diff --git a/.github/workflows/aws.yml b/.github/workflows/aws.yml index 1d7e50cbc..a25402dda 100644 --- a/.github/workflows/aws.yml +++ b/.github/workflows/aws.yml @@ -1,225 +1,201 @@ name: Deploy to AWS EKS on: - push: - branches: - - master - - stage - # For future - # release: - # types: [created] + push: + branches: + - master + - stage + # For future + # release: + # types: [created] env: - API_URL: ${{ secrets.API_URL }} - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY }} - AWS_DEFAULT_REGION: us-east-1 - AWS_SDK_BUCKET: ${{ secrets.DEVELOPMENT_AWS_SDK_BUCKET }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - ECR_REGISTRY: ${{ secrets.ECR_REGISTRY }} - GITHUB_SHA: ${{ github.sha }} - KUBE_CONFIG: ${{ secrets.KUBE_CONFIG }} - NEW_RELIC_LICENSE_KEY: ${{ secrets.NEW_RELIC_LICENSE_KEY }} - IMAGE: aletheiafact-production - ENVIRONMENT: development - ENV: development - UMAMI_SITE_ID: ${{ secrets.DEVELOPMENT_UMAMI_SITE_ID }} - MONGODB_URI: ${{ secrets.DEVELOPMENT_MONGODB_URI }} - MONGODB_NAME: ${{ secrets.DEVELOPMENT_MONGODB_NAME }} - ORY_SDK_URL: ${{ secrets.DEVELOPMENT_ORY_SDK_URL }} - ORY_ACCESS_TOKEN: ${{ secrets.DEVELOPMENT_ORY_ACCESS_TOKEN }} - ALETHEIA_SCHEMA_ID: ${{ secrets.DEVELOPMENT_ALETHEIA_SCHEMA_ID }} - RECAPTCHA_SITEKEY: ${{ secrets.RECAPTCHA_SITEKEY }} - NOVU_API_KEY: ${{ secrets.DEVELOPMENT_NOVU_API_KEY }} - NOVU_APPLICATION_IDENTIFIER: ${{ secrets.DEVELOPMENT_NOVU_APPLICATION_IDENTIFIER }} - NEW_RELIC_APP_NAME: ${{ secrets.DEVELOPMENT_NEW_RELIC_APP_NAME }} - GITLAB_FEATURE_FLAG_URL: ${{ secrets.GITLAB_FEATURE_FLAG_URL }} - GITLAB_FEATURE_FLAG_INSTANCE_ID: ${{ secrets.GITLAB_FEATURE_FLAG_INSTANCE_ID }} - # Needed env variables for first build on next - NEXT_PUBLIC_UMAMI_SITE_ID: ${{ secrets.DEVELOPMENT_UMAMI_SITE_ID }} - NEXT_PUBLIC_RECAPTCHA_SITEKEY: ${{ secrets.RECAPTCHA_SITEKEY }} - AGENTS_API_URL: ${{ secrets.DEVELOPMENT_AGENTS_API_URL }} - OPENAI_API_KEY: ${{ secrets.DEVELOPMENT_OPENAI_API_KEY }} - ZENVIA_API_URL: ${{ secrets.DEVELOPMENT_ZENVIA_API_URL }} - ZENVIA_API_TOKEN: ${{ secrets.DEVELOPMENT_ZENVIA_API_URL }} - AGENCIA_ACCESS_TOKEN: ${{ secrets.DEVELOPMENT_AGENCIA_ACCESS_TOKEN }} - RECAPTCHA_SECRET: ${{ secrets.RECAPTCHA_SECRETKEY }} + API_URL: ${{ secrets.API_URL }} + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY }} + AWS_DEFAULT_REGION: us-east-1 + AWS_SDK_BUCKET: ${{ secrets.DEVELOPMENT_AWS_SDK_BUCKET }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + ECR_REGISTRY: ${{ secrets.ECR_REGISTRY }} + GITHUB_SHA: ${{ github.sha }} + KUBE_CONFIG: ${{ secrets.KUBE_CONFIG }} + NEW_RELIC_LICENSE_KEY: ${{ secrets.NEW_RELIC_LICENSE_KEY }} + IMAGE: aletheiafact-production + ENVIRONMENT: development + ENV: development + UMAMI_SITE_ID: ${{ secrets.DEVELOPMENT_UMAMI_SITE_ID }} + MONGODB_URI: ${{ secrets.DEVELOPMENT_MONGODB_URI }} + MONGODB_NAME: ${{ secrets.DEVELOPMENT_MONGODB_NAME }} + ORY_SDK_URL: ${{ secrets.DEVELOPMENT_ORY_SDK_URL }} + ORY_ACCESS_TOKEN: ${{ secrets.DEVELOPMENT_ORY_ACCESS_TOKEN }} + ALETHEIA_SCHEMA_ID: ${{ secrets.DEVELOPMENT_ALETHEIA_SCHEMA_ID }} + RECAPTCHA_SITEKEY: ${{ secrets.RECAPTCHA_SITEKEY }} + NOVU_API_KEY: ${{ secrets.DEVELOPMENT_NOVU_API_KEY }} + NOVU_APPLICATION_IDENTIFIER: ${{ secrets.DEVELOPMENT_NOVU_APPLICATION_IDENTIFIER }} + NEW_RELIC_APP_NAME: ${{ secrets.DEVELOPMENT_NEW_RELIC_APP_NAME }} + GITLAB_FEATURE_FLAG_URL: ${{ secrets.GITLAB_FEATURE_FLAG_URL }} + GITLAB_FEATURE_FLAG_INSTANCE_ID: ${{ secrets.GITLAB_FEATURE_FLAG_INSTANCE_ID }} + # Needed env variables for first build on next + NEXT_PUBLIC_UMAMI_SITE_ID: ${{ secrets.DEVELOPMENT_UMAMI_SITE_ID }} + NEXT_PUBLIC_RECAPTCHA_SITEKEY: ${{ secrets.RECAPTCHA_SITEKEY }} + AGENTS_API_URL: ${{ secrets.DEVELOPMENT_AGENTS_API_URL }} + OPENAI_API_KEY: ${{ secrets.DEVELOPMENT_OPENAI_API_KEY }} + ZENVIA_API_URL: ${{ secrets.DEVELOPMENT_ZENVIA_API_URL }} + ZENVIA_API_TOKEN: ${{ secrets.DEVELOPMENT_ZENVIA_API_URL }} + AGENCIA_ACCESS_TOKEN: ${{ secrets.DEVELOPMENT_AGENCIA_ACCESS_TOKEN }} + RECAPTCHA_SECRET: ${{ secrets.RECAPTCHA_SECRETKEY }} jobs: - setup-build-publish: - name: Build & Publish - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v2 - - - name: Check Environment - if: endsWith(github.ref, '/master') - run: | - sed -i '11{s/test.//}' deployment/app.yml - sed -i '21{s/test.//}' deployment/app.yml - sed -i '11{s/testws./ws./}' deployment/websocket.yml - sed -i '11{s/test.//}' config.seed.example.yaml - echo "ENV=production" >> $GITHUB_ENV - echo "ENVIRONMENT=production" >> $GITHUB_ENV - echo "UMAMI_SITE_ID=${{ secrets.PRODUCTION_UMAMI_SITE_ID }}" >> $GITHUB_ENV - echo "NEXT_PUBLIC_UMAMI_SITE_ID=${{ secrets.PRODUCTION_UMAMI_SITE_ID }}" >> $GITHUB_ENV - echo "MONGODB_URI=${{ secrets.PRODUCTION_MONGODB_URI }}" >> $GITHUB_ENV - echo "ORY_SDK_URL=${{ secrets.PRODUCTION_ORY_SDK_URL }}" >> $GITHUB_ENV - echo "ORY_ACCESS_TOKEN=${{ secrets.PRODUCTION_ORY_ACCESS_TOKEN }}" >> $GITHUB_ENV - echo "ALETHEIA_SCHEMA_ID=${{ secrets.PRODUCTION_ALETHEIA_SCHEMA_ID }}" >> $GITHUB_ENV - echo "API_URL=${{ secrets.API_URL_PRODUCTION }}" >> $GITHUB_ENV - echo "MONGODB_NAME=${{ secrets.PRODUCTION_MONGODB_NAME }}" >> $GITHUB_ENV - echo "AWS_SDK_BUCKET=${{ secrets.PRODUCTION_AWS_SDK_BUCKET }}" >> $GITHUB_ENV - echo "AWS_ACCESS_KEY_ID=${{ secrets.PRODUCTION_AWS_ACCESS_KEY_ID }}" >> $GITHUB_ENV - echo "AWS_SECRET_ACCESS_KEY=${{ secrets.PRODUCTION_AWS_SECRET_ACCESS_KEY }}" >> $GITHUB_ENV - echo "NOVU_API_KEY=${{ secrets.PRODUCTION_NOVU_API_KEY }}" >> $GITHUB_ENV - echo "NOVU_APPLICATION_IDENTIFIER=${{ secrets.PRODUCTION_NOVU_APPLICATION_IDENTIFIER }}" >> $GITHUB_ENV - echo "NEW_RELIC_APP_NAME=${{ secrets.PRODUCTION_NEW_RELIC_APP_NAME }}" >> $GITHUB_ENV - echo "NEXT_PUBLIC_ORY_SDK_URL=${{ secrets.ORY_SDK_URL }}" >> $GITHUB_ENV - echo "AGENTS_API_URL=${{ secrets.PRODUCTION_AGENTS_API_URL }}" >> $GITHUB_ENV - echo "OPENAI_API_KEY=${{ secrets.PRODUCTION_OPENAI_API_KEY }}" >> $GITHUB_ENV - echo "ZENVIA_API_URL=${{ secrets.PRODUCTION_ZENVIA_API_URL }}" >> $GITHUB_ENV - echo "ZENVIA_API_TOKEN=${{ secrets.PRODUCTION_ZENVIA_API_TOKEN }}" >> $GITHUB_ENV - echo "AGENCIA_ACCESS_TOKEN=${{ secrets.PRODUCTION_AGENCIA_ACCESS_TOKEN }}" >> $GITHUB_ENV - - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v1 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws-region: us-east-1 - - - name: Login to Amazon ECR - id: login-ecr - uses: aws-actions/amazon-ecr-login@v1 - - - name: Install pkl - uses: pkl-community/setup-pkl@v0 - with: - pkl-version: 0.25.2 - # Setting up config.yaml based on environment - - name: Set config.yaml - run: | - pkl eval -f yaml ./deployment/config/config-file/$ENVIRONMENT.pkl > config.