Update aws and github creds (#165) #369
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build Pipelines | |
on: | |
push: | |
tags: | |
- '*' | |
jobs: | |
build-docker-image-IN: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out the repo | |
uses: actions/checkout@v2 | |
- name: Set currently pushed tag as env var. | |
id: set-tag | |
run: echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v1 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: ap-south-1 | |
- name: Login to Amazon ECR | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v1 | |
- name: Setup DVC | |
uses: iterative/setup-dvc@v1 | |
- name: Pull secrets & Build image | |
env: | |
DOCKER_BUILDKIT: 1 | |
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
ECR_REPOSITORY: ${{ secrets.ECR_REPOSITORY }} | |
run: dvc get https://github.com/skit-ai/skit-calls secrets && dvc pull pipeline_secrets && docker build | |
--build-arg ECR_REGISTRY=$ECR_REGISTRY | |
--build-arg REGION="ap-south-1" | |
--build-arg BASE_IMAGE=$ECR_REGISTRY/$ECR_REPOSITORY:$RELEASE_VERSION | |
--build-arg DB_HOST=${{ secrets.DB_HOST }} | |
--build-arg DB_PORT=${{ secrets.DB_PORT }} | |
--build-arg DB_PASSWORD=${{ secrets.DB_PASSWORD }} | |
--build-arg DB_NAME=${{ secrets.DB_NAME }} | |
--build-arg DB_USER=${{ secrets.DB_USER }} | |
--build-arg CDN_RECORDINGS_BASE_PATH=${{ secrets.CDN_RECORDINGS_BASE_PATH }} | |
--build-arg BUCKET=${{ secrets.BUCKET }} | |
--build-arg S3_US_PRODUCTION_TURN_RECORDINGS_BUCKET=${{ secrets.S3_US_PRODUCTION_TURN_RECORDINGS_BUCKET }} | |
--build-arg SLACK_TOKEN=${{ secrets.SLACK_TOKEN }} | |
--build-arg SLACK_SIGNING_SECRET=${{ secrets.SLACK_SIGNING_SECRET }} | |
--build-arg DEFAULT_SLACK_CHANNEL=${{ secrets.DEFAULT_SLACK_CHANNEL }} | |
--build-arg TOG_TASK_URL=${{ secrets.TOG_TASK_URL }} | |
--build-arg LABELSTUDIO_TOKEN=${{ secrets.LABELSTUDIO_TOKEN }} | |
--build-arg AUDIO_URL_DOMAIN=${{ secrets.AUDIO_URL_DOMAIN }} | |
--build-arg SKIT_API_GATEWAY_PASSWORD=${{ secrets.SKIT_API_GATEWAY_PASSWORD }} | |
--build-arg SKIT_API_GATEWAY_EMAIL=${{ secrets.SKIT_API_GATEWAY_EMAIL }} | |
--build-arg SKIT_API_GATEWAY_URL=${{ secrets.SKIT_API_GATEWAY_URL }} | |
--build-arg KUBEFLOW_GATEWAY_ENDPOINT=${{ secrets.KUBEFLOW_GATEWAY_ENDPOINT }} | |
--build-arg KF_USERNAME=${{ secrets.KF_USERNAME }} | |
--build-arg KF_PASSWORD=${{ secrets.KF_PASSWORD }} | |
--build-arg JWT_SECRET_KEY=${{ secrets.JWT_SECRET_KEY}} | |
--build-arg GOOGLE_SHEETS_CREDENTIALS=${{ secrets.GOOGLE_SHEETS_CREDENTIALS }} | |
--build-arg ML_METRICS_DB_NAME=${{ secrets.ML_METRICS_DB_NAME }} | |
--build-arg ML_METRICS_DB_PORT=${{ secrets.ML_METRICS_DB_PORT }} | |
