chore: add k8 backup and slack integration (#7591) #2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Production CF for Row | ||
on: | ||
push: | ||
tags: | ||
- 'production*' | ||
paths-ignore: | ||
- '**.md' | ||
env: | ||
GATSBY_CPU_COUNT: 16 | ||
GATSBY_ENV: production | ||
NODE_OPTIONS: '--max_old_space_size=7168' | ||
GATSBY_DATADOG_APPLICATION_ID: ${{ secrets.GATSBY_DATADOG_APPLICATION_ID }} | ||
GATSBY_DATADOG_CLIENT_TOKEN: ${{ secrets.GATSBY_DATADOG_CLIENT_TOKEN }} | ||
GATSBY_MAP_API_KEY: ${{ secrets.GATSBY_MAP_API_KEY }} | ||
GATSBY_GROWTHBOOK_CLIENT_KEY: ${{ secrets.GATSBY_GROWTHBOOK_CLIENT_KEY }} | ||
GATSBY_GROWTHBOOK_DECRYPTION_KEY: ${{ secrets.GATSBY_GROWTHBOOK_DECRYPTION_KEY }} | ||
GATSBY_RUDDERSTACK_STAGING_KEY: ${{ secrets.GATSBY_RUDDERSTACK_STAGING_KEY }} | ||
GATSBY_RUDDERSTACK_PRODUCTION_KEY: ${{ secrets.GATSBY_RUDDERSTACK_PRODUCTION_KEY }} | ||
GATSBY_GOOGLE_TAG_MANAGER_TRACKING_ID: ${{ secrets.GATSBY_GOOGLE_TAG_MANAGER_TRACKING_ID }} | ||
GATSBY_TRUSTPILOT_API_KEY: ${{ secrets.GATSBY_TRUSTPILOT_API_KEY }} | ||
GATSBY_HOTJAR_ID: ${{ secrets.GATSBY_HOTJAR_ID }} | ||
GATSBY_DATABASE_URL: ${{ secrets.GATSBY_DATABASE_URL }} | ||
jobs: | ||
release-production: | ||
timeout-minutes: 40 | ||
runs-on: Runner_16cores | ||
environment: production | ||
steps: | ||
- name: Checkout 🛎️ | ||
uses: actions/[email protected] | ||
- name: Setup Node | ||
uses: actions/setup-node@v3 | ||
with: | ||
node-version: '18.x' | ||
cache: 'npm' | ||
- name: Setup install read-only token for deriv-com org | ||
shell: bash | ||
run: echo '//npm.pkg.github.com/:_authToken=${{ secrets.READ_DERIV_COM_ORG_PACKAGES }}' >> .npmrc | ||
- run: npm ci | ||
- run: npm run format | ||
- run: npm run test | ||
- run: npm run build:row | ||
# For using same tag for staging and production we need to uncomment these two below lines: | ||
# with: | ||
# tagRegex: "production(.*)" | ||
- name: Deploy to Cloudflare ☁️ | ||
uses: cloudflare/[email protected] | ||
with: | ||
apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }} | ||
accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }} | ||
command: pages deploy sites/row/public --project-name=row-deriv-com-pages --branch=main | ||
- name: Cloudflare production link ✨ | ||
run: echo "New website - http://row-deriv-com-pages.pages.dev" | ||
- name: upload-artifact | ||
uses: actions/upload-artifact@v4 | ||
with: | ||
name: production | ||
path: sites/row/public | ||
retention-days: 5 | ||
- name: Slack Notification 📣 | ||
uses: 8398a7/action-slack@v3 | ||
with: | ||
status: ${{ job.status }} | ||
fields: workflow,repo | ||
if_mention: failure,cancelled | ||
custom_payload: | | ||
{ | ||
attachments: [{ | ||
color: '${{ job.status }}' === 'success' ? 'good' : '${{ job.status }}' === 'failure' ? 'danger' : 'warning', | ||
text: `Release for *Deriv.com* with version *$GIT_TAG_NAME*` | ||
}] | ||
} | ||
env: | ||
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }} | ||
if: always() | ||
build_and_publish_to_docker_k8s: | ||
runs-on: Runner_16cores | ||
environment: production | ||
needs: [release-production] | ||
steps: | ||
- name: Checkout 🛎️ | ||
uses: actions/[email protected] | ||
- name: Setup Node | ||
uses: actions/setup-node@v2 | ||
with: | ||
node-version: '18.x' | ||
- name: Download Artifact | ||
uses: actions/download-artifact@v4 | ||
with: | ||
name: production | ||
path: sites/row/public | ||
- name: Set version env variable | ||
run: echo "GIT_TAG_NAME=$(cat public/version.txt)" >> $GITHUB_ENV | ||
- name: Building docker image 🐳 | ||
run: docker build -t ${{ secrets.DOCKERHUB_ORGANISATION }}/deriv-com:latest -t ${{ secrets.DOCKERHUB_ORGANISATION }}/deriv-com:$GIT_TAG_NAME . | ||
- name: Verify nginx image | ||
run: | | ||
set -e | ||
docker run --rm ${{ secrets.DOCKERHUB_ORGANISATION }}/deriv-com:$GIT_TAG_NAME nginx -t | ||
echo "docker image validated successfully" | ||
- name: Pushing Image to docker hub 🐳 | ||
run: | | ||
echo ${{ secrets.DOCKERHUB_PASSWORD }}| docker login -u ${{ secrets.DOCKERHUB_USERNAME }} --password-stdin | ||
docker push ${{ secrets.DOCKERHUB_ORGANISATION }}/deriv-com:latest | ||
docker push ${{ secrets.DOCKERHUB_ORGANISATION }}/deriv-com:$GIT_TAG_NAME | ||
- name: Deploy 🚀 | ||
id: build_and_push_docker_image | ||
env: | ||
KUBE_SERVER: ${{ secrets.KUBE_SERVER }} | ||
SERVICEACCOUNT_TOKEN: ${{ secrets.SERVICEACCOUNT_TOKEN }} | ||
CA_CRT: ${{ secrets.CA_CRT }} | ||
NAMESPACE: deriv-com-production-row | ||
DOCKERHUB_ORGANISATION: ${{ secrets.DOCKERHUB_ORGANISATION }} | ||
run: | | ||
git clone https://github.com/binary-com/devops-ci-scripts | ||
cd devops-ci-scripts/k8s-build_tools | ||
echo "${{ env.CA_CRT }}" | base64 --decode > ca.crt | ||
export CA="ca.crt" | ||
./release.sh deriv-com ${{ github.ref_name }} | ||
- name: Send Slack Notification on Docker Publish and Kubernetes Deployment Failure | ||
uses: 8398a7/action-slack@v3 | ||
with: | ||
status: ${{ job.status }} | ||
fields: workflow,repo | ||
if_mention: failure,cancelled | ||
custom_payload: | | ||
{ | ||
attachments: [{ | ||
color: '${{ job.status }}' === 'failure' ? 'danger' : 'warning', | ||
text: `Release for *Deriv.com* with version *$GIT_TAG_NAME* has failed` | ||
}] | ||
} | ||
env: | ||
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }} | ||
if: failure() |