$ENVIRONMENT.yaml - - - name: Set migrate-mongo-config.ts - run: | - sed -i "s%MONGODB_URI%$MONGODB_URI%g" migrate-mongo-config-example.ts - sed -i "s%MONGODB_NAME%$MONGODB_NAME%g" migrate-mongo-config-example.ts - - # Setting user seed config - - name: Set config.seed.example.yaml - env: - SMTP_HOST: ${{ secrets.SMTP_HOST }} - SMTP_PORT: ${{ secrets.SMTP_PORT }} - SMTP_EMAIL_USER: ${{ secrets.SMTP_EMAIL_USER }} - SMTP_EMAIL_PASS: ${{ secrets.SMTP_EMAIL_PASS }} - TEST_USER_PASS: ${{ secrets.TEST_USER_PASS }} - - run: | - sed -i "s%SMTP_HOST%$SMTP_HOST%g" config.seed.example.yaml - sed -i "s%SMTP_PORT%$SMTP_PORT%g" config.seed.example.yaml - sed -i "s%SMTP_EMAIL_USER%$SMTP_EMAIL_USER%g" config.seed.example.yaml - sed -i "s%SMTP_EMAIL_PASS%$SMTP_EMAIL_PASS%g" config.seed.example.yaml - sed -i "s/TEST_USER_PASS/$TEST_USER_PASS/g" config.seed.example.yaml - sed -i "s%MONGODB_URI%$MONGODB_URI%g" config.seed.example.yaml - sed -i "s%ORY_SDK_URL%$ORY_SDK_URL%g" config.seed.example.yaml - sed -i "s/ORY_ACCESS_TOKEN/$ORY_ACCESS_TOKEN/g" config.seed.example.yaml - sed -i "s/ALETHEIA_SCHEMA_ID/$ALETHEIA_SCHEMA_ID/g" config.seed.example.yaml - - # Build the Docker image - - name: Build - run: | - docker build --build-arg ENVIRONMENT=$ENVIRONMENT \ - --build-arg NEXT_PUBLIC_UMAMI_SITE_ID=$NEXT_PUBLIC_UMAMI_SITE_ID \ - --build-arg NEXT_PUBLIC_ENVIRONMENT=$ENVIRONMENT \ - --build-arg NEXT_PUBLIC_ORY_SDK_URL=$ORY_SDK_URL \ - --build-arg NEXT_PUBLIC_RECAPTCHA_SITEKEY=${{ secrets.NEXT_PUBLIC_RECAPTCHA_SITEKEY }} \ - -t "$ECR_REGISTRY"/"$IMAGE":"$GITHUB_SHA" . - docker tag "$ECR_REGISTRY"/"$IMAGE":"$GITHUB_SHA" "$ECR_REGISTRY"/"$IMAGE":latest - - # Push the Docker image to Google Container Registry - - name: Publish - run: | - docker push $ECR_REGISTRY/$IMAGE:$GITHUB_SHA - if [[ "$ENVIRONMENT" == "production" ]]; then docker push "$ECR_REGISTRY"/"$IMAGE":latest; fi - - deploy: - name: Deploy - needs: setup-build-publish - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v2 - - - name: Check Environment - if: endsWith(github.ref, '/master') - run: | - sed -i '11{s/test.//}' deployment/app.yml - sed -i '21{s/test.//}' deployment/app.yml - sed -i '11{s/testws./ws./}' deployment/websocket.yml - echo "ENVIRONMENT=production" >> $GITHUB_ENV - echo "UMAMI_SITE_ID=${{ secrets.PRODUCTION_UMAMI_SITE_ID }}" >> $GITHUB_ENV - echo "NEXT_PUBLIC_UMAMI_SITE_ID=${{ secrets.PRODUCTION_UMAMI_SITE_ID }}" >> $GITHUB_ENV - echo "MONGODB_URI=${{ secrets.PRODUCTION_MONGODB_URI }}" >> $GITHUB_ENV - echo "ORY_SDK_URL=${{ secrets.PRODUCTION_ORY_SDK_URL }}" >> $GITHUB_ENV - echo "ORY_ACCESS_TOKEN=${{ secrets.PRODUCTION_ORY_ACCESS_TOKEN }}" >> $GITHUB_ENV - echo "ALETHEIA_SCHEMA_ID=${{ secrets.PRODUCTION_ALETHEIA_SCHEMA_ID }}" >> $GITHUB_ENV - echo "API_URL=${{ secrets.API_URL_PRODUCTION }}" >> $GITHUB_ENV - echo "MONGODB_NAME=${{ secrets.PRODUCTION_MONGODB_NAME }}" >> $GITHUB_ENV - echo "AWS_SDK_BUCKET=${{ secrets.PRODUCTION_AWS_SDK_BUCKET }}" >> $GITHUB_ENV - echo "AWS_ACCESS_KEY_ID=${{ secrets.PRODUCTION_AWS_ACCESS_KEY_ID }}" >> $GITHUB_ENV - echo "AWS_SECRET_ACCESS_KEY=${{ secrets.PRODUCTION_AWS_SECRET_ACCESS_KEY }}" >> $GITHUB_ENV - echo "NOVU_API_KEY=${{ secrets.PRODUCTION_NOVU_API_KEY }}" >> $GITHUB_ENV - echo "NOVU_APPLICATION_IDENTIFIER=${{ secrets.PRODUCTION_NOVU_APPLICATION_IDENTIFIER }}" >> $GITHUB_ENV - echo "OPENAI_API_KEY=${{ secrets.PRODUCTION_OPENAI_API_KEY }}" >> $GITHUB_ENV - echo "ZENVIA_API_URL=${{ secrets.PRODUCTION_ZENVIA_API_URL }}" >> $GITHUB_ENV - echo "ZENVIA_API_TOKEN=${{ secrets.PRODUCTION_ZENVIA_API_TOKEN }}" >> $GITHUB_ENV - echo "AGENCIA_ACCESS_TOKEN=${{ secrets.PRODUCTION_AGENCIA_ACCESS_TOKEN }}" >> $GITHUB_ENV - - - name: Set environment - run: | - sed -i 's%ENVIRONMENT%${{ env.ENVIRONMENT }}%g' deployment/app.yml - sed -i 's%ENV_NAME_STUB%NEXT_PUBLIC_ENVIRONMENT%g' deployment/app.yml - sed -i 's%ENVIRONMENT%${{ env.ENVIRONMENT }}%g' deployment/websocket.yml - sed -i "s%UMAMI_SITE_ID_STUB%${{ env.UMAMI_SITE_ID }}%g" deployment/app.yml - sed -i "s%RECAPTCHA_SITEKEY_STUB%${{ env.RECAPTCHA_SITEKEY }}%g" deployment/app.yml - sed -i "s%ORY_SDK_URL_STUB%${{ env.ORY_SDK_URL }}%g" deployment/app.yml - sed -i "s%ORY_ACCESS_TOKEN_STUB%${{ env.ORY_ACCESS_TOKEN }}%g" deployment/app.yml - sed -i "s%NEW_RELIC_LICENSE_KEY_STUB%${{ env.NEW_RELIC_LICENSE_KEY }}%g" deployment/app.yml - sed -i "s%NEW_RELIC_APP_NAME_STUB%${{ env.NEW_RELIC_APP_NAME }}%g" deployment/app.yml - sed -i "s%NEXT_PUBLIC_ORYSDKURL_STUB%${{ env.ORY_SDK_URL }}%g" deployment/app.yml - sed -i "s%OPENAI_API_KEY_STUB%${{ env.OPENAI_API_KEY }}%g" deployment/app.yml - - - name: Set deployment - run: | - sed -i "s/TAG/$GITHUB_SHA/" deployment/app.yml - sed -i "s/TAG/$GITHUB_SHA/" deployment/websocket.yml - - - name: Applying Kubernetes Deployment - uses: giovannirossini/aws-eks@v1.0.1 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws-region: "us-east-1" - cluster-name: "production" - command: kubectl apply -f ./deployment/ - - - name: Validation - uses: giovannirossini/aws-eks@v1.0.1 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws-region: "us-east-1" - cluster-name: "production" - command: kubectl rollout status deployments/aletheia -n ${{ env.ENVIRONMENT }} --timeout=360s - if: success() - - - name: Rollback - uses: giovannirossini/aws-eks@v1.0.1 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws-region: "us-east-1" - cluster-name: "production" - command: kubectl rollout undo deployments/aletheia -n ${{ env.ENVIRONMENT }} - if: failure() + setup-build-publish: + name: Build & Publish + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v2 + + - name: Check Environment + if: endsWith(github.ref, '/master') + run: | + sed -i '11{s/test.//}' deployment/app.yml + sed -i '21{s/test.