--build-arg ML_METRICS_DB_HOST=${{ secrets.ML_METRICS_DB_HOST }} | |
--build-arg ML_METRICS_DB_USER=${{ secrets.ML_METRICS_DB_USER }} | |
--build-arg ML_METRICS_DB_PASSWORD=${{ secrets.ML_METRICS_DB_PASSWORD }} | |
--build-arg PERSONAL_ACCESS_TOKEN_GITHUB=${{secrets.PERSONAL_ACCESS_TOKEN_GITHUB }} | |
--build-arg PERSONAL_ACCESS_TOKEN_GITLAB=${{secrets.PERSONAL_ACCESS_TOKEN_GITLAB }} | |
--build-arg OPENAI_API_KEY=${{ secrets.OPENAI_API_KEY }} | |
--build-arg OPENAI_COMPLIANCE_BREACHES_KEY=${{ secrets.OPENAI_COMPLIANCE_BREACHES_KEY }} | |
--build-arg AWS_ACCESS_KEY_ID=${{ secrets.REPO_AWS_ACCESS_KEY_ID }} | |
--build-arg AWS_SECRET_ACCESS_KEY=${{ secrets.REPO_AWS_SECRET_ACCESS_KEY }} | |
--build-arg DUCKLING_HOST="${{ secrets.DUCKLING_HOST }}" -t $ECR_REPOSITORY . | |
- name: Tag and push images | |
env: | |
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
ECR_REPOSITORY: ${{ secrets.ECR_REPOSITORY }} | |
run: | | |
docker tag $ECR_REPOSITORY:latest $ECR_REGISTRY/$ECR_REPOSITORY:$RELEASE_VERSION | |
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$RELEASE_VERSION | |
docker tag $ECR_REPOSITORY:latest $ECR_REGISTRY/$ECR_REPOSITORY:latest | |
docker push $ECR_REGISTRY/$ECR_REPOSITORY:latest | |
docker tag $ECR_REPOSITORY:latest $ECR_REGISTRY/$ECR_REPOSITORY:master | |
docker push $ECR_REGISTRY/$ECR_REPOSITORY:master | |
build-docker-image-US: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out the repo | |
uses: actions/checkout@v2 | |
- name: Set currently pushed tag as env var. | |
id: set-tag | |
run: echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v1 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: us-east-1 | |
- name: Login to Amazon ECR | |
id: login-ecr-us | |
uses: aws-actions/amazon-ecr-login@v1 | |
- name: Setup DVC | |
uses: iterative/setup-dvc@v1 | |
- name: Pull secrets & Build images | |
env: | |
DOCKER_BUILDKIT: 1 | |
US_ECR_REGISTRY: ${{ steps.login-ecr-us.outputs.registry }} | |
US_ECR_REPOSITORY: ${{ secrets.US_ECR_REPOSITORY }} | |
run: dvc get https://github.com/skit-ai/skit-calls secrets && dvc pull pipeline_secrets && docker build | |
--build-arg ECR_REGISTRY=$US_ECR_REGISTRY | |
--build-arg REGION="us-east-1" | |
--build-arg BASE_IMAGE=$US_ECR_REGISTRY/$US_ECR_REPOSITORY:$RELEASE_VERSION | |
--build-arg DB_HOST=${{ secrets.US_DB_HOST }} | |
--build-arg DB_PORT=${{ secrets.US_DB_PORT }} | |
--build-arg DB_PASSWORD="${{ secrets.US_DB_PASSWORD }}" | |
--build-arg DB_NAME=${{ secrets.US_DB_NAME }} | |
--build-arg DB_USER=${{ secrets.US_DB_USER }} | |
--build-arg CDN_RECORDINGS_BASE_PATH=${{ secrets.CDN_RECORDINGS_BASE_PATH }} | |
--build-arg BUCKET=${{ secrets.US_BUCKET }} | |
