updated readme (#167) #351
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build and Deploy | |
on: | |
push: | |
branches: | |
- main | |
workflow_dispatch: | |
env: | |
DOCKER_REGISTRY: ghcr.io | |
DOCKER_USERNAME: ${{ github.actor }} | |
DOCKER_PASSWORD: ${{ secrets.GITHUB_TOKEN }} | |
concurrency: production | |
jobs: | |
frontend: | |
runs-on: ubuntu-latest | |
permissions: | |
packages: write | |
env: | |
PUBLIC_URL: | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v1 | |
- name: Setup QEMU | |
uses: docker/setup-qemu-action@v2 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v2 | |
- name: Login to Github containers | |
uses: docker/login-action@v2 | |
with: | |
registry: ${{ env.DOCKER_REGISTRY }} | |
username: ${{ env.DOCKER_USERNAME }} | |
password: ${{ env.DOCKER_PASSWORD }} | |
- name: Extract metadata for frontend | |
id: meta-frontend | |
uses: docker/metadata-action@v4 | |
with: | |
images: ${{ env.DOCKER_REGISTRY }}/${{ github.repository }}-frontend | |
- name: Caching frontend | |
id: frontend-cache-build | |
uses: actions/cache@v2 | |
with: | |
path: | | |
public | |
.cache | |
node_modules | |
key: ${{ runner.os }}-frontend-site-build-${{ github.run_id }} | |
restore-keys: | | |
${{ runner.os }}-frontend-site-build- | |
- name: Install dependencies | |
working-directory: ./frontend | |
run: npm ci | |
- name: Build frontend | |
working-directory: ./frontend | |
run: npm run build | |
- name: Set AWS credentials | |
uses: aws-actions/configure-aws-credentials@v1 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: us-west-2 | |
- name: Deploy to S3 | |
run: aws s3 sync ./frontend/build/. s3://dirtviz | |
backend: | |
name: Deploy backend to aws | |
runs-on: ubuntu-latest | |
env: | |
AWS_DEFAULT_REGION: us-west-2 | |
AWS_ECR_REPOSITORY_NAME: dirtviz-ecr | |
AWS_ECS_SERVICE_NAME: dirtviz-service | |
AWS_ECS_CLUSTER_NAME: dirtviz-cluster | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v2 | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v1 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: ${{ env.AWS_DEFAULT_REGION }} | |
- name: Login to Amazon ECR | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v1 | |
- name: Download task definition | |
run: | | |
aws ecs describe-task-definition --task-definition dirtviz-task-definition --query taskDefinition > aws-task-definition.json | |
- name: Build, tag, and push image to Amazon ECR | |
id: build-image | |
env: | |
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
ECR_REPOSITORY: ${{ env.AWS_ECR_REPOSITORY_NAME }} | |
IMAGE_TAG: ${{ github.sha }} | |
working-directory: ./backend | |
run: | | |
# Build a docker container and | |
# push it to ECR so that it can | |
# be deployed to ECS. | |
docker build \ | |
--build-arg AWS_ACCESS_KEY_ID="${{ secrets.AWS_ACCESS_KEY_ID }}" \ | |
--build-arg AWS_SECRET_ACCESS_KEY="${{ secrets.AWS_SECRET_ACCESS_KEY }}" \ | |
--build-arg AWS_DEFAULT_REGION="${{ env.AWS_DEFAULT_REGION }}" \ | |
--build-arg DB_HOST="${{ secrets.AWS_DB_HOST }}" \ | |
--build-arg DB_PASS="${{ secrets.DB_PASS }}" \ | |
--build-arg DB_PORT="${{ secrets.DB_PORT }}" \ | |
--build-arg DB_USER="${{ secrets.DB_USER }}" \ | |
--build-arg DB_DATABASE="${{ github.ref_name }}" \ | |
--build-arg SECRET_KEY="${{ secrets.SECRET_KEY }}" \ | |
--build-arg ACCESS_TOKEN_SECRET="${{ secrets.ACCESS_TOKEN_SECRET }}" \ | |
--build-arg REFRESH_TOKEN_SECRET="${{ secrets.REFRESH_TOKEN_SECRET }}" \ | |
--build-arg GOOGLE_CLIENT_ID="${{ secrets.GOOGLE_CLIENT_ID }}" \ | |
--build-arg GOOGLE_CLIENT_SECRET="${{ secrets.GOOGLE_CLIENT_SECRET }}" \ | |
--build-arg CLIENT_URL="${{ secrets.CLIENT_URL }}" \ | |
--build-arg OAUTH_REDIRECT_URI="${{ secrets.OAUTH_REDIRECT_URI }}" \ | |
-t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG . | |
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG | |
echo "::set-output name=image::$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" | |
- name: Fill in the new image ID in the Amazon ECS task definition | |
id: task-def | |
uses: aws-actions/amazon-ecs-render-task-definition@v1 | |
with: | |
task-definition: aws-task-definition.json | |
container-name: ${{ env.AWS_ECR_REPOSITORY_NAME }} | |
image: ${{ steps.build-image.outputs.image }} | |
- name: Deploy Amazon ECS task definition | |
uses: aws-actions/amazon-ecs-deploy-task-definition@v1 | |
with: | |
task-definition: ${{ steps.task-def.outputs.task-definition }} | |
service: ${{ env.AWS_ECS_SERVICE_NAME }} | |
cluster: ${{ env.AWS_ECS_CLUSTER_NAME }} | |
wait-for-service-stability: true | |
apply_db_migrations: | |
runs-on: ubuntu-latest | |
needs: [frontend, backend] | |
environment: ${{ github.ref_name }} | |
env: | |
DB_HOST: ${{ secrets.AWS_DB_HOST }} | |
DB_PASS: ${{ secrets.DB_PASS }} | |
DB_PORT: ${{ secrets.DB_PORT }} | |
DB_USER: ${{ secrets.DB_USER }} | |
DB_DATABASE: ${{ github.ref_name }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v1 | |
- name: Setup python | |
uses: actions/setup-python@v4 | |
with: | |
python-version: '3.10' | |
cache: 'pip' | |
- name: Install dependencies | |
run: pip install -r ./backend/requirements.txt | |
- name: Run migrations | |
run: flask --app backend.api db upgrade -d ./backend/api/migrations |