CD & Terraform #57
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# CD pipeline with timeout based cancellation logic to deploy the code on a brand new Scaleway instance | |
name: CD pipeline | |
on: | |
workflow_dispatch: # manual trigger | |
push: | |
branches: [ "main" ] | |
pull_request: | |
branches: [ "main" ] | |
jobs: | |
check-condition: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout repository | |
uses: actions/[email protected] | |
- name: Run condition check | |
uses: ./.github/actions/deployment | |
with: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
approval-timeout: | |
runs-on: ubuntu-latest | |
needs: check-condition | |
if: ${{ needs.check-condition.outputs.RUN_DEPLOYMENT }} == 'true' | |
steps: | |
- name: Wait for approval or timeout | |
run: | | |
ENVIRONMENT_NAME="production" | |
TIMEOUT_MINUTES=15 | |
echo "Waiting $TIMEOUT_MINUTES minutes for approval ..." | |
# iterative checks every minute | |
for ((i=1; i<=$TIMEOUT_MINUTES; i++)); do | |
if [[ $i -gt 1 ]]; then | |
MINUTE_STRING="minutes" | |
else | |
MINUTE_STRING="minute" | |
fi | |
sleep 60 | |
echo "Checking status after $i $MINUTE_STRING ..." | |
DEPLOYMENT_RESPONSE=$(curl -s \ | |
-H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \ | |
-H "Accept: application/vnd.github.v3+json" \ | |
"https://api.github.com/repos/${{ github.repository }}/deployments?environment=$ENVIRONMENT_NAME&per_page=1") | |
DEPLOYMENT_ID=$(echo "$DEPLOYMENT_RESPONSE" | jq -r '.[0].id') | |
STATUS_RESPONSE=$(curl -s \ | |
-H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \ | |
-H "Accept: application/vnd.github.v3+json" \ | |
"https://api.github.com/repos/${{ github.repository }}/deployments/$DEPLOYMENT_ID/statuses") | |
STATUS=$(echo "$STATUS_RESPONSE" | jq -r '.[0].state') | |
if [[ ($STATUS == "error" || "$STATUS" == "waiting") && $i -lt $TIMEOUT_MINUTES ]]; then | |
echo "Approval not received yet - keep waiting for it" | |
else | |
break | |
fi | |
done | |
# tags: error, failure, inactive, in_progress, queued, pending, success | |
echo "Current deployment status is '$STATUS'" | |
if [[ $STATUS != "error" && "$STATUS" != "waiting" ]]; then | |
echo "--> Approval received" | |
exit 0 | |
else | |
echo "--> No approval found - cancelling workflow ..." | |
curl -L \ | |
-X POST \ | |
-H "Accept: application/vnd.github+json" \ | |
-H "Authorization: Bearer ${{ secrets.BCTK_GITHUB_TOKEN }}" \ | |
-H "X-GitHub-Api-Version: 2022-11-28" \ | |
"https://api.github.com/repos/${{ github.repository }}/actions/runs/${{ github.run_id }}/cancel" | |
echo "Workflow cancelled" | |
exit 1 | |
fi | |
deployment: | |
runs-on: ubuntu-latest | |
environment: | |
name: production | |
env: | |
TF_LOG: DEBUG | |
# Scaleway credentials | |
TF_VAR_scaleway_access_key: ${{ secrets.SCALEWAY_ACCESS_KEY }} | |
TF_VAR_scaleway_secret_key: ${{ secrets.SCALEWAY_SECRET_KEY }} | |
TF_VAR_scaleway_organization_id: ${{ secrets.SCALEWAY_ORGANIZATION_ID }} | |
TF_VAR_scaleway_project_id: ${{ secrets.SCALEWAY_PROJECT_ID }} | |
TF_VAR_scaleway_server_user: ${{ secrets.SCALEWAY_SERVER_USER }} | |
TF_VAR_scaleway_ssh_pub_key_name: ${{ secrets.SCALEWAY_SSH_PUB_KEY_NAME }} | |
TF_VAR_scaleway_ssh_private_key: ${{ secrets.SCALEWAY_SSH_PRIVATE_KEY }} | |
TF_VAR_scaleway_zone: ${{ secrets.SCALEWAY_ZONE }} | |
# Data stored in Scaleway | |
TF_VAR_scaleway_awscli_config: ${{ secrets.SCALEWAY_AWSCLI_CONFIG }} | |
TF_VAR_data_bucket: ${{ secrets.DATA_BUCKET }} | |
TF_VAR_data_source: ${{ secrets.DATA_SOURCE }} | |
# Github secrets | |
TF_VAR_github_token: ${{ secrets.BCTK_GITHUB_TOKEN }} | |
TF_VAR_github_workspace: ${{ github.workspace }} | |
TF_VAR_github_repo_name: ${{ github.repository }} | |
# Terraform variables from variables.tf | |
TF_VAR_bctk_domain: ${{ secrets.BCTK_DOMAIN }} | |
TF_VAR_clickhouse_ip: ${{ secrets.CLICKHOUSE_IP }} | |
TF_VAR_clickhouse_port: ${{ secrets.CLICKHOUSE_PORT }} | |
TF_VAR_clickhouse_db: ${{ secrets.CLICKHOUSE_DB }} | |
TF_VAR_clickhouse_user: ${{ secrets.CLICKHOUSE_USER }} | |
TF_VAR_clickhouse_password: ${{ secrets.CLICKHOUSE_PASSWORD }} | |
# TF_VAR_data_path: "../data" | |
TF_VAR_avalanche_rpc_url: ${{ secrets.AVALANCHE_RPC_URL }} | |
needs: check-condition | |
if: ${{ needs.check-condition.outputs.RUN_DEPLOYMENT }} == 'true' | |
steps: | |
- name: Set Secrets for Pull Request | |
if: github.event_name == 'pull_request' | |
run: echo "TF_VAR_github_repo_branch=${{ github.head_ref }}" >> $GITHUB_ENV | |
- name: Set repository branch environment variable | |
run: | | |
if [ -z "${{ env.TF_VAR_github_repo_branch }}" ]; then | |
echo "TF_VAR_github_repo_branch is not set" | |
echo "TF_VAR_github_repo_branch=${{ github.ref_name }}" >> $GITHUB_ENV | |
fi | |
echo "TF_VAR_github_repo_branch is set to: ${{ env.TF_VAR_github_repo_branch }}" | |
- name: Checkout repository | |
uses: actions/[email protected] | |
- name: Set up Terraform | |
uses: hashicorp/[email protected] | |
- name: Initialize Terraform | |
uses: ./.github/actions/terraform | |
with: | |
command: init | |
- name: Terraform Format | |
uses: ./.github/actions/terraform | |
with: | |
command: fmt -check | |
- name: Terraform Plan | |
uses: ./.github/actions/terraform | |
with: | |
command: plan | |
- name: Apply Terraform configuration | |
uses: ./.github/actions/terraform | |
with: | |
command: apply -auto-approve |