name: deploy to aws production on: workflow_dispatch env: repo_name: 'vision-agent' aws_account_id: '944932498359' aws_region: 'us-east-2' cluster_name: 'llens-app-production' namespace: 'datamanagement' jobs: db_migration: runs-on: ubuntu-latest environment: aws-production permissions: id-token: write contents: read steps: - uses: actions/checkout@v4 with: ref: main - name: Set up Node.js uses: actions/setup-node@v4 with: node-version: '20' - name: Install pnpm run: npm install -g pnpm@9.1.1 - name: Install dependencies run: pnpm install - name: prisma migrate deploy env: POSTGRES_PRISMA_URL: ${{ vars.DB_MIGRATION_URL }} POSTGRES_URL_NON_POOLING: ${{ vars.DB_MIGRATION_URL }} run: | mkdir -p ~/.ssh echo "${{ secrets.BASTION_SSH_KEY }}" > ~/.ssh/id_ed25519 chmod 600 ~/.ssh/id_ed25519 ssh-keyscan -H 3.142.222.176 >> ~/.ssh/known_hosts ssh -o StrictHostKeyChecking=no -fN -v -L localhost:5432:platform.db.app.landing.ai:5432 ubuntu@ec2-3-142-222-176.us-east-2.compute.amazonaws.com pnpm prisma migrate deploy deploy_to_aws_production: needs: db_migration runs-on: ubuntu-latest environment: aws-production permissions: id-token: write contents: write steps: - uses: actions/checkout@v4 with: ref: main - name: Configure AWS Credentials uses: aws-actions/configure-aws-credentials@v4 with: role-to-assume: arn:aws:iam::${{ env.aws_account_id }}:role/github-actions-role aws-region: ${{ env.aws_region }} - name: kubeconfig run: | aws sts get-caller-identity aws eks update-kubeconfig --name ${{ env.cluster_name }} --region ${{ env.aws_region }} - name: install helm run: | curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash - name: get image tag based on the sha id: sha_short run: | echo "image_tag=$(git rev-parse --short HEAD)" echo "image_tag=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT - name: helm upgrade --install env: IMAGE_TAG: ${{ steps.sha_short.outputs.image_tag }} run: | helm upgrade --install --wait -n ${{ env.namespace }} ${{ env.repo_name }} -f chart/${{ vars.VALUES_FILE }} ./chart \ --set image.tag=$IMAGE_TAG \ --set env.AWS_BUCKET_NAME=${{ vars.AWS_BUCKET_NAME }} \ --set env.AWS_REGION=${{ vars.AWS_REGION }} \ --set env.NEXTAUTH_URL=${{ vars.NEXTAUTH_URL }} \ --set env.AUTH_GITHUB_ID=${{ vars.AUTH_GITHUB_ID }} \ --set env.AUTH_GITHUB_SECRET=${{ vars.AUTH_GITHUB_SECRET }} \ --set env.AUTH_SECRET=${{ vars.AUTH_SECRET }} \ --set env.AUTH_TRUST_HOST=${{ vars.AUTH_TRUST_HOST }} \ --set env.AWS_ACCESS_KEY_ID=${{ vars.AWS_ACCESS_KEY_ID }} \ --set env.AWS_SECRET_ACCESS_KEY=${{ vars.AWS_SECRET_ACCESS_KEY }} \ --set env.GOOGLE_CLIENT_ID=${{ vars.GOOGLE_CLIENT_ID }} \ --set env.GOOGLE_SECRET=${{ vars.GOOGLE_SECRET }} \ --set env.LOKI_AUTH_USER_PASSWORD=${{ vars.LOKI_AUTH_USER_PASSWORD }} \ --set env.OPENAI_API_KEY=${{ vars.OPENAI_API_KEY }} \ --set env.POSTGRES_PRISMA_URL=${{ vars.POSTGRES_PRISMA_URL }} \ --set env.AGENT_HOST=${{ vars.AGENT_HOST }} - name: Generate new tag id: vars run: | NEW_TAG_BASE="aws-production-$(date +%Y-%m-%d)" LAST_TAG=$(git ls-remote --tags origin "${NEW_TAG_BASE}*" | awk -F'\t' '{print $2}' | sort -V | tail -1) if [[ $LAST_TAG == refs/tags/${NEW_TAG_BASE}* ]]; then INDEX=$(echo $LAST_TAG | awk -F"/" '{print $NF}' ) INDEX=$((INDEX + 1)) else INDEX=1 fi NEW_TAG="${NEW_TAG_BASE}/${INDEX}" echo "NEW_TAG=${NEW_TAG}" >> $GITHUB_ENV - name: Push new tag run: | git tag $NEW_TAG git push origin $NEW_TAG - name: Create production release with generated release notes env: GH_TOKEN: ${{ secrets.REPO_ACCESS_TOKEN }} run: | # List all releases and filter out drafts draft_releases=$(gh release list --json tagName,isDraft --jq '.[] | select(.isDraft) | .tagName') # Loop through each draft release and delete it (created by cicd.yml) for release in $draft_releases; do echo "Deleting draft release: $release" gh release delete "$release" --yes done gh release create $NEW_TAG --generate-notes