Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Switch from CircleCI to Github actions #946

Merged
merged 23 commits into from
Jun 13, 2024
Merged

Switch from CircleCI to Github actions #946

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
23 commits
Select commit Hold shift + click to select a range
158a28d
github test workflow
lucas-shaw Jun 13, 2024
688742b
github deploy workflow
lucas-shaw Jun 13, 2024
8d5c340
amend postgres image
lucas-shaw Jun 13, 2024
b561dfc
Add password
lucas-shaw Jun 13, 2024
3b01a06
postgres
lucas-shaw Jun 13, 2024
71b7469
set vars in step
lucas-shaw Jun 13, 2024
d03b32b
remove pq host var
lucas-shaw Jun 13, 2024
090b338
remove password
lucas-shaw Jun 13, 2024
ddcc607
blank password
lucas-shaw Jun 13, 2024
f3f6711
add password to docker run
lucas-shaw Jun 13, 2024
046022c
revert and update database url
lucas-shaw Jun 13, 2024
3b2ac5b
re add postgres password
lucas-shaw Jun 13, 2024
ae20d61
remove POSTGRES_PASSWORD
lucas-shaw Jun 13, 2024
4bd2426
update url
lucas-shaw Jun 13, 2024
a435683
add POSTGRES_PASSWORD
lucas-shaw Jun 13, 2024
916f214
confgure DB
lucas-shaw Jun 13, 2024
1963c25
Remove env from step
lucas-shaw Jun 13, 2024
158769f
add password
lucas-shaw Jun 13, 2024
dd9fc2c
remove vars
lucas-shaw Jun 13, 2024
8188a6c
update DATABASE_URL to original
lucas-shaw Jun 13, 2024
445ff21
opensearch
lucas-shaw Jun 13, 2024
0595e78
add ports
lucas-shaw Jun 13, 2024
ec5b386
use deployments
lucas-shaw Jun 13, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
323 changes: 323 additions & 0 deletions .github/workflows/deploy.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,323 @@
name: Deploy Workflow

on:
workflow_dispatch:
workflow_call:

env:
PREFIX: "pf"
SHA: ${{ github.event.pull_request.head.sha || github.sha }}

concurrency:
group: deploy-${{ github.ref }}
cancel-in-progress: true

jobs:
build:
runs-on: ubuntu-latest

permissions:
id-token: write # This is required for requesting the JWT
contents: read # This is required for actions/checkout

steps:
- name: Checkout
uses: actions/checkout@v4

- name: Assume role in Cloud Platform
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.ECR_ROLE_TO_ASSUME }}
aws-region: ${{ vars.ECR_REGION }}

- name: Login to container repository
uses: aws-actions/amazon-ecr-login@v2
id: login-ecr

- name: Store current date
run: echo "BUILD_DATE=$(date +%Y-%m-%dT%H:%M:%S%z)" >> $GITHUB_ENV

- name: Store build tag
id: vars
run: |
branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}
short_sha=$(git rev-parse --short $SHA)
build_tag=$PREFIX-$branch-$short_sha
echo "build_tag=$build_tag" >> $GITHUB_OUTPUT

- name: Build
run: |
docker build \
--build-arg APP_BUILD_DATE=${{ env.BUILD_DATE }} \
--build-arg APP_BUILD_TAG=${{ steps.vars.outputs.build_tag }} \
--build-arg APP_GIT_COMMIT=$SHA \
-t ${{ vars.ECR_URL }}:$SHA .

- name: Push to ECR
run: docker push ${{ vars.ECR_URL }}:$SHA


deploy-development:
runs-on: ubuntu-latest
needs: build
environment: development

permissions:
id-token: write # This is required for requesting the JWT
contents: read # This is required for actions/checkout

env:
KUBE_NAMESPACE: ${{ secrets.KUBE_NAMESPACE }}

steps:
- name: Checkout
uses: actions/checkout@v4

- name: Assume role in Cloud Platform
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.ECR_ROLE_TO_ASSUME }}
aws-region: ${{ vars.ECR_REGION }}

- name: Login to container repository
uses: aws-actions/amazon-ecr-login@v2
id: login-ec

- name: Store build tag
id: vars
run: |
branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}
short_sha=$(git rev-parse --short $SHA)
build_tag=$PREFIX-$branch-$short_sha
echo "build_tag=$build_tag" >> $GITHUB_OUTPUT

- name: Tag build and push to ECR
run: |
docker pull ${{ vars.ECR_URL }}:$SHA
docker tag ${{ vars.ECR_URL }}:$SHA ${{ vars.ECR_URL }}:development.latest
docker push ${{ vars.ECR_URL }}:development.latest

- name: Authenticate to the cluster
env:
KUBE_CERT: ${{ secrets.KUBE_CERT }}
KUBE_TOKEN: ${{ secrets.KUBE_TOKEN }}
KUBE_CLUSTER: ${{ secrets.KUBE_CLUSTER }}
run: |
echo "${KUBE_CERT}" > ca.crt
kubectl config set-cluster ${KUBE_CLUSTER} --certificate-authority=./ca.crt --server=https://${KUBE_CLUSTER}
kubectl config set-credentials deploy-user --token=${KUBE_TOKEN}
kubectl config set-context ${KUBE_CLUSTER} --cluster=${KUBE_CLUSTER} --user=deploy-user --namespace=${KUBE_NAMESPACE}
kubectl config use-context ${KUBE_CLUSTER}

- name: Rollout restart deployment
run: |
kubectl set image -n ${KUBE_NAMESPACE} \
deployment/peoplefinder \
webapp="${{ vars.ECR_URL }}:$SHA"

