This repository has been archived by the owner on Mar 20, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 25
180 lines (153 loc) · 7.19 KB
/
test_deploy.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
# run locally with https://github.com/nektos/act
# sudo rm -r /github/workspace && sudo cp -r ./ /github/workspace && act run --job test --bind --directory /github/workspace
name: ci
# Run this workflow every time a new commit pushed to your repository
on:
push:
branches:
- main
- master
tags:
- 'v*' # Push events to matching v*, i.e. v1.0, v20.15.10
env:
# target value can be subzerocloud or fargate
DEPLOY_TARGET: subzerocloud
# to use the production image, replace value with production
# you'll need a "On Premise" subscription
ENVIRONMENT: development
# set to false if the database state is managed by external tooling
DEPLOY_DATABASE_MIGRATIONS: true
# subzero.cloud settings
SUBZERO_API_ENDPOINT: https://app.subzero.cloud
SUBZERO_EMAIL: ${{ secrets.SUBZERO_EMAIL }}
SUBZERO_PASSWORD: ${{ secrets.SUBZERO_PASSWORD }}
# AWS settings
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
AWS_VPC_ID: ${{ secrets.AWS_VPC_ID }}
AWS_SUBNET_ID: ${{ secrets.AWS_SUBNET_ID }}
# application settings
APP_ID:
APP_DOMAIN: ${{ secrets.APP_DOMAIN }}
APP_NAME: "my application"
APP_DB_HOST: ${{ secrets.APP_DB_HOST }}
APP_DB_PORT: ${{ secrets.APP_DB_PORT }}
APP_DB_NAME: ${{ secrets.APP_DB_NAME }}
APP_DB_MASTER_USER: ${{ secrets.APP_DB_MASTER_USER }}
APP_DB_MASTER_PASSWORD: ${{ secrets.APP_DB_MASTER_PASSWORD }}
APP_DB_AUTHENTICATOR_USER: ${{ secrets.APP_DB_AUTHENTICATOR_USER }}
APP_DB_AUTHENTICATOR_PASSWORD: ${{ secrets.APP_DB_AUTHENTICATOR_PASSWORD }}
APP_DB_SCHEMA: api
APP_DB_ANON_ROLE: anonymous
APP_JWT_SECRET: ${{ secrets.APP_JWT_SECRET }}
# static content upload settings
UPLOAD_STATIC_FILES: false
SFTP_HOST: sftp.app.subzero.cloud
SFTP_PORT: 2323
SFTP_USER: ${{ secrets.SUBZERO_EMAIL }}.${{ secrets.APP_DOMAIN }}
SFTP_PASSWORD: ${{ secrets.SUBZERO_PASSWORD }}
# helper vars
MASTER_DB_CONNECTION_STRING: "${{ secrets.APP_DB_MASTER_USER }}:${{ secrets.APP_DB_MASTER_PASSWORD }}@${{ secrets.APP_DB_HOST }}:${{ secrets.APP_DB_PORT }}/${{ secrets.APP_DB_NAME }}?sslmode=prefer"
AUTHENTICATOR_DB_CONNECTION_STRING: "${{ secrets.APP_DB_AUTHENTICATOR_USER }}:${{ secrets.APP_DB_AUTHENTICATOR_PASSWORD }}@${{ secrets.APP_DB_HOST }}:${{ secrets.APP_DB_PORT }}/${{ secrets.APP_DB_NAME }}?sslmode=prefer"
SUBZERO: ".github/workflows/subzero.sh"
jobs:
test:
runs-on: ubuntu-latest
steps:
- name: checkout repository
uses: actions/checkout@v2
- name: bring up docker-compose
run: |
docker-compose down
docker-compose up -d
- name: run tests
run: |
yarn install
yarn test
- name: shutdown test stack
run: docker-compose down
deploy:
runs-on: ubuntu-latest
needs: test
if: startsWith(github.ref, 'refs/tags/v')
steps:
- name: checkout repository
uses: actions/checkout@v2
- name: check correct configuration
run: |
chmod +x $SUBZERO
$SUBZERO check_configuration
if [ $DEPLOY_DATABASE_MIGRATIONS ]; then
$SUBZERO check_database_connection "postgres://$MASTER_DB_CONNECTION_STRING"
fi
- name: login to subzero.cloud
if: ${{ env.DEPLOY_TARGET == 'subzerocloud' }}
run: $SUBZERO login "$SUBZERO_EMAIL" "$SUBZERO_PASSWORD"