//}' deployment/app.yml + sed -i '11{s/testws./ws./}' deployment/websocket.yml + echo "ENV=production" >> $GITHUB_ENV + echo "ENVIRONMENT=production" >> $GITHUB_ENV + echo "UMAMI_SITE_ID=${{ secrets.PRODUCTION_UMAMI_SITE_ID }}" >> $GITHUB_ENV + echo "NEXT_PUBLIC_UMAMI_SITE_ID=${{ secrets.PRODUCTION_UMAMI_SITE_ID }}" >> $GITHUB_ENV + echo "MONGODB_URI=${{ secrets.PRODUCTION_MONGODB_URI }}" >> $GITHUB_ENV + echo "ORY_SDK_URL=${{ secrets.PRODUCTION_ORY_SDK_URL }}" >> $GITHUB_ENV + echo "ORY_ACCESS_TOKEN=${{ secrets.PRODUCTION_ORY_ACCESS_TOKEN }}" >> $GITHUB_ENV + echo "ALETHEIA_SCHEMA_ID=${{ secrets.PRODUCTION_ALETHEIA_SCHEMA_ID }}" >> $GITHUB_ENV + echo "API_URL=${{ secrets.API_URL_PRODUCTION }}" >> $GITHUB_ENV + echo "MONGODB_NAME=${{ secrets.PRODUCTION_MONGODB_NAME }}" >> $GITHUB_ENV + echo "AWS_SDK_BUCKET=${{ secrets.PRODUCTION_AWS_SDK_BUCKET }}" >> $GITHUB_ENV + echo "AWS_ACCESS_KEY_ID=${{ secrets.PRODUCTION_AWS_ACCESS_KEY_ID }}" >> $GITHUB_ENV + echo "AWS_SECRET_ACCESS_KEY=${{ secrets.PRODUCTION_AWS_SECRET_ACCESS_KEY }}" >> $GITHUB_ENV + echo "NOVU_API_KEY=${{ secrets.PRODUCTION_NOVU_API_KEY }}" >> $GITHUB_ENV + echo "NOVU_APPLICATION_IDENTIFIER=${{ secrets.PRODUCTION_NOVU_APPLICATION_IDENTIFIER }}" >> $GITHUB_ENV + echo "NEW_RELIC_APP_NAME=${{ secrets.PRODUCTION_NEW_RELIC_APP_NAME }}" >> $GITHUB_ENV + echo "NEXT_PUBLIC_ORY_SDK_URL=${{ secrets.ORY_SDK_URL }}" >> $GITHUB_ENV + echo "AGENTS_API_URL=${{ secrets.PRODUCTION_AGENTS_API_URL }}" >> $GITHUB_ENV + echo "OPENAI_API_KEY=${{ secrets.PRODUCTION_OPENAI_API_KEY }}" >> $GITHUB_ENV + echo "ZENVIA_API_URL=${{ secrets.PRODUCTION_ZENVIA_API_URL }}" >> $GITHUB_ENV + echo "ZENVIA_API_TOKEN=${{ secrets.PRODUCTION_ZENVIA_API_TOKEN }}" >> $GITHUB_ENV + echo "AGENCIA_ACCESS_TOKEN=${{ secrets.PRODUCTION_AGENCIA_ACCESS_TOKEN }}" >> $GITHUB_ENV + + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v1 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: us-east-1 + + - name: Login to Amazon ECR + id: login-ecr + uses: aws-actions/amazon-ecr-login@v1 + + - name: Install pkl + uses: pkl-community/setup-pkl@v0 + with: + pkl-version: 0.25.2 + # Setting up config.yaml based on environment + - name: Set config.yaml + run: | + pkl eval -f yaml ./deployment/config/config-file/$ENVIRONMENT.pkl > config.$ENVIRONMENT.yaml + + - name: Set migrate-mongo-config.ts + run: | + sed -i "s%MONGODB_URI%$MONGODB_URI%g" migrate-mongo-config-example.ts + sed -i "s%MONGODB_NAME%$MONGODB_NAME%g" migrate-mongo-config-example.ts + + # Build the Docker image + - name: Build + run: | + docker build --build-arg ENVIRONMENT=$ENVIRONMENT \ + --build-arg NEXT_PUBLIC_UMAMI_SITE_ID=$NEXT_PUBLIC_UMAMI_SITE_ID \ + --build-arg NEXT_PUBLIC_ENVIRONMENT=$ENVIRONMENT \ + --build-arg NEXT_PUBLIC_ORY_SDK_URL=$ORY_SDK_URL \ + --build-arg NEXT_PUBLIC_RECAPTCHA_SITEKEY=${{ secrets.NEXT_PUBLIC_RECAPTCHA_SITEKEY }} \ + -t "$ECR_REGISTRY"/"$IMAGE":"$GITHUB_SHA" . + docker tag "$ECR_REGISTRY"/"$IMAGE":"$GITHUB_SHA" "$ECR_REGISTRY"/"$IMAGE":latest + + # Push the Docker image to Google Container Registry + - name: Publish + run: | + docker push $ECR_REGISTRY/$IMAGE:$GITHUB_SHA + if [[ "$ENVIRONMENT" == "production" ]]; then