected]
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: "us-east-1"
cluster-name: "production"
command: kubectl rollout undo deployments/aletheia -n ${{ env.ENVIRONMENT }}
if: failure()