- name: Send deploy notification to product Slack channel
uses: slackapi/slack-github-action@v1.25.0
with:
payload: |
{
"attachments": [
{
"color": "#1d990c",
"text": "${{ github.actor }} deployed *${{ steps.vars.outputs.build_tag }}* to *Development*",
"fields": [
{
"title": "Project",
"value": "Peoplefinder",
"short": true
}
],
"actions": [
{
"text": "Visit Job",
"type": "button",
"url": "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
}
]
}
]
}
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK

deploy-staging:
runs-on: ubuntu-latest
needs: build
environment: staging

permissions:
id-token: write # This is required for requesting the JWT
contents: read # This is required for actions/checkout

env:
KUBE_NAMESPACE: ${{ secrets.KUBE_NAMESPACE }}

steps:
- name: Checkout
uses: actions/checkout@v4

- name: Assume role in Cloud Platform
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.ECR_ROLE_TO_ASSUME }}
aws-region: ${{ vars.ECR_REGION }}

- name: Login to container repository
uses: aws-actions/amazon-ecr-login@v2
id: login-ec

- name: Store build tag
id: vars
run: |
branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}
short_sha=$(git rev-parse --short $SHA)
build_tag=$PREFIX-$branch-$short_sha
echo "build_tag=$build_tag" >> $GITHUB_OUTPUT

- name: Tag build and push to ECR
run: |
docker pull ${{ vars.ECR_URL }}:$SHA
docker tag ${{ vars.ECR_URL }}:$SHA ${{ vars.ECR_URL }}:staging.latest
docker push ${{ vars.ECR_URL }}:staging.latest

- name: Authenticate to the cluster
env:
KUBE_CERT: ${{ secrets.KUBE_CERT }}
KUBE_TOKEN: ${{ secrets.KUBE_TOKEN }}
KUBE_CLUSTER: ${{ secrets.KUBE_CLUSTER }}
run: |
echo "${KUBE_CERT}" > ca.crt
kubectl config set-cluster ${KUBE_CLUSTER} --certificate-authority=./ca.crt --server=https://${KUBE_CLUSTER}
kubectl config set-credentials deploy-user --token=${KUBE_TOKEN}
kubectl config set-context ${KUBE_CLUSTER} --cluster=${KUBE_CLUSTER} --user=deploy-user --namespace=${KUBE_NAMESPACE}
kubectl config use-context ${KUBE_CLUSTER}

- name: Rollout restart deployment
run: |
kubectl set image -n ${KUBE_NAMESPACE} \
deployment/peoplefinder \
webapp="${{ vars.ECR_URL }}:$SHA"

- name: Send deploy notification to product Slack channel
uses: slackapi/slack-github-action@v1.25.0
with:
payload: |
{
"attachments": [
{
"color": "#1d990c",
"text": "${{ github.actor }} deployed *${{ steps.vars.outputs.build_tag }}* to *Staging*",
"fields": [
{
"title": "Project",
"value": "Peoplefinder",
"short": true
}
],
"actions": [
{
"text": "Visit Job",
"type": "button",
"url": "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
}
]
}
]
}
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK

deploy-production:
runs-on: ubuntu-latest
needs: build
if: ${{ github.ref == 'refs/heads/main' }}
environment: production

permissions:
id-token: write # This is required for requesting the JWT
contents: read # This is required for actions/checkout

env:
KUBE_NAMESPACE: ${{ secrets.KUBE_NAMESPACE }}

steps:
- name: Checkout
uses: actions/checkout@v4

- name: Assume role in Cloud Platform
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.ECR_ROLE_TO_ASSUME }}
aws-region: ${{ vars.ECR_REGION }}

- name: Login to container repository
uses: aws-actions/amazon-ecr-login@v2
id: login-ec

- name: Store build tag
id: vars
run: |
branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}
short_sha=$(git rev-parse --short $SHA)
build_tag=$PREFIX-$branch-$short_sha
echo "build_tag=$build_tag" >> $GITHUB_OUTPUT

- name: Tag build and push to ECR
run: |
docker pull ${{ vars.ECR_URL }}:$SHA
docker tag ${{ vars.ECR_URL }}:$SHA ${{ vars.ECR_URL }}:production.latest
docker push ${{ vars.ECR_URL }}:production.latest

- name: Authenticate to the cluster
env:
KUBE_CERT: ${{ secrets.KUBE_CERT }}
KUBE_TOKEN: ${{ secrets.KUBE_TOKEN }}
KUBE_CLUSTER: ${{ secrets.KUBE_CLUSTER }}
run: |
echo "${KUBE_CERT}" > ca.crt
kubectl config set-cluster ${KUBE_CLUSTER} --certificate-authority=./ca.crt --server=https://${KUBE_CLUSTER}
kubectl config set-credentials deploy-user --token=${KUBE_TOKEN}
kubectl config set-context ${KUBE_CLUSTER} --cluster=${KUBE_CLUSTER} --user=deploy-user --namespace=${KUBE_NAMESPACE}
kubectl config use-context ${KUBE_CLUSTER}

- name: Rollout restart deployment
run: |
kubectl set image -n ${KUBE_NAMESPACE} \
deployment/peoplefinder \
webapp="${{ vars.ECR_URL }}:$SHA"

- name: Send deploy notification to product Slack channel
uses: slackapi/slack-github-action@v1.25.0
with:
payload: |
{
"attachments": [
{
"color": "#1d990c",
"text": "${{ github.actor }} deployed *${{ steps.vars.outputs.build_tag }}* to *Production*",
"fields": [
{
"title": "Project",
"value": "Peoplefinder",
"short": true
}
],
"actions": [
{
"text": "Visit Job",
"type": "button",
"url": "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
}
]
}
]
}
env:
SLACK_WEBHOOK_URL: ${{ secrets.PROD_SLACK_WEBHOOK_URL }}
SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK
Loading