Spaces:

LandingAI
/

vision-agent

Sleeping

App Files Files Community

Zhichao commited on Jun 6, 2024

Commit

cc1a55e

•

1 Parent(s): eae2367

Github action for deploying to prod (#78)

Browse files

Files changed (1) hide show

.github/workflows/prod-deploy.yml +104 -0

.github/workflows/prod-deploy.yml ADDED Viewed

	@@ -0,0 +1,104 @@

+name: deploy to aws production
+on: workflow_dispatch
+env:
+  repo_name: "vision-agent"
+  aws_account_id: "944932498359"
+  aws_region: "us-east-2"
+  cluster_name: "llens-app-production"
+  namespace: "datamanagement"
+jobs:
+  db_migration:
+    runs-on: ubuntu-latest
+    environment: aws-production
+    permissions:
+      id-token: write
+      contents: read
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: main
+      - name: Set up Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: "20"
+      - name: Install pnpm
+        run: npm install -g [email protected]
+      - name: Install dependencies
+        run: pnpm install
+      - name: prisma migrate deploy
+        env:
+          POSTGRES_PRISMA_URL: ${{ vars.DB_MIGRATION_URL }}
+          POSTGRES_URL_NON_POOLING: ${{ vars.DB_MIGRATION_URL }}
+        run: |
+          mkdir -p ~/.ssh
+          echo "${{ secrets.BASTION_SSH_KEY }}" > ~/.ssh/id_ed25519
+          chmod 600 ~/.ssh/id_ed25519
+          ssh-keyscan -H 3.142.222.176 >> ~/.ssh/known_hosts
+          ssh -o StrictHostKeyChecking=no -fN -v -L localhost:5432:platform.db.app.landing.ai:5432 [email protected]
+          pnpm prisma migrate deploy
+  deploy_to_aws_production:
+    needs: db_migration
+    runs-on: ubuntu-latest
+    environment: aws-production
+    permissions:
+      id-token: write
+      contents: read
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: main
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: arn:aws:iam::${{ env.aws_account_id }}:role/github-actions-role
+          aws-region: ${{ env.aws_region }}
+      - name: kubeconfig
+        run: |
+          aws sts get-caller-identity
+          aws eks update-kubeconfig --name ${{ env.cluster_name }} --region ${{ env.aws_region }}
+      - name: install helm
+        run: |
+          curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash
+      - name: get image tag based on the sha
+        id: sha_short
+        run: |
+          echo "image_tag=$(git rev-parse --short HEAD)"
+          echo "image_tag=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
+      - name: helm upgrade --install
+        env:
+          IMAGE_TAG: ${{ steps.sha_short.outputs.image_tag }}
+        run: |
+          helm upgrade --install -n ${{ env.namespace }} ${{ env.repo_name }} -f chart/${{ vars.VALUES_FILE }} ./chart \
+            --set image.tag=$IMAGE_TAG \
+            --set env.AWS_BUCKET_NAME=${{ vars.AWS_BUCKET_NAME }} \
+            --set env.AWS_REGION=${{ vars.AWS_REGION }} \
+            --set env.NEXTAUTH_URL=${{ vars.NEXTAUTH_URL }} \
+            --set env.AUTH_GITHUB_ID=${{ vars.AUTH_GITHUB_ID }} \
+            --set env.AUTH_GITHUB_SECRET=${{ vars.AUTH_GITHUB_SECRET }} \
+            --set env.AUTH_SECRET=${{ vars.AUTH_SECRET }} \
+            --set env.AUTH_TRUST_HOST=${{ vars.AUTH_TRUST_HOST }} \
+            --set env.AWS_ACCESS_KEY_ID=${{ vars.AWS_ACCESS_KEY_ID }} \
+            --set env.AWS_SECRET_ACCESS_KEY=${{ vars.AWS_SECRET_ACCESS_KEY }} \
+            --set env.GOOGLE_CLIENT_ID=${{ vars.GOOGLE_CLIENT_ID }} \
+            --set env.GOOGLE_SECRET=${{ vars.GOOGLE_SECRET }} \
+            --set env.LOKI_AUTH_USER_PASSWORD=${{ vars.LOKI_AUTH_USER_PASSWORD }} \
+            --set env.OPENAI_API_KEY=${{ vars.OPENAI_API_KEY }} \
+            --set env.POSTGRES_PRISMA_URL=${{ vars.POSTGRES_PRISMA_URL }}