generated from CS3219-AY2324S1/course-assessment-template
-
Notifications
You must be signed in to change notification settings - Fork 3
129 lines (113 loc) · 5.15 KB
/
production.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
# Adapted from: https://github.com/actions/starter-workflows/blob/main/deployments/google.yml
name: Build and Deploy Production App
on:
workflow_run:
workflows: ["Continuous Integration"] # Run only after CI passes
types: [completed]
branches:
- prod
env:
PROJECT_ID: peerprep-group11-prod
ARTIFACT_REPOSITORY_NAME: codeparty-prod-images
GKE_CLUSTER: codeparty-g11-prod # Add your cluster name here.
GKE_REGION: asia-southeast1 # Add your cluster zone here.
FIREBASE_SERVICE_ACCOUNT: ${{ secrets.FIREBASE_SERVICE_ACCOUNT_PROD }}
PRISMA_DATABASE_URL: ${{ secrets.PRISMA_DATABASE_URL_PROD }}
MONGO_ATLAS_URL: ${{ secrets.MONGO_ATLAS_URL_PROD }}
NEXT_PUBLIC_FRONTEND_FIREBASE_CONFIG: ${{ secrets.FRONTEND_FIREBASE_CONFIG_PROD }}
TWILIO_ACCOUNT_SID: ${{ secrets.TWILIO_ACCOUNT_SID }}
TWILIO_API_KEY: ${{ secrets.TWILIO_API_KEY }}
TWILIO_API_SECRET: ${{ secrets.TWILIO_API_SECRET }}
jobs:
setup-build-publish-deploy:
name: Setup, Build, Publish, and Deploy
runs-on: ubuntu-latest
environment: production
permissions:
contents: 'read'
id-token: 'write'
steps:
- name: Checkout
uses: actions/checkout@v4
- id: 'auth'
name: Authenticate to Google Cloud
uses: 'google-github-actions/auth@v1'
with:
token_format: 'access_token'
workload_identity_provider: projects/345207492413/locations/global/workloadIdentityPools/github-actions-pool/providers/github-actions-oidc
service_account: 'github-actions-service@peerprep-group11-prod.iam.gserviceaccount.com'
# Setup gcloud CLI
- name: Setup Google Cloud SDK
uses: google-github-actions/setup-gcloud@v1
# Configure Docker to login to google cloud
- name: Configure Docker
run: |-
echo ${{steps.auth.outputs.access_token}} | docker login -u oauth2accesstoken --password-stdin https://$GKE_REGION-docker.pkg.dev
# Get the GKE credentials so that we can deploy to the cluster
- name: Get Google Kubernetes Engine credentials for production
uses: google-github-actions/get-gke-credentials@v1
with:
cluster_name: ${{ env.GKE_CLUSTER }}
location: ${{ env.GKE_REGION }}
# Copy the JSON secrets (Firebase configs) into JSON files
- name: Copy JSON secrets into JSON files
run: |-
echo -n "$FIREBASE_SERVICE_ACCOUNT" > ./firebase_service_account.json
echo -n "$NEXT_PUBLIC_FRONTEND_FIREBASE_CONFIG" > ./next_public_frontend_firebase_config.json
# Set the secrets that are used as env variables in the manifest files
- name: Set kubectl secrets
run: |-
kubectl delete secret firebase-service-account \
--ignore-not-found
kubectl create secret generic firebase-service-account \
--from-file=firebase-service-account=./firebase_service_account.json
kubectl delete secret prisma-database-url \
--ignore-not-found
kubectl create secret generic prisma-database-url \
--from-literal=prisma-database-url=$PRISMA_DATABASE_URL
kubectl delete secret mongo-atlas-url \
--ignore-not-found
kubectl create secret generic mongo-atlas-url \
--from-literal=mongo-atlas-url=$MONGO_ATLAS_URL
kubectl delete secret frontend-firebase-config \
--ignore-not-found
kubectl create secret generic frontend-firebase-config \
--from-file=frontend-firebase-config=./next_public_frontend_firebase_config.json
kubectl delete secret twilio-account-sid \
--ignore-not-found
kubectl create secret generic twilio-account-sid \
--from-literal=twilio-account-sid=$TWILIO_ACCOUNT_SID
kubectl delete secret twilio-api-key \
--ignore-not-found
kubectl create secret generic twilio-api-key \
--from-literal=twilio-api-key=$TWILIO_API_KEY
kubectl delete secret twilio-api-secret \
--ignore-not-found
kubectl create secret generic twilio-api-secret \
--from-literal=twilio-api-secret=$TWILIO_API_SECRET
# Remove the JSON files
- name: Delete JSON files
if: ${{ always() }}
run: |-
rm ./firebase_service_account.json
rm ./next_public_frontend_firebase_config.json
# Install the dependencies such as prisma
- name: Install dependencies with immutable lockfile
run: yarn install --frozen-lockfile
# Apply prisma migrations to production prisma database
- name: Apply prisma database migrations
run: |-
yarn prisma migrate deploy
# Build the Docker images and push to Google Artifact Repository
- name: Build and push Docker images
run: |-
chmod u+x ./build-prod-images.sh
./build-prod-images.sh
working-directory: ./deployment
# Deploy the Docker images to the GKE cluster
- name: Deploy production application
run: |-
kubectl apply -f ./gke-prod-manifests
kubectl rollout status deployment
kubectl get services -o wide
working-directory: ./deployment