-
Notifications
You must be signed in to change notification settings - Fork 0
201 lines (171 loc) · 6.82 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
name: Build, test, push
on: workflow_dispatch
permissions:
id-token: write
contents: read
jobs:
# test:
# name: "Test dev"
# runs-on: ubuntu-latest
# defaults:
# run:
# shell: bash
# steps:
# - name: Checkout repo
# uses: actions/checkout@v3
# - name: Configure AWS credentials
# uses: aws-actions/configure-aws-credentials@v2
# with:
# role-to-assume: arn:aws:iam::233044492909:role/SkillsTracker-GitHubActions
# aws-region: eu-west-2
# - name: Configure DVC
# run: bash scripts/configure_dvc.sh
# - name: Test dev
# run: bash scripts/test-dev.sh
# lint:
# name: "Lint"
# runs-on: ubuntu-latest
# steps:
# - uses: actions/checkout@v3
# - uses: actions/setup-python@v3
# with:
# python-version: "3.10"
# - name: Install dev poetry env
# run: |
# python -m pip install --upgrade pip
# pip install poetry
# poetry install
# - name: Run pre-commit
# run: |
# poetry run pre-commit run --all-files
build-push:
name: "Build, test and push prod"
runs-on: ubuntu-latest
defaults:
run:
shell: bash
steps:
- name: Checkout repo
uses: actions/checkout@v3
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v2
with:
role-to-assume: arn:aws:iam::233044492909:role/SkillsTracker-GitHubActions
aws-region: eu-west-2
- name: Build compose
run: |
AWS_SECRET_KMS_KEY=${{ secrets.AWS_SECRET_KMS_KEY }} \
AWS_SECRET_NAME_NEO4J=${{ secrets.AWS_SECRET_NAME_NEO4J }} \
AWS_SECRET_NAME_AZURE=${{ secrets.AWS_SECRET_NAME_AZURE }} \
AWS_SECRET_NAME_API=${{ secrets.AWS_SECRET_NAME_API }} \
AWS_REGION=${{ env.AWS_REGION }} \
MONGODB_HOST=${{ env.MONGODB_HOST }} \
FRONTEND_URL=${{ env.FRONTEND_URL }} \
REACT_APP_API_URL=${{ env.REACT_APP_API_URL }} \
docker compose -f docker/docker-compose.qa.yml up -d --build
- name: Test mongo
run: |
timeout=120 # 2 minutes timeout
while ! curl --fail http://localhost:27017/test; do
sleep 10
timeout=$((timeout - 10))
if [ "$timeout" -le 0 ]; then
echo "MongoDB failed to start within the expected time."
exit 1
fi
done
echo "MongoDB is up and running."
- name: Test API
run: |
timeout=120 # 2 minutes timeout
while ! curl --fail http://localhost:8080/health; do
sleep 10
timeout=$((timeout - 10))
if [ "$timeout" -le 0 ]; then
echo "API failed to start within the expected time."
exit 1
fi
done
echo "API is up and running."
- name: Test frontend
run: |
timeout=120 # 2 minutes timeout
while ! curl --fail http://localhost:3000; do
sleep 10
timeout=$((timeout - 10))
if [ "$timeout" -le 0 ]; then
echo "Frontend failed to start within the expected time."
exit 1
fi
done
echo "Frontend is up and running."
- name: Build ECR containers
run: bash scripts/build-push-prod.sh
# terraform:
# name: "Terraform"
# runs-on: ubuntu-latest
# defaults:
# run:
# shell: bash
# steps:
# - name: Checkout repo
# uses: actions/checkout@v3
# - name: Configure AWS credentials
# uses: aws-actions/configure-aws-credentials@v2
# with:
# role-to-assume: arn:aws:iam::233044492909:role/SkillsTracker-Terraform
# aws-region: eu-west-2
# - name: Setup Terraform
# uses: hashicorp/setup-terraform@v2
# with:
# terraform_wrapper: false
# - name: Initialize Terraform
# run: terraform -chdir=terraform init
# - name: Format Terraform
# run: terraform -chdir=terraform fmt -check
# - name: Plan Terraform
# run: terraform -chdir=terraform plan -input=false
# - name: Apply Terraform
# run: terraform -chdir=terraform apply -auto-approve -input=false
# - name: Fetch SSH Key and EIP from Terraform Outputs
# id: fetch-outputs
# run: |
# echo "API_PRIVATE_KEY_ENCODED=$(terraform -chdir=terraform output -raw private_key | base64 -w0)" >> $GITHUB_ENV
# echo "API_PUBLIC_IP=$(terraform -chdir=terraform output -raw api_ip)" >> $GITHUB_ENV
# - name: Configure DVC
# run: bash scripts/configure_dvc.sh
# - name: Test SSH connection
# run: |
# echo "${{ env.API_PRIVATE_KEY_ENCODED }}" | base64 -d > private_key.pem
# chmod 600 private_key.pem
# attempts=0
# max_attempts=24 # 10-second sleep x 24 = 2 minutes
# while true; do
# if ssh -o StrictHostKeyChecking=no -i private_key.pem ubuntu@${{ env.API_PUBLIC_IP }} "grep -q 'User data script completed' /var/log/userdata.log"; then
# break # Exit the loop once SSH succeeds
# fi
# echo "Waiting for EC2 SSH..."
# sleep 5
# attempts=$((attempts+1))
# if [[ "$attempts" -ge "$max_attempts" ]]; then
# echo "Failed to connect to EC2 via SSH after 2 minutes."
# exit 1
# fi
# done
# ssh -o StrictHostKeyChecking=no -i private_key.pem ubuntu@${{ env.API_PUBLIC_IP }} "docker ps"
# - name: Copy deployment files
# run: |
# echo "${{ env.API_PRIVATE_KEY_ENCODED }}" | base64 -d > private_key.pem
# chmod 600 private_key.pem
# scp -o StrictHostKeyChecking=no -i private_key.pem data/admin_users.txt ubuntu@${{ env.API_PUBLIC_IP }}:~/data
# scp -o StrictHostKeyChecking=no -i private_key.pem docker/docker-compose.prod.yml ubuntu@${{ env.API_PUBLIC_IP }}:~/docker
# scp -o StrictHostKeyChecking=no -i private_key.pem -r docker/data ubuntu@${{ env.API_PUBLIC_IP }}:~/docker/data
# - name: Launch application
# run: |
# echo "${{ env.API_PRIVATE_KEY_ENCODED }}" | base64 -d > private_key.pem
# chmod 600 private_key.pem
# ssh -o StrictHostKeyChecking=no -i private_key.pem ubuntu@${{ env.API_PUBLIC_IP }} "aws ecr get-login-password --region eu-west-2 | docker login --username AWS --password-stdin 233044492909.dkr.ecr.eu-west-2.amazonaws.com"
# ssh -o StrictHostKeyChecking=no -i private_key.pem ubuntu@${{ env.API_PUBLIC_IP }} "docker compose -f docker/docker-compose.prod.yml up -d --build"
# - name: Destroy Terraform
# if: always()
# run: terraform -chdir=terraform destroy -auto-approve