Deploy (main -> staging) by @orangewolf #143
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "Deploy" | |
| run-name: Deploy (${{ github.ref_name }} -> ${{ inputs.environment }}) by @${{ github.actor }} | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| environment: | |
| description: 'Deploy to Environment' | |
| required: true | |
| default: 'staging' | |
| type: choice | |
| options: | |
| - staging | |
| - production | |
| debug_enabled: | |
| type: boolean | |
| description: 'Run the build with tmate debugging enabled (https://github.com/marketplace/actions/debugging-with-tmate)' | |
| required: false | |
| default: false | |
| env: | |
| REGISTRY: ghcr.io | |
| EKS_CLUSTER_NAME: r2-atla-dl | |
| AWS_REGION: us-west-2 | |
| jobs: | |
| deployment: | |
| runs-on: ubuntu-latest | |
| environment: ${{ inputs.environment }} | |
| env: | |
| ADMIN_PASSWORD: ${{ secrets.ADMIN_PASSWORD }} | |
| APP_PASS: ${{ secrets.APP_PASS }} | |
| AUTHORIZE_NET_LOGIN: ${{ secrets.AUTHORIZE_NET_LOGIN }} | |
| AUTHORIZE_NET_TRANSACTION_KEY: ${{ secrets.AUTHORIZE_NET_TRANSACTION_KEY }} | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_S3_ACCESS_KEY_ID: ${{ secrets.AWS_S3_ACCESS_KEY_ID }} | |
| AWS_S3_SECRET_ACCESS_KEY: ${{ secrets.AWS_S3_SECRET_ACCESS_KEY }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| CLIENT_ADMIN_USER_EMAIL: ${{ secrets.CLIENT_ADMIN_USER_EMAIL }} | |
| CLIENT_ADMIN_USER_PASSWORD: ${{ secrets.CLIENT_ADMIN_USER_PASSWORD }} | |
| CLIENT_ID: ${{ secrets.CLIENT_ID }} | |
| CLIENT_SECRET: ${{ secrets.CLIENT_SECRET }} | |
| DATABASE_PASSWORD: ${{ secrets.DATABASE_PASSWORD }} | |
| DB_PASSWORD: ${{ secrets.DB_PASSWORD }} | |
| ENCODED_ENV_FILE: ${{ secrets.ENCODED_ENV_FILE }} | |
| FCREPO_DB_PASSWORD: ${{ secrets.FCREPO_DB_PASSWORD }} | |
| GOOGLE_ANALYTICS_ID: ${{ secrets.GOOGLE_ANALYTICS_ID }} | |
| GOOGLE_FONTS_KEY: ${{ secrets.GOOGLE_FONTS_KEY }} | |
| GOOGLE_OAUTH_PRIVATE_KEY_SECRET: ${{ secrets.GOOGLE_OAUTH_PRIVATE_KEY_SECRET }} | |
| GOOGLE_OAUTH_PRIVATE_KEY_VALUE: ${{ secrets.GOOGLE_OAUTH_PRIVATE_KEY_VALUE }} | |
| HELM_EXPERIMENTAL_OCI: 1 | |
| HELM_EXTRA_ARGS: > | |
| --values ops/${{ inputs.environment }}-deploy.yaml | |
| HELM_RELEASE_NAME: ${{ github.event.repository.name }}-${{ inputs.environment }} | |
| IA_PASSWORD: ${{ secrets.IA_PASSWORD }} | |
| KUBECONFIG: ./kubeconfig.yml | |
| KUBECONFIG_FILE: ${{ secrets.KUBECONFIG_FILE }} | |
| KUBE_NAMESPACE: ${{ github.event.repository.name }}-${{ inputs.environment }} | |
| MAIL_PASS: ${{ secrets.MAIL_PASS }} | |
| MARIADB_PASSWORD: ${{ secrets.MARIADB_PASSWORD }} | |
| MARIADB_ROOT_PASSWORD: ${{ secrets.MARIADB_ROOT_PASSWORD }} | |
| MYSQL_PASSWORD: ${{ secrets.MARIADB_PASSWORD }} | |
| MYSQL_ROOT_PASSWORD: ${{ secrets.MARIADB_ROOT_PASSWORD }} | |
| NEGATIVE_CAPTCHA_SECRET: ${{ secrets.NEGATIVE_CAPTCHA_SECRET }} | |
