-
Notifications
You must be signed in to change notification settings - Fork 1
148 lines (119 loc) · 3.86 KB
/
build_deploy.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
# References
# https://docs.docker.com/build/ci/github-actions/
# https://docs.github.com/en/actions/publishing-packages/publishing-docker-images
name: build_deploy
on:
push:
branches: [main]
pull_request:
branches: [main]
types: [opened, synchronize, reopened, ready_for_review, labeled]
jobs:
build:
runs-on: ubuntu-latest
if: contains(github.event.pull_request.labels.*.name, 'deploy-to-staging')
strategy:
matrix:
service: ["api", "datawarehouse", "pipeline"]
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}-${{ matrix.service }}
permissions:
contents: read
packages: write
defaults:
run:
working-directory: ${{ matrix.service }}
steps:
- uses: actions/checkout@v4
- name: Log in to the Container registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
tags: |
type=ref,event=branch
type=ref,event=tag
type=ref,event=pr
type=sha,format=long,prefix=
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build and export to Docker
uses: docker/build-push-action@v5
with:
context: ./${{ matrix.service }}
load: true
tags: ${{ steps.meta.outputs.tags }}
cache-from: type=gha
cache-to: type=gha,mode=max
labels: ${{ steps.meta.outputs.labels }}
- name: Run tests
if: matrix.service == 'api'
env:
API_ENV: test
run: |
docker compose run --entrypoint pytest api -p no:cacheprovider -vv
- name: Run tests
if: matrix.service == 'pipeline'
run: |
echo #TODO
- name: Push image to GitHub registry
uses: docker/build-push-action@v5
with:
context: ./${{ matrix.service }}
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
deploy:
needs: build
runs-on: ubuntu-latest
strategy:
matrix:
environment: [staging, prod]
# prevent deployment failure in an environment to interrupt other deployments
fail-fast: true
environment: ${{ matrix.environment }}
env:
ENV: ${{ vars.ENVIRONMENT }}
AWS_ACCESS_KEY_ID: ${{ vars.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
TF_VARS_BASE64: ${{ secrets.TF_VARS_BASE64 }}
TF_VAR_stack_version: ${{ github.sha }}
defaults:
run:
working-directory: deployment
steps:
- uses: actions/checkout@v4
- uses: hashicorp/setup-terraform@v3
with:
terraform_version: "1.8.1"
- name: mask tf variables
run: |
echo "${TF_VARS_BASE64}" \
| base64 --decode \
| jq 'to_entries | map(.value // empty) | .[]' \
| xargs -I{} echo '::add-mask::{}'
- name: tf init
run: |
terraform init \
-backend-config "bucket=data-inclusion-tf-states" \
-backend-config "key=${ENV}"
- name: tf validate
run: |
terraform validate
- name: tf plan
run: |
trap "rm -f terraform.tfvars.json" EXIT
echo "${TF_VARS_BASE64}" | base64 --decode > terraform.tfvars.json
terraform plan -input=false
- name: tf apply
run: |
trap "rm -f terraform.tfvars.json" EXIT
echo "${TF_VARS_BASE64}" | base64 --decode > terraform.tfvars.json
terraform apply -input=false -auto-approve