-
Notifications
You must be signed in to change notification settings - Fork 0
122 lines (116 loc) · 5.74 KB
/
deploy.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
name: "Deploy"
run-name: Deploy (${{ github.ref_name }} -> ${{ inputs.environment }}) by @${{ github.actor }}
on:
workflow_dispatch:
inputs:
environment:
description: 'Deploy to Environment'
required: true
default: 'staging'
type: choice
options:
- staging
- production
debug_enabled:
type: boolean
description: 'Run the build with tmate debugging enabled (https://github.com/marketplace/actions/debugging-with-tmate)'
required: false
default: false
env:
REGISTRY: ghcr.io
EKS_CLUSTER_NAME: r2-atla-dl
AWS_REGION: us-west-2
jobs:
deployment:
runs-on: ubuntu-latest
environment: ${{ inputs.environment }}
env:
ADMIN_PASSWORD: ${{ secrets.ADMIN_PASSWORD }}
APP_PASS: ${{ secrets.APP_PASS }}
AUTHORIZE_NET_LOGIN: ${{ secrets.AUTHORIZE_NET_LOGIN }}
AUTHORIZE_NET_TRANSACTION_KEY: ${{ secrets.AUTHORIZE_NET_TRANSACTION_KEY }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_S3_ACCESS_KEY_ID: ${{ secrets.AWS_S3_ACCESS_KEY_ID }}
AWS_S3_SECRET_ACCESS_KEY: ${{ secrets.AWS_S3_SECRET_ACCESS_KEY }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
CLIENT_ADMIN_USER_EMAIL: ${{ secrets.CLIENT_ADMIN_USER_EMAIL }}
CLIENT_ADMIN_USER_PASSWORD: ${{ secrets.CLIENT_ADMIN_USER_PASSWORD }}
CLIENT_ID: ${{ secrets.CLIENT_ID }}
CLIENT_SECRET: ${{ secrets.CLIENT_SECRET }}
DATABASE_PASSWORD: ${{ secrets.DATABASE_PASSWORD }}
DB_PASSWORD: ${{ secrets.DB_PASSWORD }}
ENCODED_ENV_FILE: ${{ secrets.ENCODED_ENV_FILE }}
FCREPO_DB_PASSWORD: ${{ secrets.FCREPO_DB_PASSWORD }}
GOOGLE_ANALYTICS_ID: ${{ secrets.GOOGLE_ANALYTICS_ID }}
GOOGLE_FONTS_KEY: ${{ secrets.GOOGLE_FONTS_KEY }}
GOOGLE_OAUTH_PRIVATE_KEY_SECRET: ${{ secrets.GOOGLE_OAUTH_PRIVATE_KEY_SECRET }}
GOOGLE_OAUTH_PRIVATE_KEY_VALUE: ${{ secrets.GOOGLE_OAUTH_PRIVATE_KEY_VALUE }}
HELM_EXPERIMENTAL_OCI: 1
HELM_EXTRA_ARGS: >
--values ops/${{ inputs.environment }}-deploy.yaml
HELM_RELEASE_NAME: ${{ github.event.repository.name }}-${{ inputs.environment }}
IA_PASSWORD: ${{ secrets.IA_PASSWORD }}
KUBECONFIG: ./kubeconfig.yml
KUBECONFIG_FILE: ${{ secrets.KUBECONFIG_FILE }}
KUBE_NAMESPACE: ${{ github.event.repository.name }}-${{ inputs.environment }}
MAIL_PASS: ${{ secrets.MAIL_PASS }}
MARIADB_PASSWORD: ${{ secrets.MARIADB_PASSWORD }}
MARIADB_ROOT_PASSWORD: ${{ secrets.MARIADB_ROOT_PASSWORD }}
MYSQL_PASSWORD: ${{ secrets.MARIADB_PASSWORD }}
MYSQL_ROOT_PASSWORD: ${{ secrets.MARIADB_ROOT_PASSWORD }}