| NEXTAUTH_SECRET: ${{ secrets.NEXTAUTH_SECRET }} | |
| NEXT_PUBLIC_TOKEN: ${{ secrets.NEXT_PUBLIC_TOKEN }} | |
| PAPERTRAIL_API_TOKEN: ${{ secrets.PAPERTRAIL_API_TOKEN }} | |
| POSTGRES_PASSWORD: ${{ secrets.POSTGRES_PASSWORD }} | |
| REDIS_PASSWORD: ${{ secrets.REDIS_PASSWORD }} | |
| SECRET_KEY_BASE: ${{ secrets.SECRET_KEY_BASE }} | |
| SENDGRID_PASSWORD: ${{ secrets.SENDGRID_PASSWORD }} | |
| SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} | |
| SENTRY_DSN: ${{ secrets.SENTRY_DSN }} | |
| SENTRY_ENVIRONMENT: ${{ secrets.SENTRY_ENVIRONMENT }} | |
| SMTP_PASSWORD: ${{ secrets.SMTP_PASSWORD }} | |
| SMTP_USER_NAME: ${{ secrets.SMTP_USER_NAME }} | |
| SOLR_ADMIN_PASSWORD: ${{ secrets.SOLR_ADMIN_PASSWORD }} | |
| SQUARE_ACCESS_TOKEN: ${{ secrets.SQUARE_ACCESS_TOKEN }} | |
| SQUARE_WEBHOOK_SIGNATURE_KEY: ${{ secrets.SQUARE_WEBHOOK_SIGNATURE_KEY }} | |
| STRIPE_SECRET_KEY: ${{ secrets.STRIPE_SECRET_KEY }} | |
| WORDPRESS_PASSWORD: ${{ secrets.WORDPRESS_PASSWORD }} | |
| steps: | |
| - id: setup | |
| name: Setup | |
| uses: notch8/actions/setup-env@upgrade-node20-actions | |
| with: | |
| tag: ${{ inputs.tag }} | |
| image_name: ${{ inputs.image_name }} | |
| token: ${{ secrets.CHECKOUT_TOKEN || secrets.GITHUB_TOKEN }} | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v1 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: ${{env.AWS_REGION}} | |
| - name: Setup tmate session | |
| uses: mxschmitt/action-tmate@v3 | |
| if: ${{ github.event_name == 'workflow_dispatch' && inputs.debug_enabled }} | |
| with: | |
| limit-access-to-actor: true | |
| - name: Do deploy with solr image | |
| if: ${{ inputs.deploy-solr-image }} | |
| run: | | |
| aws eks update-kubeconfig --name $EKS_CLUSTER_NAME --region $AWS_REGION --kubeconfig $KUBECONFIG | |
| DOLLAR=$ envsubst < ops/${{ inputs.environment }}-deploy.tmpl.yaml > ops/${{ inputs.environment }}-deploy.yaml; | |
| export DEPLOY_TAG=${TAG}; | |
| export DEPLOY_IMAGE=ghcr.io/${REPO_LOWER}; | |
| export WORKER_IMAGE=ghcr.io/${REPO_LOWER}/worker; | |
| export SOLR_IMAGE=ghcr.io/${REPO_LOWER}/solr; | |
| ./bin/helm_deploy ${{ format('{0}-{1}', github.event.repository.name, inputs.environment) }} ${{ format('{0}-{1}', github.event.repository.name, inputs.environment) }} | |
| - name: Do deploy | |
| if: ${{ inputs.deploy-solr-image }} == 'false' | |
| run: | | |
| aws eks update-kubeconfig --name $EKS_CLUSTER_NAME --region $AWS_REGION --kubeconfig $KUBECONFIG | |
| DOLLAR=$ envsubst < ops/${{ inputs.environment }}-deploy.tmpl.yaml > ops/${{ inputs.environment }}-deploy.yaml; | |
| export DEPLOY_TAG=${TAG}; | |
| export DEPLOY_IMAGE=ghcr.io/${REPO_LOWER}; | |
| export WORKER_IMAGE=ghcr.io/${REPO_LOWER}/worker; | |
| ./bin/helm_deploy ${{ format('{0}-{1}', github.event.repository.name, inputs.environment) }} ${{ format('{0}-{1}', github.event.repository.name, inputs.environment) }} |