Updated DB_HOST for deployments #473
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: DirtViz | |
on: | |
push: | |
branches: | |
- main | |
workflow_dispatch: | |
env: | |
DOCKER_REGISTRY: ghcr.io | |
DOCKER_USERNAME: ${{ github.actor }} | |
DOCKER_PASSWORD: ${{ secrets.GITHUB_TOKEN }} | |
concurrency: production | |
jobs: | |
build-and-deploy-frontend: | |
runs-on: ubuntu-latest | |
permissions: | |
packages: write | |
env: | |
PUBLIC_URL: | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Setup QEMU | |
uses: docker/setup-qemu-action@v3 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Login to Github containers | |
uses: docker/login-action@v3 | |
with: | |
registry: ${{ env.DOCKER_REGISTRY }} | |
username: ${{ env.DOCKER_USERNAME }} | |
password: ${{ env.DOCKER_PASSWORD }} | |
- name: Extract metadata for frontend | |
id: meta-frontend | |
uses: docker/metadata-action@v5 | |
with: | |
images: ${{ env.DOCKER_REGISTRY }}/${{ github.repository }}-frontend | |
- name: Caching frontend | |
id: frontend-cache-build | |
uses: actions/cache@v4 | |
with: | |
path: | | |
public | |
.cache | |
node_modules | |
key: ${{ runner.os }}-frontend-site-build-${{ github.run_id }} | |
restore-keys: | | |
${{ runner.os }}-frontend-site-build- | |
- name: Install dependencies | |
working-directory: ./frontend | |
run: npm ci | |
- name: Build frontend | |
working-directory: ./frontend | |
run: npm run build | |
- name: Set AWS credentials | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: us-west-2 | |
- name: Deploy to S3 | |
run: aws s3 sync ./frontend/build/. s3://dirtviz-1 | |
build-and-deploy-backend: | |
name: Deploy backend to aws | |
runs-on: ubuntu-latest | |
env: | |
AWS_DEFAULT_REGION: us-west-2 | |
AWS_ECR_REPOSITORY_NAME: dirtviz-api | |
AWS_ECS_SERVICE_NAME: dirtviz-service-api | |
AWS_ECS_CLUSTER_NAME: dirtviz-cluster | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v3 | |
with: | |
platforms: 'arm64,arm' | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: ${{ env.AWS_DEFAULT_REGION }} | |
- name: Login to Amazon ECR | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v2 | |
- name: Build, tag, and push image to Amazon ECR | |
id: build-image | |
env: | |
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
ECR_REPOSITORY: ${{ env.AWS_ECR_REPOSITORY_NAME }} | |
IMAGE_TAG: ${{ github.sha }} | |
working-directory: ./backend | |
run: | | |
# Build a docker container and | |
# push it to ECR so that it can | |
# be deployed to ECS. | |
docker buildx build \ | |
--platform linux/arm64 \ | |
--build-arg AWS_ACCESS_KEY_ID="${{ secrets.AWS_ACCESS_KEY_ID }}" \ | |
--build-arg AWS_SECRET_ACCESS_KEY="${{ secrets.AWS_SECRET_ACCESS_KEY }}" \ | |
--build-arg AWS_DEFAULT_REGION="${{ env.AWS_DEFAULT_REGION }}" \ | |
--build-arg DB_HOST="${{ secrets.DB_HOST }}" \ | |
--build-arg DB_PASS="${{ secrets.DB_PASS }}" \ | |
--build-arg DB_PORT="${{ secrets.DB_PORT }}" \ | |
--build-arg DB_USER="${{ secrets.DB_USER }}" \ | |
--build-arg DB_DATABASE="${{ secrets.DB_USER }}" \ | |
--build-arg SECRET_KEY="${{ secrets.SECRET_KEY }}" \ | |
--build-arg ACCESS_TOKEN_SECRET="${{ secrets.ACCESS_TOKEN_SECRET }}" \ | |
--build-arg REFRESH_TOKEN_SECRET="${{ secrets.REFRESH_TOKEN_SECRET }}" \ | |
--build-arg GOOGLE_CLIENT_ID="${{ secrets.GOOGLE_CLIENT_ID }}" \ | |
--build-arg GOOGLE_CLIENT_SECRET="${{ secrets.GOOGLE_CLIENT_SECRET }}" \ | |
--build-arg CLIENT_URL="${{ secrets.CLIENT_URL }}" \ | |
--build-arg OAUTH_REDIRECT_URI="${{ secrets.OAUTH_REDIRECT_URI }}" \ | |
--build-arg CELERY_BROKER_URL="${{ secrets.CELERY_BROKER_URL }}" \ | |
--build-arg CELERY_RESULT_BACKEND="${{ secrets.CELERY_RESULT_BACKEND }}" \ | |
--build-arg CONFIG_TYPE="${{ secrets.CONFIG_TYPE }}" \ | |
--target production \ | |
-t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG . | |
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG | |
echo "::set-output name=image::$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" | |
- name: Download task definition | |
run: | | |
aws ecs describe-task-definition --task-definition dirtviz-task-api --query taskDefinition > aws-task-definition.json | |
- name: Fill in the new image ID in the Amazon ECS task definition | |
id: task-def | |