docker push "$ECR_REGISTRY"/"$IMAGE":latest; fi + + deploy: + name: Deploy + needs: setup-build-publish + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v2 + + - name: Check Environment + if: endsWith(github.ref, '/master') + run: | + sed -i '11{s/testws./ws./}' deployment/websocket.yml + echo "ENVIRONMENT=production" >> $GITHUB_ENV + echo "UMAMI_SITE_ID=${{ secrets.PRODUCTION_UMAMI_SITE_ID }}" >> $GITHUB_ENV + echo "NEXT_PUBLIC_UMAMI_SITE_ID=${{ secrets.PRODUCTION_UMAMI_SITE_ID }}" >> $GITHUB_ENV + echo "MONGODB_URI=${{ secrets.PRODUCTION_MONGODB_URI }}" >> $GITHUB_ENV + echo "ORY_SDK_URL=${{ secrets.PRODUCTION_ORY_SDK_URL }}" >> $GITHUB_ENV + echo "ORY_ACCESS_TOKEN=${{ secrets.PRODUCTION_ORY_ACCESS_TOKEN }}" >> $GITHUB_ENV + echo "ALETHEIA_SCHEMA_ID=${{ secrets.PRODUCTION_ALETHEIA_SCHEMA_ID }}" >> $GITHUB_ENV + echo "API_URL=${{ secrets.API_URL_PRODUCTION }}" >> $GITHUB_ENV + echo "MONGODB_NAME=${{ secrets.PRODUCTION_MONGODB_NAME }}" >> $GITHUB_ENV + echo "AWS_SDK_BUCKET=${{ secrets.PRODUCTION_AWS_SDK_BUCKET }}" >> $GITHUB_ENV + echo "AWS_ACCESS_KEY_ID=${{ secrets.PRODUCTION_AWS_ACCESS_KEY_ID }}" >> $GITHUB_ENV + echo "AWS_SECRET_ACCESS_KEY=${{ secrets.PRODUCTION_AWS_SECRET_ACCESS_KEY }}" >> $GITHUB_ENV + echo "NOVU_API_KEY=${{ secrets.PRODUCTION_NOVU_API_KEY }}" >> $GITHUB_ENV + echo "NOVU_APPLICATION_IDENTIFIER=${{ secrets.PRODUCTION_NOVU_APPLICATION_IDENTIFIER }}" >> $GITHUB_ENV + echo "OPENAI_API_KEY=${{ secrets.PRODUCTION_OPENAI_API_KEY }}" >> $GITHUB_ENV + echo "ZENVIA_API_URL=${{ secrets.PRODUCTION_ZENVIA_API_URL }}" >> $GITHUB_ENV + echo "ZENVIA_API_TOKEN=${{ secrets.PRODUCTION_ZENVIA_API_TOKEN }}" >> $GITHUB_ENV + echo "AGENCIA_ACCESS_TOKEN=${{ secrets.PRODUCTION_AGENCIA_ACCESS_TOKEN }}" >> $GITHUB_ENV + echo "TAG=$GITHUB_SHA" >> $GITHUB_ENV + + - name: Install pkl + uses: pkl-community/setup-pkl@v0 + with: + pkl-version: 0.25.2 + + - name: Set deployment/app.yml + run: | + pkl eval -f yaml ./deployment/k8s/$ENVIRONMENT.pkl > deployment/app.yml + + - name: Set environment + run: | + sed -i 's%ENVIRONMENT%${{ env.ENVIRONMENT }}%g' deployment/websocket.yml + + - name: Set deployment + run: | + sed -i "s/TAG/$GITHUB_SHA/" deployment/websocket.yml + + - name: Applying Kubernetes Deployment + uses: giovannirossini/aws-eks@v1.0.1 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: "us-east-1" + cluster-name: "production" + command: kubectl apply -f ./deployment/ + + - name: Validation + uses: giovannirossini/aws-eks@v1.0.1 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: "us-east-1" + cluster-name: "production" + command: kubectl rollout status deployments/aletheia -n ${{ env.ENVIRONMENT }} --timeout=360s + if: success() + + - name: Rollback + uses: giovannirossini/aws-eks@v1.0.1 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: "us-east-1" + cluster-name: "production" + command: kubectl rollout undo deployments/aletheia -n ${{ env.ENVIRONMENT }} + if: failure() diff --git a/deployment/k8s/app.pkl b/deployment/k8s/app.pkl new file mode 100644 index 000000000..a36b85376 --- /dev/null +++ b/deployment/k8s/app.pkl @@ -0,0 +1,92 @@ +import "package://pkg.pkl-lang.org/pkl-k8s/k8s@1.0.1#/K8sResource.pkl" +import "package://pkg.pkl-lang.org/pkl-k8s/k8s@1.0.1#/api/apps/v1/Deployment.pkl" +import "package://pkg.pkl-lang.org/pkl-k8s/k8s@1.0.1#/api/core/v1/Service.pkl" +import "package://pkg.pkl-lang.org/pkl-k8s/k8s@1.0.1#/api/networking/v1/Ingress.pkl" +import "package://pkg.pkl-lang.org/pkl-k8s/k8s@1.0.1#/api/core/v1/PodSpec.pkl" +import "./modules/ingress.pkl" as ingress + +hidden appNamespace = "development" +hidden podPort = 3000 + +hidden IngressOptions = new { + rules = new {} +} +hidden ServiceOptions = new { + spec = new Service.ServiceSpec { + type = "NodePort" + selector { + ["app"] = "aletheia" + } + ports { + new { + name = "aletheia" + targetPort = trace(podPort) + port = 80 + } + } + } +} +hidden DeploymentOptions = new { + replicas = 1 + containers = new Listing {} +} + + +resources: Listing = new { + new Ingress { + metadata { + name = "ingress-aletheia" + namespace = appNamespace + annotations { + ["kubernetes.io/ingress.class"] = "traefik" + } + } + spec { + rules = new { + for (_rule in IngressOptions.rules) { + _rule + } + } + } + } + + new Service { + metadata { + name = "aletheia" + namespace = appNamespace + } + spec = ServiceOptions.spec + } + + new Deployment { + metadata { + name = "aletheia" + namespace = appNamespace + } + spec { + replicas = DeploymentOptions.replicas + selector { + matchLabels { + ["app"] = "aletheia" + } + } + template { + metadata { + labels { + ["app"] = "aletheia" + } + } + spec { + containers = DeploymentOptions.containers + } + } + } + } +} + +output { + value = resources + renderer = (K8sResource.output.renderer as YamlRenderer) { + isStream = true + } +} diff --git a/deployment/k8s/development.pkl b/deployment/k8s/development.pkl new file mode 100644 index 000000000..c7094a85c --- /dev/null +++ b/deployment/k8s/development.pkl @@ -0,0 +1,28 @@ +amends "./app.pkl" +import "package://pkg.pkl-lang.org/pkl-k8s/k8s@1.0.1#/K8sResource.pkl" +import "./modules/ingress.pkl" as ingress +import "./modules/aletheia.pkl" + +appNamespace = "development" +podPort = 3000 + +local newAletheia = new (aletheia) { + ns = appNamespace + p = podPort +} + +IngressOptions { + rules { + (ingress.rule) { + host = "test.aletheiafact.org" + } + } +} + +DeploymentOptions { + containers { + (newAletheia.pod.container) { + name = "aletheia" + } + } +} diff --git a/deployment/k8s/modules/aletheia.pkl b/deployment/k8s/modules/aletheia.pkl new file mode 100644 index 000000000..ee6d017b5 --- /dev/null +++ b/deployment/k8s/modules/aletheia.pkl @@ -0,0 +1,11 @@ +import "./container.pkl" as containerConfig +import "package://pkg.pkl-lang.org/pkl-k8s/k8s@1.0.1#/api/core/v1/PodSpec.pkl" + +hidden ns = "" +hidden p = 3000 + +pod = (containerConfig) { + namespace = ns + imagePath = "134187360702.dkr.ecr.us-east-1.amazonaws.com/aletheiafact-production" + ":" + read("env:TAG") + podPort = p +} diff --git a/deployment/k8s/modules/container.pkl b/deployment/k8s/modules/container.pkl new file mode 100644 index 000000000..f5a49bb86 --- /dev/null +++ b/deployment/k8s/modules/container.pkl @@ -0,0 +1,79 @@ +import "package://pkg.pkl-lang.org/pkl-k8s/k8s@1.0.1#/api/core/v1/EnvVar.pkl" +import "package://pkg.pkl-lang.org/pkl-k8s/k8s@1.0.1#/api/core/v1/ResourceRequirements.pkl" +import "package://pkg.pkl-lang.org/pkl-k8s/k8s@1.0.1#/api/core/v1/PodSpec.pkl" + +hidden namespace = "" +hidden imagePath = "" +hidden podPort = "" + +container: PodSpec.Container = new { + name = "" + image = imagePath + imagePullPolicy = "Always" + env = new { + new { + name = "NEXT_PUBLIC_UMAMI_SITE_ID" + value = read("env:UMAMI_SITE_ID") + } + new { + name = "NEXT_PUBLIC_RECAPTCHA_SITEKEY" + value = read("env:RECAPTCHA_SITEKEY") + } + new { + name = "ORY_SDK_URL" + value = read("env:ORY_SDK_URL") + } + new { + name = "ORY_ACCESS_TOKEN" + value = read("env:ORY_ACCESS_TOKEN") + } + new { + name = "NEW_RELIC_LICENSE_KEY" + value = read("env:NEW_RELIC_LICENSE_KEY") + } + new { + name = "NEW_RELIC_APP_NAME" + value = "aletheia-" + namespace + } + new { + name = "NEXT_PUBLIC_ORY_SDK_URL" + value = read("env:NEXT_PUBLIC_ORYSDKURL") + } + new { + name = "OPENAI_API_KEY" + value = read("env:OPENAI_API_KEY") + } + new { + name = "ENV_NAME" + value = namespace + } + } + + readinessProbe { + httpGet { + path = "/api/health" + port = podPort + } + initialDelaySeconds = 50 + timeoutSeconds = 5 + } + livenessProbe { + httpGet { + path = "/api/health" + port = podPort + } + initialDelaySeconds = 50 + timeoutSeconds = 10 + failureThreshold = 10 + } + resources { + requests { + ["cpu"] = "300m" + ["memory"] = 512.mib + } + limits { + ["cpu"] = "400m" + ["memory"] = 1024.mib + } + } +} diff --git a/deployment/k8s/modules/ingress.pkl b/deployment/k8s/modules/ingress.pkl new file mode 100644 index 000000000..f71c1e874 --- /dev/null +++ b/deployment/k8s/modules/ingress.pkl @@ -0,0 +1,25 @@ +import "package://pkg.pkl-lang.org/pkl-k8s/k8s@1.0.1#/api/networking/v1/Ingress.pkl" as Ingress +import "package://pkg.pkl-lang.org/pkl-k8s/k8s@1.0.1#/api/apps/v1/Deployment.pkl" +import "package://pkg.pkl-lang.org/pkl-k8s/k8s@1.0.1#/api/core/v1/Service.pkl" +import "package://pkg.pkl-lang.org/pkl-k8s/k8s@1.0.1#/K8sResource.pkl" + +rule: Ingress.IngressRule = new { + host = "www.test.aletheiafact.org" + http { + paths { + new { + path = "/" + pathType = "Prefix" + backend { + service { + name = "aletheia" + port { + name = "aletheia" + } + } + } + } + } + } +} + diff --git a/deployment/k8s/production.pkl b/deployment/k8s/production.pkl new file mode 100644 index 000000000..68151dd6c --- /dev/null +++ b/deployment/k8s/production.pkl @@ -0,0 +1,32 @@ +amends "./app.pkl" +import "package://pkg.pkl-lang.org/pkl-k8s/k8s@1.0.1#/K8sResource.pkl" +import "./modules/ingress.pkl" as ingress +import "./modules/aletheia.pkl" + +appNamespace = "production" +podPort = 3000 + +local newAletheia = new (aletheia) { + ns = appNamespace + p = podPort +} + +IngressOptions { + rules { + (ingress.rule) { + host = "aletheiafact.org" + } + + (ingress.rule) { + host = "www.aletheiafact.org" + } + } +} + +DeploymentOptions { + containers { + (newAletheia.pod.container) { + name = "aletheia" + } + } +}