--build-arg S3_US_PRODUCTION_TURN_RECORDINGS_BUCKET=${{ secrets.S3_US_PRODUCTION_TURN_RECORDINGS_BUCKET }} | |
--build-arg SLACK_TOKEN=${{ secrets.US_SLACK_TOKEN }} | |
--build-arg SLACK_SIGNING_SECRET=${{ secrets.US_SLACK_SIGNING_SECRET }} | |
--build-arg DEFAULT_SLACK_CHANNEL=${{ secrets.US_DEFAULT_SLACK_CHANNEL }} | |
--build-arg TOG_TASK_URL=${{ secrets.US_TOG_TASK_URL }} | |
--build-arg LABELSTUDIO_TOKEN=${{ secrets.US_LABELSTUDIO_TOKEN }} | |
--build-arg AUDIO_URL_DOMAIN=${{ secrets.US_AUDIO_URL_DOMAIN }} | |
--build-arg SKIT_API_GATEWAY_PASSWORD="${{ secrets.US_SKIT_API_GATEWAY_PASSWORD }}" | |
--build-arg SKIT_API_GATEWAY_EMAIL=${{ secrets.US_SKIT_API_GATEWAY_EMAIL }} | |
--build-arg SKIT_API_GATEWAY_URL=${{ secrets.US_SKIT_API_GATEWAY_URL }} | |
--build-arg KUBEFLOW_GATEWAY_ENDPOINT=${{ secrets.US_KUBEFLOW_GATEWAY_ENDPOINT }} | |
--build-arg KF_USERNAME=${{ secrets.US_KF_USERNAME }} | |
--build-arg KF_PASSWORD="${{ secrets.US_KF_PASSWORD }}" | |
--build-arg JWT_SECRET_KEY=${{ secrets.US_JWT_SECRET_KEY}} | |
--build-arg GOOGLE_SHEETS_CREDENTIALS=${{ secrets.GOOGLE_SHEETS_CREDENTIALS }} | |
--build-arg ML_METRICS_DB_NAME=${{ secrets.US_ML_METRICS_DB_NAME }} | |
--build-arg ML_METRICS_DB_PORT=${{ secrets.US_ML_METRICS_DB_PORT }} | |
--build-arg ML_METRICS_DB_HOST=${{ secrets.US_ML_METRICS_DB_HOST }} | |
--build-arg ML_METRICS_DB_USER=${{ secrets.US_ML_METRICS_DB_USER }} | |
--build-arg ML_METRICS_DB_PASSWORD="${{ secrets.US_ML_METRICS_DB_PASSWORD }}" | |
--build-arg PERSONAL_ACCESS_TOKEN_GITHUB=${{secrets.PERSONAL_ACCESS_TOKEN_GITHUB }} | |
--build-arg PERSONAL_ACCESS_TOKEN_GITLAB=${{secrets.PERSONAL_ACCESS_TOKEN_GITLAB }} | |
--build-arg OPENAI_API_KEY=${{ secrets.OPENAI_API_KEY }} | |
--build-arg OPENAI_COMPLIANCE_BREACHES_KEY=${{ secrets.OPENAI_COMPLIANCE_BREACHES_KEY }} | |
--build-arg AWS_ACCESS_KEY_ID=${{ secrets.REPO_AWS_ACCESS_KEY_ID }} | |
--build-arg AWS_SECRET_ACCESS_KEY=${{ secrets.REPO_AWS_SECRET_ACCESS_KEY }} | |
--build-arg DUCKLING_HOST="${{ secrets.DUCKLING_HOST }}" -t $US_ECR_REPOSITORY . | |
- name: Tag and push images | |
env: | |
US_ECR_REGISTRY: ${{ steps.login-ecr-us.outputs.registry }} | |
US_ECR_REPOSITORY: ${{ secrets.US_ECR_REPOSITORY }} | |
run: | | |
docker tag $US_ECR_REPOSITORY:latest $US_ECR_REGISTRY/$US_ECR_REPOSITORY:$RELEASE_VERSION | |
docker push $US_ECR_REGISTRY/$US_ECR_REPOSITORY:$RELEASE_VERSION | |
docker tag $US_ECR_REPOSITORY:latest $US_ECR_REGISTRY/$US_ECR_REPOSITORY:latest | |
docker push $US_ECR_REGISTRY/$US_ECR_REPOSITORY:latest | |
docker tag $US_ECR_REPOSITORY:latest $US_ECR_REGISTRY/$US_ECR_REPOSITORY:master | |
docker push $US_ECR_REGISTRY/$US_ECR_REPOSITORY:master |