uses: aws-actions/amazon-ecs-render-task-definition@v1 | |
with: | |
task-definition: aws-task-definition.json | |
container-name: ${{ env.AWS_ECR_REPOSITORY_NAME }} | |
image: ${{ steps.build-image.outputs.image }} | |
- name: Deploy Amazon ECS task definition | |
uses: aws-actions/amazon-ecs-deploy-task-definition@v1 | |
with: | |
task-definition: ${{ steps.task-def.outputs.task-definition }} | |
service: ${{ env.AWS_ECS_SERVICE_NAME }} | |
cluster: ${{ env.AWS_ECS_CLUSTER_NAME }} | |
wait-for-service-stability: true | |
build-and-deploy-worker: | |
name: Deploy celery worker to aws | |
runs-on: ubuntu-latest | |
env: | |
AWS_DEFAULT_REGION: us-west-2 | |
AWS_ECR_REPOSITORY_NAME: dirtviz-worker | |
AWS_ECS_SERVICE_NAME: dirtviz-service-worker | |
AWS_ECS_CLUSTER_NAME: dirtviz-cluster | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: ${{ env.AWS_DEFAULT_REGION }} | |
- name: Login to Amazon ECR | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v2 | |
- name: Build, tag, and push image to Amazon ECR | |
id: build-image | |
env: | |
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
ECR_REPOSITORY: ${{ env.AWS_ECR_REPOSITORY_NAME }} | |
IMAGE_TAG: ${{ github.sha }} | |
working-directory: ./backend | |
run: | | |
# Build a docker container and | |
# push it to ECR so that it can | |
# be deployed to ECS. | |
docker build \ | |
--build-arg AWS_ACCESS_KEY_ID="${{ secrets.AWS_ACCESS_KEY_ID }}" \ | |
--build-arg AWS_SECRET_ACCESS_KEY="${{ secrets.AWS_SECRET_ACCESS_KEY }}" \ | |
--build-arg AWS_DEFAULT_REGION="${{ env.AWS_DEFAULT_REGION }}" \ | |
--build-arg DB_HOST="${{ secrets.DB_HOST }}" \ | |
--build-arg DB_PASS="${{ secrets.DB_PASS }}" \ | |
--build-arg DB_PORT="${{ secrets.DB_PORT }}" \ | |
--build-arg DB_USER="${{ secrets.DB_USER }}" \ | |
--build-arg DB_DATABASE="${{ secrets.DB_USER }}" \ | |
--build-arg SECRET_KEY="${{ secrets.SECRET_KEY }}" \ | |
--build-arg ACCESS_TOKEN_SECRET="${{ secrets.ACCESS_TOKEN_SECRET }}" \ | |
--build-arg REFRESH_TOKEN_SECRET="${{ secrets.REFRESH_TOKEN_SECRET }}" \ | |
--build-arg GOOGLE_CLIENT_ID="${{ secrets.GOOGLE_CLIENT_ID }}" \ | |
--build-arg GOOGLE_CLIENT_SECRET="${{ secrets.GOOGLE_CLIENT_SECRET }}" \ | |
--build-arg CLIENT_URL="${{ secrets.CLIENT_URL }}" \ | |
--build-arg OAUTH_REDIRECT_URI="${{ secrets.OAUTH_REDIRECT_URI }}" \ | |
--build-arg CELERY_BROKER_URL="${{ secrets.CELERY_BROKER_URL }}" \ | |
--build-arg CELERY_RESULT_BACKEND="${{ secrets.CELERY_RESULT_BACKEND }}" \ | |
--build-arg CONFIG_TYPE="${{ secrets.CONFIG_TYPE }}" \ | |
--target prodworker \ | |
-t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG . | |
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG | |
echo "::set-output name=image::$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" | |
- name: Download task definition | |
run: | | |
aws ecs describe-task-definition --task-definition dirtviz-task-worker --query taskDefinition > aws-task-definition.json | |
- name: Fill in the new image ID in the Amazon ECS task definition | |
id: task-def | |
uses: aws-actions/amazon-ecs-render-task-definition@v1 | |
with: | |
task-definition: aws-task-definition.json | |
container-name: ${{ env.AWS_ECR_REPOSITORY_NAME }} | |
image: ${{ steps.build-image.outputs.image }} | |
- name: Deploy Amazon ECS task definition | |
uses: aws-actions/amazon-ecs-deploy-task-definition@v1 | |
with: | |
task-definition: ${{ steps.task-def.outputs.task-definition }} | |
service: ${{ env.AWS_ECS_SERVICE_NAME }} | |
cluster: ${{ env.AWS_ECS_CLUSTER_NAME }} | |
wait-for-service-stability: true | |
apply-db-migrations: | |
runs-on: ubuntu-latest | |
needs: [build-and-deploy-frontend, build-and-deploy-backend] | |
environment: ${{ github.ref_name }} | |
env: | |
DB_HOST: ${{ secrets.DB_HOST }} | |
DB_PASS: ${{ secrets.DB_PASS }} | |
DB_PORT: ${{ secrets.DB_PORT }} | |
DB_USER: ${{ secrets.DB_USER }} | |
DB_DATABASE: ${{ secrets.DB_USER }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Setup python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: '3.10' | |
cache: 'pip' | |
- name: Install dependencies | |
run: pip install -r ./backend/requirements.txt | |
- name: Run migrations | |
run: flask --app backend.api db upgrade -d ./backend/api/migrations |