Test, build and deploy #89
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Test, lint, build, push | |
on: workflow_dispatch | |
permissions: | |
id-token: write | |
contents: read | |
jobs: | |
# test: | |
# name: "Test" | |
# runs-on: ubuntu-latest | |
# defaults: | |
# run: | |
# shell: bash | |
# steps: | |
# - name: Checkout repo | |
# uses: actions/checkout@v3 | |
# - name: Configure AWS credentials | |
# uses: aws-actions/configure-aws-credentials@v2 | |
# with: | |
# role-to-assume: arn:aws:iam::233044492909:role/SkillsTracker-GitHubActions | |
# aws-region: eu-west-2 | |
# - name: Configure DVC | |
# run: bash scripts/configure_dvc.sh | |
# - name: Test dev | |
# run: bash scripts/test-dev.sh | |
# lint: | |
# name: "Lint" | |
# runs-on: ubuntu-latest | |
# steps: | |
# - uses: actions/checkout@v3 | |
# - uses: actions/setup-python@v3 | |
# with: | |
# python-version: "3.10" | |
# - name: Install dev poetry env | |
# run: | | |
# python -m pip install --upgrade pip | |
# pip install poetry | |
# poetry install | |
# - name: Run pre-commit | |
# run: | | |
# poetry run pre-commit run --all-files | |
# build-push: | |
# name: "Build and push" | |
# runs-on: ubuntu-latest | |
# defaults: | |
# run: | |
# shell: bash | |
# steps: | |
# - name: Checkout repo | |
# uses: actions/checkout@v3 | |
# - name: Build containers | |
# run: bash scripts/build-push-prod.sh | |
terraform: | |
name: "Terraform" | |
runs-on: ubuntu-latest | |
defaults: | |
run: | |
shell: bash | |
steps: | |
- name: Checkout repo | |
uses: actions/checkout@v3 | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v2 | |
with: | |
role-to-assume: arn:aws:iam::233044492909:role/SkillsTracker-Terraform | |
aws-region: eu-west-2 | |
- name: Setup Terraform | |
uses: hashicorp/setup-terraform@v2 | |
with: | |
terraform_wrapper: false | |
- name: Initialize Terraform | |
run: terraform -chdir=terraform init | |
- name: Format Terraform | |
run: terraform -chdir=terraform fmt -check | |
- name: Plan Terraform | |
run: terraform -chdir=terraform plan -input=false | |
- name: Apply Terraform | |
run: terraform -chdir=terraform apply -auto-approve -input=false | |
- name: Fetch SSH Key and EIP from Terraform Outputs | |
id: fetch-outputs | |
run: | | |
echo "API_PRIVATE_KEY_ENCODED=$(terraform -chdir=terraform output -raw private_key | base64 -w0)" >> $GITHUB_ENV | |
echo "API_PUBLIC_IP=$(terraform -chdir=terraform output -raw api_ip)" >> $GITHUB_ENV | |
- name: Configure DVC | |
run: bash scripts/configure_dvc.sh | |
- name: Test SSH connection | |
run: | | |
echo "${{ env.API_PRIVATE_KEY_ENCODED }}" | base64 -d > private_key.pem | |
chmod 600 private_key.pem | |
attempts=0 | |
max_attempts=24 # 10-second sleep x 24 = 4 minutes | |
while true; do | |
if ssh -o StrictHostKeyChecking=no -i private_key.pem ubuntu@${{ env.API_PUBLIC_IP }} "grep -q 'User data script completed' /var/log/userdata.log"; then | |
break # Exit the loop once SSH succeeds | |
fi | |
echo "Waiting for EC2 SSH..." | |
sleep 10 | |
attempts=$((attempts+1)) | |
if [[ "$attempts" -ge "$max_attempts" ]]; then | |
echo "Failed to connect to EC2 via SSH after 2 minutes." | |
exit 1 | |
fi | |
done | |
ssh -o StrictHostKeyChecking=no -i private_key.pem ubuntu@${{ env.API_PUBLIC_IP }} "docker ps" | |
- name: Copy deployment files | |
run: | | |
echo "${{ env.API_PRIVATE_KEY_ENCODED }}" | base64 -d > private_key.pem | |
chmod 600 private_key.pem | |
scp -o StrictHostKeyChecking=no -i private_key.pem data/admin_users.txt ubuntu@${{ env.API_PUBLIC_IP }}:~/data | |
scp -o StrictHostKeyChecking=no -i private_key.pem docker/docker-compose.prod.yml ubuntu@${{ env.API_PUBLIC_IP }}:~/docker | |
scp -o StrictHostKeyChecking=no -i private_key.pem -r docker/data ubuntu@${{ env.API_PUBLIC_IP }}:~/docker/data | |
- name: Launch application | |
run: | | |
echo "${{ env.API_PRIVATE_KEY_ENCODED }}" | base64 -d > private_key.pem | |
chmod 600 private_key.pem | |
ssh -o StrictHostKeyChecking=no -i private_key.pem ubuntu@${{ env.API_PUBLIC_IP }} "docker compose -f docker/docker-compose.prod.yml up -d --build" | |
- name: Destroy Terraform | |
if: always() | |
run: terraform -chdir=terraform destroy -auto-approve |