Zhichao
GitHub action for build and deploy to aws dev (#67)
f2de1e7 unverified
raw
history blame
5.11 kB
name: build and publish to aws development
on:
push:
branches:
- main
env:
repo_name: "vision-agent"
aws_account_id: "970073041993"
aws_region: "us-east-2"
cluster_name: "landinglens"
namespace: "datamanagement"
jobs:
build:
runs-on: ubuntu-latest
environment: aws-development
permissions:
id-token: write
contents: read
outputs:
image_tag: ${{ steps.sha_short.outputs.image_tag }}
steps:
- uses: actions/checkout@v4
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws:iam::${{ env.aws_account_id }}:role/github-actions-role
aws-region: ${{ env.aws_region }}
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
with:
registries: ${{ env.aws_account_id }}
mask-password: "true" # see: https://github.com/aws-actions/amazon-ecr-login#docker-credentials
- name: Set short sha
id: sha_short
run: |
echo "image_tag=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
- uses: docker/setup-buildx-action@v3
- name: Build and push
uses: docker/build-push-action@v5
with:
context: .
file: ./Dockerfile
push: true
tags: ${{ steps.login-ecr.outputs.registry }}/${{ env.repo_name }}:${{ steps.sha_short.outputs.image_tag }}
cache-from: type=gha
cache-to: type=gha,mode=max
provenance: false
secrets: |
AUTH_SECRET=${{ vars.AUTH_SECRET }}
OPENAI_API_KEY=${{ vars.OPENAI_API_KEY }}
detect_migration_changes:
runs-on: ubuntu-latest
outputs:
migrations: ${{ steps.filter.outputs.migrations }}
steps:
- uses: actions/checkout@v4
- uses: dorny/paths-filter@v3
id: filter
with:
filters: |
migrations:
- 'prisma/migrations/**'
db_migration:
needs: changes
if: ${{ needs.changes.outputs.migrations == 'true' }}
runs-on: ubuntu-latest
environment: aws-development
permissions:
id-token: write
contents: read
steps:
- uses: actions/checkout@v4
- name: Set up Node.js
uses: actions/setup-node@v4
with:
node-version: "20"
- name: Install pnpm
run: npm install -g [email protected]
- name: Install dependencies
run: pnpm install
- name: prisma migrate deploy
env:
POSTGRES_PRISMA_URL: ${{ vars.DB_MIGRATION_URL }}
POSTGRES_URL_NON_POOLING: ${{ vars.DB_MIGRATION_URL }}
run: |
mkdir -p ~/.ssh
echo "${{ secrets.BASTION_SSH_KEY }}" > ~/.ssh/id_ed25519
chmod 600 ~/.ssh/id_ed25519
ssh-keyscan -H 3.142.222.176 >> ~/.ssh/known_hosts
ssh -o StrictHostKeyChecking=no -fN -v -L localhost:5432:platform.db.app.dev.landing.ai:5432 [email protected]
pnpm prisma migrate deploy
deploy_to_aws_development:
needs: build
runs-on: ubuntu-latest
environment: aws-development
permissions:
id-token: write
contents: read
steps:
- uses: actions/checkout@v4
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws:iam::${{ env.aws_account_id }}:role/github-actions-role
aws-region: ${{ env.aws_region }}
- name: kubeconfig
run: |
aws sts get-caller-identity
aws eks update-kubeconfig --name ${{ env.cluster_name }} --region ${{ env.aws_region }}
- name: install helm
run: |
curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash
- name: helm upgrade --install
env:
IMAGE_TAG: ${{ needs.build.outputs.image_tag }}
run: |
helm upgrade --install -n ${{ env.namespace }} ${{ env.repo_name }} -f chart/${{ vars.VALUES_FILE }} ./chart \
--set image.tag=$IMAGE_TAG \
--set env.AWS_BUCKET_NAME=${{ vars.AWS_BUCKET_NAME }} \
--set env.AWS_REGION=${{ vars.AWS_REGION }} \
--set env.NEXTAUTH_URL=${{ vars.NEXTAUTH_URL }} \
--set env.AUTH_GITHUB_ID=${{ vars.AUTH_GITHUB_ID }} \
--set env.AUTH_GITHUB_SECRET=${{ vars.AUTH_GITHUB_SECRET }} \
--set env.AUTH_SECRET=${{ vars.AUTH_SECRET }} \
--set env.AUTH_TRUST_HOST=${{ vars.AUTH_TRUST_HOST }} \
--set env.AWS_ACCESS_KEY_ID=${{ vars.AWS_ACCESS_KEY_ID }} \
--set env.AWS_SECRET_ACCESS_KEY=${{ vars.AWS_SECRET_ACCESS_KEY }} \
--set env.GOOGLE_CLIENT_ID=${{ vars.GOOGLE_CLIENT_ID }} \
--set env.GOOGLE_SECRET=${{ vars.GOOGLE_SECRET }} \
--set env.LOKI_AUTH_USER_PASSWORD=${{ vars.LOKI_AUTH_USER_PASSWORD }} \
--set env.OPENAI_API_KEY=${{ vars.OPENAI_API_KEY }} \
--set env.POSTGRES_PRISMA_URL=${{ vars.POSTGRES_PRISMA_URL }}