- name: install dependencies
run: |
# apt-get update -y
sudo apt-get install -y sshpass sqitch
# docker pull sqitch/sqitch
# curl -s -L https://git.io/JJKCn -o /usr/local/bin/sqitch && chmod +x /usr/local/bin/sqitch
- name: setup authenticator db role
if: ${{ env.DEPLOY_DATABASE_MIGRATIONS == 'true' }}
run: |
$SUBZERO setup_authenticator_role "$APP_DB_AUTHENTICATOR_USER" "$APP_DB_AUTHENTICATOR_PASSWORD" "postgres://$MASTER_DB_CONNECTION_STRING"
- name: setup subzero app
if: ${{ env.DEPLOY_TARGET == 'subzerocloud' && ! env.APP_ID }}
run : |
$SUBZERO create_application
- name: deploy database migrations
if: ${{ env.DEPLOY_DATABASE_MIGRATIONS == 'true' }}
working-directory: ./db/migrations
run: |
sqitch deploy "db:pg://$MASTER_DB_CONNECTION_STRING"
- name: upload static content
if: ${{ env.SUBZERO_UPLOAD_STATIC_FILES }}
working-directory: ./html
run : |
sshpass -p "$SFTP_PASSWORD" scp -o StrictHostKeyChecking=no -P $SFTP_PORT -r ./ $SFTP_USER@$SFTP_HOST:/
- name: store jwt secret in database
if: ${{ env.DEPLOY_DATABASE_MIGRATIONS == 'true' }}
run: |
# $SUBZERO store_jwt_secret_as_guc "$APP_DB_AUTHENTICATOR_USER" "$APP_JWT_SECRET" "postgres://$MASTER_DB_CONNECTION_STRING"
$SUBZERO store_jwt_secret_in_settings "$APP_DB_AUTHENTICATOR_USER" "$APP_JWT_SECRET" "postgres://$MASTER_DB_CONNECTION_STRING"
- name: update authenticator role password
if: ${{ env.DEPLOY_DATABASE_MIGRATIONS == 'true' }}
run: |
$SUBZERO update_authenticator_role_password "$APP_DB_AUTHENTICATOR_USER" "$APP_DB_AUTHENTICATOR_PASSWORD" "postgres://$MASTER_DB_CONNECTION_STRING"
- name: trigger subzero.cloud schema cache refresh
if: ${{ env.DEPLOY_TARGET == 'subzerocloud' }}
run: |
# update_configuration will also trigger db schema refresh
$SUBZERO update_configuration
# you can also use this to trigger schema refresh without updating the configuration
$SUBZERO reload_db_schema
- name: deploy container to fargate
if: ${{ env.DEPLOY_TARGET == 'fargate' }}
run: |
CLOUDFORMATION_ACTION=create-stack
CLOUDFORMATION_STACK_NAME=${APP_DOMAIN//./-}
if aws cloudformation describe-stacks --stack-name $CLOUDFORMATION_STACK_NAME ; then
CLOUDFORMATION_ACTION=update-stack
fi
aws cloudformation $CLOUDFORMATION_ACTION \
--stack-name $CLOUDFORMATION_STACK_NAME \
--template-body file://.github/workflows/fargate_single_container.yml \
--capabilities CAPABILITY_IAM \
--parameters \
ParameterKey=VpcId,ParameterValue=$AWS_VPC_ID \
ParameterKey=SubnetId,ParameterValue=$AWS_SUBNET_ID \
ParameterKey=DomainName,ParameterValue=$APP_DOMAIN \
ParameterKey=DbHost,ParameterValue=$APP_DB_HOST \
ParameterKey=DbPort,ParameterValue=$APP_DB_PORT \
ParameterKey=DbName,ParameterValue=$APP_DB_NAME \
ParameterKey=DbAuthenticatorUser,ParameterValue=$APP_DB_AUTHENTICATOR_USER \
ParameterKey=DbAuthenticatorUserPass,ParameterValue=$APP_DB_AUTHENTICATOR_PASSWORD \
ParameterKey=DbSchema,ParameterValue=$APP_DB_SCHEMA \
ParameterKey=DbAnonRole,ParameterValue=$APP_DB_ANON_ROLE \
ParameterKey=JwtSecret,ParameterValue=$APP_JWT_SECRET \
ParameterKey=EnvironmentName,ParameterValue=$ENVIRONMENT \
ParameterKey=SubzeroEmail,ParameterValue=$SUBZERO_EMAIL \
ParameterKey=SubzeroPassword,ParameterValue=$SUBZERO_PASSWORD