From 9d971d90544fb63a911df44ecf70e49be1cd4702 Mon Sep 17 00:00:00 2001 From: Joel Carter Date: Wed, 6 Nov 2024 08:05:20 -0600 Subject: [PATCH] K8s deploys --- .github/workflows/deploy-beta.yml | 87 ++++++++++++++++++++----------- .github/workflows/deploy-prod.yml | 85 +++++++++++++++++++----------- 2 files changed, 110 insertions(+), 62 deletions(-) diff --git a/.github/workflows/deploy-beta.yml b/.github/workflows/deploy-beta.yml index dba80e7..172829a 100644 --- a/.github/workflows/deploy-beta.yml +++ b/.github/workflows/deploy-beta.yml @@ -6,19 +6,19 @@ on: branches: - beta -env: - AWS_REGION: us-east-1 - CONTAINER_NAME: api-xyo-automation-witness - jobs: deploy: name: Deploy runs-on: ubuntu-latest - environment: beta + environment: + name: beta + url: ${{ vars.URL }} steps: - - name: Checkout - uses: actions/checkout@v2 + - uses: actions/checkout@v3 + with: + ref: ${{ github.head_ref }} + fetch-depth: 0 - name: Set up Docker Buildx id: buildx @@ -28,46 +28,71 @@ jobs: [worker.oci] max-parallelism = 4 + - uses: actions/setup-node@v3 + with: + node-version: "18" + cache: "yarn" + + - name: install + run: yarn install + - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@13d241b293754004c80624b5567555c4a39ffbe3 + uses: aws-actions/configure-aws-credentials@v4 with: aws-access-key-id: ${{ secrets.AWS_ECS_DEPLOY_ACCESS_KEY_SELECT }} aws-secret-access-key: ${{ secrets.AWS_ECS_DEPLOY_SECRET_KEY_SELECT }} - aws-region: ${{ env.AWS_REGION }} + aws-region: ${{ vars.AWS_REGION }} - name: Login to Amazon ECR id: login-ecr uses: aws-actions/amazon-ecr-login@aaf69d68aa3fb14c1d5a6be9ac61fe15b48453a2 + env: + AWS_REGION: ${{ vars.AWS_REGION }} - name: Build, tag, and push image to Amazon ECR id: build-image env: DOCKER_BUILDKIT: 1 ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} + ECR_REPOSITORY: ${{ secrets.ECR_REPOSITORY }} IMAGE_TAG: ${{ github.sha }} run: | - # Build a docker container and - # push it to ECR so that it can - # be deployed to ECS. - docker build -t $ECR_REGISTRY/${{ secrets.ECR_REPOSITORY }}:$IMAGE_TAG . - docker push $ECR_REGISTRY/${{ secrets.ECR_REPOSITORY }}:$IMAGE_TAG - echo "::set-output name=image::$ECR_REGISTRY/${{ secrets.ECR_REPOSITORY }}:$IMAGE_TAG" + docker build -t ${ECR_REGISTRY}/${ECR_REPOSITORY}:${IMAGE_TAG} . + docker push ${ECR_REGISTRY}/${ECR_REPOSITORY}:${IMAGE_TAG} - - name: Fill in the new image ID in the Amazon ECS task definition - id: task-def - uses: aws-actions/amazon-ecs-render-task-definition@374ee96751fffe528c09b5f427848da60469bb55 + - name: Install kubectl + uses: azure/setup-kubectl@3e0aec4d80787158d308d7b364cb1b702e7feb7f # v4.0.0 with: - task-definition: .aws/task-definition-beta.json - container-name: ${{ env.CONTAINER_NAME }} - image: ${{ steps.build-image.outputs.image }} - environment-variables: | - AWS_ENV_SECRET_ARN=${{ secrets.AWS_ENV_SECRET_ARN }} + version: latest - - name: Deploy Amazon ECS task definition - # https://github.com/aws-actions/amazon-ecs-deploy-task-definition/releases/tag/v2.1.0 - uses: aws-actions/amazon-ecs-deploy-task-definition@4482193dd766379c66473482bbc77299b053ec94 # v2.1.0 - with: - task-definition: ${{ steps.task-def.outputs.task-definition }} - service: ${{ secrets.ECS_SERVICE }} - cluster: ${{ secrets.ECS_CLUSTER }} - wait-for-service-stability: true + - name: Set up EKS kubeconfig + run: aws eks update-kubeconfig --name ${{ secrets.EKS_CLUSTER_NAME }} + env: + AWS_REGION: ${{ vars.AWS_REGION }} + + - name: Update Deployment in Kubernetes + env: + ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} + ECR_REPOSITORY: ${{ secrets.ECR_REPOSITORY }} + IMAGE_TAG: ${{ github.sha }} + run: | + kubectl --namespace ${{ vars.NAMESPACE }} set image deployment/deployment app=$ECR_REGISTRY/${ECR_REPOSITORY}:${IMAGE_TAG} + kubectl rollout status deployment + + - name: invalidate cloudfront distribution and wait for completion + run: | + PATHS=('/' '/*') + INVALIDATION_ID=$(aws cloudfront create-invalidation --distribution-id $DISTRIBUTION_ID --query 'Invalidation.Id' --output text --paths "${PATHS[@]}") + aws cloudfront wait invalidation-completed --distribution-id $DISTRIBUTION_ID --id $INVALIDATION_ID + env: + DISTRIBUTION_ID: ${{ secrets.DISTRIBUTION_ID }} + + # - name: Notify deploy to Rollbar + # uses: rollbar/github-deploy-action@2.1.2 + # id: rollbar_deploy + # with: + # environment: "beta" + # version: ${{ github.sha }} + # env: + # ROLLBAR_ACCESS_TOKEN: ${{ secrets.ROLLBAR_ACCESS_TOKEN }} + # ROLLBAR_USERNAME: ${{ github.actor }} diff --git a/.github/workflows/deploy-prod.yml b/.github/workflows/deploy-prod.yml index 13e6f47..354ec47 100644 --- a/.github/workflows/deploy-prod.yml +++ b/.github/workflows/deploy-prod.yml @@ -5,21 +5,19 @@ on: branches: - prod -env: - AWS_REGION: us-east-1 - CONTAINER_NAME: api-xyo-automation-witness - jobs: deploy: name: Deploy runs-on: ubuntu-latest environment: name: prod - url: https://api.automation-witness.xyo.network/ + url: ${{ vars.URL }} steps: - - name: Checkout - uses: actions/checkout@v2 + - uses: actions/checkout@v3 + with: + ref: ${{ github.head_ref }} + fetch-depth: 0 - name: Set up Docker Buildx id: buildx @@ -29,46 +27,71 @@ jobs: [worker.oci] max-parallelism = 4 + - uses: actions/setup-node@v3 + with: + node-version: "18" + cache: "yarn" + + - name: install + run: yarn install + - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@13d241b293754004c80624b5567555c4a39ffbe3 + uses: aws-actions/configure-aws-credentials@v4 with: aws-access-key-id: ${{ secrets.AWS_ECS_DEPLOY_ACCESS_KEY_SELECT }} aws-secret-access-key: ${{ secrets.AWS_ECS_DEPLOY_SECRET_KEY_SELECT }} - aws-region: ${{ env.AWS_REGION }} + aws-region: ${{ vars.AWS_REGION }} - name: Login to Amazon ECR id: login-ecr uses: aws-actions/amazon-ecr-login@aaf69d68aa3fb14c1d5a6be9ac61fe15b48453a2 + env: + AWS_REGION: ${{ vars.AWS_REGION }} - name: Build, tag, and push image to Amazon ECR id: build-image env: DOCKER_BUILDKIT: 1 ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} + ECR_REPOSITORY: ${{ secrets.ECR_REPOSITORY }} IMAGE_TAG: ${{ github.sha }} run: | - # Build a docker container and - # push it to ECR so that it can - # be deployed to ECS. - docker build -t $ECR_REGISTRY/${{ secrets.ECR_REPOSITORY }}:$IMAGE_TAG . - docker push $ECR_REGISTRY/${{ secrets.ECR_REPOSITORY }}:$IMAGE_TAG - echo "::set-output name=image::$ECR_REGISTRY/${{ secrets.ECR_REPOSITORY }}:$IMAGE_TAG" + docker build -t ${ECR_REGISTRY}/${ECR_REPOSITORY}:${IMAGE_TAG} . + docker push ${ECR_REGISTRY}/${ECR_REPOSITORY}:${IMAGE_TAG} - - name: Fill in the new image ID in the Amazon ECS task definition - id: task-def - uses: aws-actions/amazon-ecs-render-task-definition@374ee96751fffe528c09b5f427848da60469bb55 + - name: Install kubectl + uses: azure/setup-kubectl@3e0aec4d80787158d308d7b364cb1b702e7feb7f # v4.0.0 with: - task-definition: .aws/task-definition-prod.json - container-name: ${{ env.CONTAINER_NAME }} - image: ${{ steps.build-image.outputs.image }} - environment-variables: | - AWS_ENV_SECRET_ARN=${{ secrets.AWS_ENV_SECRET_ARN }} + version: latest - - name: Deploy Amazon ECS task definition - # https://github.com/aws-actions/amazon-ecs-deploy-task-definition/releases/tag/v2.1.0 - uses: aws-actions/amazon-ecs-deploy-task-definition@4482193dd766379c66473482bbc77299b053ec94 # v2.1.0 - with: - task-definition: ${{ steps.task-def.outputs.task-definition }} - service: ${{ secrets.ECS_SERVICE }} - cluster: ${{ secrets.ECS_CLUSTER }} - wait-for-service-stability: true + - name: Set up EKS kubeconfig + run: aws eks update-kubeconfig --name ${{ secrets.EKS_CLUSTER_NAME }} + env: + AWS_REGION: ${{ vars.AWS_REGION }} + + - name: Update Deployment in Kubernetes + env: + ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} + ECR_REPOSITORY: ${{ secrets.ECR_REPOSITORY }} + IMAGE_TAG: ${{ github.sha }} + run: | + kubectl --namespace ${{ vars.NAMESPACE }} set image deployment/deployment app=$ECR_REGISTRY/${ECR_REPOSITORY}:${IMAGE_TAG} + kubectl rollout status deployment + + - name: invalidate cloudfront distribution and wait for completion + run: | + PATHS=('/' '/*') + INVALIDATION_ID=$(aws cloudfront create-invalidation --distribution-id $DISTRIBUTION_ID --query 'Invalidation.Id' --output text --paths "${PATHS[@]}") + aws cloudfront wait invalidation-completed --distribution-id $DISTRIBUTION_ID --id $INVALIDATION_ID + env: + DISTRIBUTION_ID: ${{ secrets.DISTRIBUTION_ID }} + + # - name: Notify deploy to Rollbar + # uses: rollbar/github-deploy-action@2.1.2 + # id: rollbar_deploy + # with: + # environment: "prod" + # version: ${{ github.sha }} + # env: + # ROLLBAR_ACCESS_TOKEN: ${{ secrets.ROLLBAR_ACCESS_TOKEN }} + # ROLLBAR_USERNAME: ${{ github.actor }}