NEGATIVE_CAPTCHA_SECRET: ${{ secrets.NEGATIVE_CAPTCHA_SECRET }}
NEXTAUTH_SECRET: ${{ secrets.NEXTAUTH_SECRET }}
NEXT_PUBLIC_TOKEN: ${{ secrets.NEXT_PUBLIC_TOKEN }}
PAPERTRAIL_API_TOKEN: ${{ secrets.PAPERTRAIL_API_TOKEN }}
POSTGRES_PASSWORD: ${{ secrets.POSTGRES_PASSWORD }}
REDIS_PASSWORD: ${{ secrets.REDIS_PASSWORD }}
SECRET_KEY_BASE: ${{ secrets.SECRET_KEY_BASE }}
SENDGRID_PASSWORD: ${{ secrets.SENDGRID_PASSWORD }}
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
SENTRY_ENVIRONMENT: ${{ secrets.SENTRY_ENVIRONMENT }}
SMTP_PASSWORD: ${{ secrets.SMTP_PASSWORD }}
SMTP_USER_NAME: ${{ secrets.SMTP_USER_NAME }}
SOLR_ADMIN_PASSWORD: ${{ secrets.SOLR_ADMIN_PASSWORD }}
SQUARE_ACCESS_TOKEN: ${{ secrets.SQUARE_ACCESS_TOKEN }}
SQUARE_WEBHOOK_SIGNATURE_KEY: ${{ secrets.SQUARE_WEBHOOK_SIGNATURE_KEY }}
STRIPE_SECRET_KEY: ${{ secrets.STRIPE_SECRET_KEY }}
WORDPRESS_PASSWORD: ${{ secrets.WORDPRESS_PASSWORD }}
steps:
- id: setup
name: Setup
uses: notch8/actions/setup-env@upgrade-node20-actions
with:
tag: ${{ inputs.tag }}
image_name: ${{ inputs.image_name }}
token: ${{ secrets.CHECKOUT_TOKEN || secrets.GITHUB_TOKEN }}
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{env.AWS_REGION}}
- name: Setup tmate session
uses: mxschmitt/action-tmate@v3
if: ${{ github.event_name == 'workflow_dispatch' && inputs.debug_enabled }}
with:
limit-access-to-actor: true
- name: Do deploy with solr image
if: ${{ inputs.deploy-solr-image }}
run: |
aws eks update-kubeconfig --name $EKS_CLUSTER_NAME --region $AWS_REGION --kubeconfig $KUBECONFIG
DOLLAR=$ envsubst < ops/${{ inputs.environment }}-deploy.tmpl.yaml > ops/${{ inputs.environment }}-deploy.yaml;
export DEPLOY_TAG=${TAG};
export DEPLOY_IMAGE=ghcr.io/${REPO_LOWER};
export WORKER_IMAGE=ghcr.io/${REPO_LOWER}/worker;
export SOLR_IMAGE=ghcr.io/${REPO_LOWER}/solr;
./bin/helm_deploy ${{ format('{0}-{1}', github.event.repository.name, inputs.environment) }} ${{ format('{0}-{1}', github.event.repository.name, inputs.environment) }}
- name: Do deploy
if: ${{ inputs.deploy-solr-image }} == 'false'
run: |
aws eks update-kubeconfig --name $EKS_CLUSTER_NAME --region $AWS_REGION --kubeconfig $KUBECONFIG
DOLLAR=$ envsubst < ops/${{ inputs.environment }}-deploy.tmpl.yaml > ops/${{ inputs.environment }}-deploy.yaml;
export DEPLOY_TAG=${TAG};
export DEPLOY_IMAGE=ghcr.io/${REPO_LOWER};
export WORKER_IMAGE=ghcr.io/${REPO_LOWER}/worker;
./bin/helm_deploy ${{ format('{0}-{1}', github.event.repository.name, inputs.environment) }} ${{ format('{0}-{1}', github.event.repository.name, inputs.environment) }}