Skip to content

Merge pull request #883 from aiarena/using-semver-to-simulate-securit… #745

Merge pull request #883 from aiarena/using-semver-to-simulate-securit…

Merge pull request #883 from aiarena/using-semver-to-simulate-securit… #745

Workflow file for this run

name: AWS deploy
on:
push:
branches:
- main
pull_request:
branches:
- main
workflow_dispatch:
inputs:
skip_tests:
description: 'Skip tests'
default: false
type: boolean
permissions:
id-token: write
contents: read
checks: write
pull-requests: write
env:
DJANGO_ENVIRONMENT: DEVELOPMENT
jobs:
linters:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.12"
cache: 'pip'
- name: Install Dependencies
run: pip install -r requirements.DEVELOPMENT.txt
- name: Run linters
uses: pre-commit/[email protected]
tests:
runs-on: ubuntu-latest
env:
DJANGO_ALLOW_ASYNC_UNSAFE: true
services:
postgres:
# Docker Hub image
image: postgres:15.5
# Provide the password for postgres
env:
POSTGRES_PASSWORD: aiarena
POSTGRES_USER: aiarena
POSTGRES_DATABASE: test_aiarena
POSTGRES_ROOT_PASSWORD: aiarena
# Set health checks to wait until postgres has started
options: >-
--health-cmd pg_isready
--health-interval 10s
--health-timeout 5s
--health-retries 5
ports:
# Maps tcp port 5432 on service container to the host
- 5432:5432
steps:
- name: Checkout repository and submodules
uses: actions/checkout@v4
- uses: shogo82148/actions-setup-redis@v1
with:
redis-version: '6.x'
- run: redis-cli ping
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.12"
cache: 'pip'
- name: Install Dependencies
run: pip install -r requirements.DEVELOPMENT.txt
- name: Grant aiarena user full access
env:
PORT: ${{ job.services.postgres.ports[5432] }}
run: |
PGPASSWORD="aiarena" psql -Uaiarena --host="127.0.0.1" --port "$PORT" -c "ALTER DATABASE aiarena OWNER TO aiarena; GRANT ALL PRIVILEGES ON DATABASE aiarena TO aiarena;";
- name: Run Tests
if: ${{ !inputs.skip_tests }}
env:
NOFAKE_REDIS: 1
run: pytest -m 'not playwright' -n auto --junit-xml test-results/pytest-regular.xml
- name: Publish Test Results
uses: EnricoMi/publish-unit-test-result-action@c8a70fdde92689bf574202595e1322d3a4de0987
if: always()
with:
check_name: "Test Report"
fail_on: "nothing"
files: |
test-results/pytest-regular.xml
tests-playwright:
runs-on: ubuntu-latest
env:
DJANGO_ALLOW_ASYNC_UNSAFE: true
services:
postgres:
# Docker Hub image
image: postgres:15.5
# Provide the password for postgres
env:
POSTGRES_PASSWORD: aiarena
POSTGRES_USER: aiarena
POSTGRES_DATABASE: test_aiarena
POSTGRES_ROOT_PASSWORD: aiarena
# Set health checks to wait until postgres has started
options: >-
--health-cmd pg_isready
--health-interval 10s
--health-timeout 5s
--health-retries 5
ports:
# Maps tcp port 5432 on service container to the host
- 5432:5432
steps:
- name: Checkout repository and submodules
uses: actions/checkout@v4
- uses: shogo82148/actions-setup-redis@v1
with:
redis-version: '6.x'
- run: redis-cli ping
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.12"
cache: 'pip'
- name: Install Dependencies
run: pip install -r requirements.DEVELOPMENT.txt
- name: Install Playwrighgt browsers
run: playwright install --with-deps
- name: Grant aiarena user full access
env:
PORT: ${{ job.services.postgres.ports[5432] }}
run: |
PGPASSWORD="aiarena" psql -Uaiarena --host="127.0.0.1" --port "$PORT" -c "ALTER DATABASE aiarena OWNER TO aiarena; GRANT ALL PRIVILEGES ON DATABASE aiarena TO aiarena;";
- name: Run Tests
if: ${{ !inputs.skip_tests }}
env:
NOFAKE_REDIS: 1
run: pytest -m playwright --tracing retain-on-failure --junit-xml test-results/pytest-playwright.xml
- name: Publish Test Results
uses: EnricoMi/publish-unit-test-result-action@c8a70fdde92689bf574202595e1322d3a4de0987
if: always()
with:
check_name: "Playwright test Report"
fail_on: "nothing"
files: |
test-results/pytest-playwright.xml
- name: Upload failure traces
uses: actions/upload-artifact@v4
if: failure()
with:
name: playwright-failures
path: test-results
retention-days: 30
prepare-images:
if: github.event_name != 'pull_request'
name: Build and push production image to ECR
runs-on: ubuntu-latest
outputs:
status_message_id: ${{ steps.slack.outputs.message_id }}
images: ${{ steps.prepare_images.outputs.images }}
steps:
- uses: actions/checkout@v4
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws:iam::315513665747:role/aiarena-DeployRole-NUZWXPWHC0MZ
aws-region: eu-central-1
- name: Confirm AWS identity
run: aws sts get-caller-identity
- name: Setup python
uses: actions/setup-python@v5
with:
python-version: '3.12'
cache: 'pip'
- name: Install Dependencies
run: |
pip install -r ./requirements.LOCAL.txt
- name: Prepare image
id: prepare_images
env:
BUILD_NUMBER: ${{ github.run_number }}
MAINTENANCE_MODE: ${{ vars.MAINTENANCE_MODE }}
run: ./run.py prepare-images
deploy:
if: github.event_name != 'pull_request'
name: Deploy to ECS
runs-on: ubuntu-latest
needs: [ linters, tests, tests-playwright, prepare-images ]
steps:
- uses: actions/checkout@v4
- name: Setup python
uses: actions/setup-python@v5
with:
python-version: '3.12'
cache: 'pip'
- name: Install Dependencies
run: |
pip install -r ./requirements.LOCAL.txt
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws:iam::315513665747:role/aiarena-DeployRole-NUZWXPWHC0MZ
aws-region: eu-central-1
- name: Deploy
env:
BUILD_NUMBER: ${{ github.run_number }}
PREPARED_IMAGES: ${{ needs.prepare-images.outputs.images }}
MAINTENANCE_MODE: ${{ vars.MAINTENANCE_MODE }}
run: ./run.py ecs
- name: Monitor deployment
run: ./run.py monitor-ecs