From 97c71438d313dfae88e50a263248aed0dd62a37a Mon Sep 17 00:00:00 2001 From: msantos <msantos@wikimedia.org> Date: Thu, 3 Oct 2024 08:43:24 -0300 Subject: [PATCH] Fix wrong call to ZENVIA_API_TOKEN secret --- .github/workflows/aws.yml | 274 +++++++++++++++++++------------------- 1 file changed, 137 insertions(+), 137 deletions(-) diff --git a/.github/workflows/aws.yml b/.github/workflows/aws.yml index bd98f26b3..a93199c71 100644 --- a/.github/workflows/aws.yml +++ b/.github/workflows/aws.yml @@ -1,154 +1,154 @@ name: Deploy to AWS EKS on: - push: - branches: - - master - - stage - - ufpb-labcheck - # For future - # release: - # types: [created] + push: + branches: + - master + - stage + - ufpb-labcheck + # For future + # release: + # types: [created] env: - ECR_REGISTRY: ${{ secrets.ECR_REGISTRY }} - KUBE_CONFIG: ${{ secrets.KUBE_CONFIG }} - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY }} - AWS_DEFAULT_REGION: us-east-1 - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + ECR_REGISTRY: ${{ secrets.ECR_REGISTRY }} + KUBE_CONFIG: ${{ secrets.KUBE_CONFIG }} + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY }} + AWS_DEFAULT_REGION: us-east-1 + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} jobs: - setup-build-publish: - name: Build & Publish - runs-on: ubuntu-latest - environment: ${{ github.ref_name == 'stage' && 'development' || github.ref_name == 'master' && 'production' || github.ref_name }} - env: - ENVIRONMENT: ${{ github.ref_name == 'stage' && 'development' || github.ref_name == 'master' && 'production' || github.ref_name }} - AWS_SDK_BUCKET: ${{ secrets.AWS_SDK_BUCKET }} - API_URL: ${{ secrets.API_URL }} - GITHUB_SHA: ${{ github.sha }} - IMAGE: aletheiafact-production - ENV: ${{ github.ref_name == 'stage' && 'development' || github.ref_name == 'master' && 'production' || github.ref_name }} - NEW_RELIC_LICENSE_KEY: ${{ secrets.NEW_RELIC_LICENSE_KEY }} - UMAMI_SITE_ID: ${{ secrets.UMAMI_SITE_ID }} - MONGODB_URI: ${{ secrets.MONGODB_URI }} - MONGODB_NAME: ${{ secrets.MONGODB_NAME }} - ORY_SDK_URL: ${{ secrets.ORY_SDK_URL }} - ORY_ACCESS_TOKEN: ${{ secrets.ORY_ACCESS_TOKEN }} - ALETHEIA_SCHEMA_ID: ${{ secrets.ALETHEIA_SCHEMA_ID }} - RECAPTCHA_SITEKEY: ${{ secrets.RECAPTCHA_SITEKEY }} - NOVU_API_KEY: ${{ secrets.NOVU_API_KEY }} - NOVU_APPLICATION_IDENTIFIER: ${{ secrets.NOVU_APPLICATION_IDENTIFIER }} - NEW_RELIC_APP_NAME: ${{ secrets.NEW_RELIC_APP_NAME }} - GITLAB_FEATURE_FLAG_URL: ${{ secrets.GITLAB_FEATURE_FLAG_URL }} - GITLAB_FEATURE_FLAG_INSTANCE_ID: ${{ secrets.GITLAB_FEATURE_FLAG_INSTANCE_ID }} - # Needed env variables for first build on next - NEXT_PUBLIC_UMAMI_SITE_ID: ${{ secrets.UMAMI_SITE_ID }} - NEXT_PUBLIC_RECAPTCHA_SITEKEY: ${{ secrets.RECAPTCHA_SITEKEY }} - AGENTS_API_URL: ${{ secrets.AGENTS_API_URL }} - OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }} - ZENVIA_API_URL: ${{ secrets.ZENVIA_API_URL }} - ZENVIA_API_TOKEN: ${{ secrets.ZENVIA_API_URL }} - AGENCIA_ACCESS_TOKEN: ${{ secrets.AGENCIA_ACCESS_TOKEN }} - RECAPTCHA_SECRET: ${{ secrets.RECAPTCHA_SECRETKEY }} - TAG: ${{ github.sha}} - steps: - - name: Checkout - uses: actions/checkout@v2 + setup-build-publish: + name: Build & Publish + runs-on: ubuntu-latest + environment: ${{ github.ref_name == 'stage' && 'development' || github.ref_name == 'master' && 'production' || github.ref_name }} + env: + ENVIRONMENT: ${{ github.ref_name == 'stage' && 'development' || github.ref_name == 'master' && 'production' || github.ref_name }} + AWS_SDK_BUCKET: ${{ secrets.AWS_SDK_BUCKET }} + API_URL: ${{ secrets.API_URL }} + GITHUB_SHA: ${{ github.sha }} + IMAGE: aletheiafact-production + ENV: ${{ github.ref_name == 'stage' && 'development' || github.ref_name == 'master' && 'production' || github.ref_name }} + NEW_RELIC_LICENSE_KEY: ${{ secrets.NEW_RELIC_LICENSE_KEY }} + UMAMI_SITE_ID: ${{ secrets.UMAMI_SITE_ID }} + MONGODB_URI: ${{ secrets.MONGODB_URI }} + MONGODB_NAME: ${{ secrets.MONGODB_NAME }} + ORY_SDK_URL: ${{ secrets.ORY_SDK_URL }} + ORY_ACCESS_TOKEN: ${{ secrets.ORY_ACCESS_TOKEN }} + ALETHEIA_SCHEMA_ID: ${{ secrets.ALETHEIA_SCHEMA_ID }} + RECAPTCHA_SITEKEY: ${{ secrets.RECAPTCHA_SITEKEY }} + NOVU_API_KEY: ${{ secrets.NOVU_API_KEY }} + NOVU_APPLICATION_IDENTIFIER: ${{ secrets.NOVU_APPLICATION_IDENTIFIER }} + NEW_RELIC_APP_NAME: ${{ secrets.NEW_RELIC_APP_NAME }} + GITLAB_FEATURE_FLAG_URL: ${{ secrets.GITLAB_FEATURE_FLAG_URL }} + GITLAB_FEATURE_FLAG_INSTANCE_ID: ${{ secrets.GITLAB_FEATURE_FLAG_INSTANCE_ID }} + # Needed env variables for first build on next + NEXT_PUBLIC_UMAMI_SITE_ID: ${{ secrets.UMAMI_SITE_ID }} + NEXT_PUBLIC_RECAPTCHA_SITEKEY: ${{ secrets.RECAPTCHA_SITEKEY }} + AGENTS_API_URL: ${{ secrets.AGENTS_API_URL }} + OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }} + ZENVIA_API_URL: ${{ secrets.ZENVIA_API_URL }} + ZENVIA_API_TOKEN: ${{ secrets.ZENVIA_API_TOKEN }} + AGENCIA_ACCESS_TOKEN: ${{ secrets.AGENCIA_ACCESS_TOKEN }} + RECAPTCHA_SECRET: ${{ secrets.RECAPTCHA_SECRETKEY }} + TAG: ${{ github.sha}} + steps: + - name: Checkout + uses: actions/checkout@v2 - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v1 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws-region: us-east-1 + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v1 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: us-east-1 - - name: Login to Amazon ECR - id: login-ecr - uses: aws-actions/amazon-ecr-login@v1 + - name: Login to Amazon ECR + id: login-ecr + uses: aws-actions/amazon-ecr-login@v1 - - name: Install pkl - uses: pkl-community/setup-pkl@v0 - with: - pkl-version: 0.25.2 - # Setting up config.yaml based on environment - - name: Set config.yaml - run: | - pkl eval -f yaml ./deployment/config/config-file/$ENVIRONMENT.pkl > config.$ENVIRONMENT.yaml + - name: Install pkl + uses: pkl-community/setup-pkl@v0 + with: + pkl-version: 0.25.2 + # Setting up config.yaml based on environment + - name: Set config.yaml + run: | + pkl eval -f yaml ./deployment/config/config-file/$ENVIRONMENT.pkl > config.$ENVIRONMENT.yaml - - name: Set migrate-mongo-config.ts - run: | - sed -i "s%MONGODB_URI%$MONGODB_URI%g" migrate-mongo-config-example.ts - sed -i "s%MONGODB_NAME%$MONGODB_NAME%g" migrate-mongo-config-example.ts + - name: Set migrate-mongo-config.ts + run: | + sed -i "s%MONGODB_URI%$MONGODB_URI%g" migrate-mongo-config-example.ts + sed -i "s%MONGODB_NAME%$MONGODB_NAME%g" migrate-mongo-config-example.ts - # Build the Docker image - - name: Build - run: | - docker build --build-arg ENVIRONMENT=$ENVIRONMENT \ - --build-arg NEXT_PUBLIC_UMAMI_SITE_ID=$NEXT_PUBLIC_UMAMI_SITE_ID \ - --build-arg NEXT_PUBLIC_ENVIRONMENT=$ENVIRONMENT \ - --build-arg NEXT_PUBLIC_ORY_SDK_URL=$ORY_SDK_URL \ - --build-arg NEXT_PUBLIC_RECAPTCHA_SITEKEY=${{ secrets.NEXT_PUBLIC_RECAPTCHA_SITEKEY }} \ - -t "$ECR_REGISTRY"/"$IMAGE":"$GITHUB_SHA" . - docker tag "$ECR_REGISTRY"/"$IMAGE":"$GITHUB_SHA" "$ECR_REGISTRY"/"$IMAGE":latest + # Build the Docker image + - name: Build + run: | + docker build --build-arg ENVIRONMENT=$ENVIRONMENT \ + --build-arg NEXT_PUBLIC_UMAMI_SITE_ID=$NEXT_PUBLIC_UMAMI_SITE_ID \ + --build-arg NEXT_PUBLIC_ENVIRONMENT=$ENVIRONMENT \ + --build-arg NEXT_PUBLIC_ORY_SDK_URL=$ORY_SDK_URL \ + --build-arg NEXT_PUBLIC_RECAPTCHA_SITEKEY=${{ secrets.NEXT_PUBLIC_RECAPTCHA_SITEKEY }} \ + -t "$ECR_REGISTRY"/"$IMAGE":"$GITHUB_SHA" . + docker tag "$ECR_REGISTRY"/"$IMAGE":"$GITHUB_SHA" "$ECR_REGISTRY"/"$IMAGE":latest - # Push the Docker image to Google Container Registry - - name: Publish - run: | - docker push $ECR_REGISTRY/$IMAGE:$GITHUB_SHA - if [[ "$ENVIRONMENT" == "production" ]]; then docker push "$ECR_REGISTRY"/"$IMAGE":latest; fi + # Push the Docker image to Google Container Registry + - name: Publish + run: | + docker push $ECR_REGISTRY/$IMAGE:$GITHUB_SHA + if [[ "$ENVIRONMENT" == "production" ]]; then docker push "$ECR_REGISTRY"/"$IMAGE":latest; fi - deploy: - name: Deploy - needs: setup-build-publish - runs-on: ubuntu-latest - environment: ${{ github.ref_name == 'stage' && 'development' || github.ref_name == 'master' && 'production' || github.ref_name }} - env: - ENVIRONMENT: ${{ github.ref_name == 'stage' && 'development' || github.ref_name == 'master' && 'production' || github.ref_name }} - KUBE_CONFIG: ${{ secrets.KUBE_CONFIG }} - NEW_RELIC_LICENSE_KEY: ${{ secrets.NEW_RELIC_LICENSE_KEY }} - UMAMI_SITE_ID: ${{ secrets.UMAMI_SITE_ID }} - ORY_SDK_URL: ${{ secrets.ORY_SDK_URL }} - ORY_ACCESS_TOKEN: ${{ secrets.ORY_ACCESS_TOKEN }} - RECAPTCHA_SITEKEY: ${{ secrets.RECAPTCHA_SITEKEY }} - OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }} - TAG: ${{ github.sha}} - steps: - - name: Checkout - uses: actions/checkout@v2 + deploy: + name: Deploy + needs: setup-build-publish + runs-on: ubuntu-latest + environment: ${{ github.ref_name == 'stage' && 'development' || github.ref_name == 'master' && 'production' || github.ref_name }} + env: + ENVIRONMENT: ${{ github.ref_name == 'stage' && 'development' || github.ref_name == 'master' && 'production' || github.ref_name }} + KUBE_CONFIG: ${{ secrets.KUBE_CONFIG }} + NEW_RELIC_LICENSE_KEY: ${{ secrets.NEW_RELIC_LICENSE_KEY }} + UMAMI_SITE_ID: ${{ secrets.UMAMI_SITE_ID }} + ORY_SDK_URL: ${{ secrets.ORY_SDK_URL }} + ORY_ACCESS_TOKEN: ${{ secrets.ORY_ACCESS_TOKEN }} + RECAPTCHA_SITEKEY: ${{ secrets.RECAPTCHA_SITEKEY }} + OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }} + TAG: ${{ github.sha}} + steps: + - name: Checkout + uses: actions/checkout@v2 - - name: Install pkl - uses: pkl-community/setup-pkl@v0 - with: - pkl-version: 0.25.2 + - name: Install pkl + uses: pkl-community/setup-pkl@v0 + with: + pkl-version: 0.25.2 - - name: Set deployment/app.yml - run: | - pkl eval -f yaml ./deployment/k8s/$ENVIRONMENT.pkl > deployment/app.yml + - name: Set deployment/app.yml + run: | + pkl eval -f yaml ./deployment/k8s/$ENVIRONMENT.pkl > deployment/app.yml - - name: Applying Kubernetes Deployment - uses: giovannirossini/aws-eks@v1.0.1 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws-region: "us-east-1" - cluster-name: "production" - command: kubectl apply -f ./deployment/ + - name: Applying Kubernetes Deployment + uses: giovannirossini/aws-eks@v1.0.1 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: "us-east-1" + cluster-name: "production" + command: kubectl apply -f ./deployment/ - - name: Validation - uses: giovannirossini/aws-eks@v1.0.1 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws-region: "us-east-1" - cluster-name: "production" - command: kubectl rollout status deployments/aletheia -n ${{ env.ENVIRONMENT }} --timeout=360s - if: success() + - name: Validation + uses: giovannirossini/aws-eks@v1.0.1 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: "us-east-1" + cluster-name: "production" + command: kubectl rollout status deployments/aletheia -n ${{ env.ENVIRONMENT }} --timeout=360s + if: success() - - name: Rollback - uses: giovannirossini/aws-eks@v1.0.1 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws-region: "us-east-1" - cluster-name: "production" - command: kubectl rollout undo deployments/aletheia -n ${{ env.ENVIRONMENT }} - if: failure() + - name: Rollback + uses: giovannirossini/aws-eks@v1.0.1 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: "us-east-1" + cluster-name: "production" + command: kubectl rollout undo deployments/aletheia -n ${{ env.ENVIRONMENT }} + if: failure()