-
Notifications
You must be signed in to change notification settings - Fork 0
150 lines (143 loc) · 6.23 KB
/
build_and_deploy_generic.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
name: Library - Build and Deploy to Review
on:
workflow_call:
inputs:
commit:
description: "Leave blank to use current HEAD, or provide an override commit SHA"
type: string
required: false
environment:
description: "Environment to deploy to"
type: string
required: true
jobs:
ref:
name: Load Commit Ref
runs-on: ubuntu-latest
steps:
- id: ref
uses: passportxyz/gh-workflows/.github/actions/load_commit_ref
with:
commit: ${{ inputs.commit }}
outputs:
version_tag: ${{ steps.ref.outputs.version_tag }}
docker_tag: ${{ steps.ref.outputs.docker_tag }}
refspec: ${{ steps.ref.outputs.refspec }}
docker:
name: Docker
needs: [ref]
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
with:
ref: ${{ needs.ref.outputs.refspec }}
fetch-depth: 0
- name: Load secret
id: op-load-secret
uses: 1password/load-secrets-action@v1
with:
export-env: true
env:
OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
AWS_ACCESS_KEY_ID: op://DevOps/passport-scroll-badge-service-${{ inputs.environment }}-secrets/service/AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY: op://DevOps/passport-scroll-badge-service-${{ inputs.environment }}-secrets/service/AWS_SECRET_ACCESS_KEY
- name: Docker Build
uses: ./.github/actions/docker_build
with:
docker_tag: ${{ needs.ref.outputs.docker_tag }}
ecr_repository_name: scroll-badge-service
dockerfile_name: Dockerfile
build_dir: ./
- name: Docker Push to Review
uses: ./.github/actions/docker_deploy
with:
docker_tag: ${{ needs.ref.outputs.docker_tag }}
ecr_repository_name: scroll-badge-service
aws_region: us-west-2
aws_access_key_id: ${{ env.AWS_ACCESS_KEY_ID }}
aws_secret_access_key: ${{ env.AWS_SECRET_ACCESS_KEY }}
deploy_preview:
name: Preview - Deploying AWS Infra
needs: [ref, docker]
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
with:
ref: ${{ needs.ref.outputs.refspec }}
fetch-depth: 0
- name: Load secret
id: op-load-secret
uses: 1password/load-secrets-action@v1
with:
export-env: true
env:
OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
AWS_ACCESS_KEY_ID: op://DevOps/passport-scroll-badge-service-${{ inputs.environment }}-secrets/service/AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY: op://DevOps/passport-scroll-badge-service-${{ inputs.environment }}-secrets/service/AWS_SECRET_ACCESS_KEY
PULUMI_ACCESS_TOKEN: op://DevOps/passport-scroll-badge-service-${{ inputs.environment }}-secrets/service/PULUMI_ACCESS_TOKEN
ROUTE_53_DOMAIN: op://DevOps/passport-scroll-badge-service-${{ inputs.environment }}-env/service/ROUTE_53_DOMAIN
SCROLL_SECRETS_ARN: op://DevOps/passport-scroll-badge-service-${{ inputs.environment }}-env/service/SCROLL_SECRETS_ARN
VC_SECRETS_ARN: op://DevOps/passport-scroll-badge-service-${{ inputs.environment }}-env/service/VC_SECRETS_ARN
- name: Prepare to Deploy to AWS
uses: ./.github/actions/prepare_deploy_to_aws
- name: Deploy Review
uses: ./.github/actions/deploy_to_aws
with:
docker_tag: ${{ needs.ref.outputs.docker_tag }}
stack_name: gitcoin/scroll-badge-service/${{ inputs.environment }}
aws_region: us-west-2
pulumi_command: preview
AWS_ACCESS_KEY_ID: ${{ env.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ env.AWS_SECRET_ACCESS_KEY }}
PULUMI_ACCESS_TOKEN: ${{ env.PULUMI_ACCESS_TOKEN }}
ROUTE_53_DOMAIN: ${{ env.ROUTE_53_DOMAIN }}
SCROLL_SECRETS_ARN: ${{ env.SCROLL_SECRETS_ARN }}
VC_SECRETS_ARN: ${{ env.VC_SECRETS_ARN }}
deploy_confirm:
name: Review Approval Pending
needs: [ref, deploy_preview]
runs-on: ubuntu-latest
environment: ${{ inputs.environment }}
steps:
- name: Approve Release to Review (check pulumi preview)
run: |
echo "Ref" ${{ needs.ref.outputs.refspec }}
deploy_backends:
name: Deploying AWS Infra
needs: [ref, docker, deploy_preview, deploy_confirm]
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
with:
ref: ${{ needs.ref.outputs.refspec }}
fetch-depth: 0
- name: Load secret
id: op-load-secret
uses: 1password/load-secrets-action@v1
with:
export-env: true
env:
OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
AWS_ACCESS_KEY_ID: op://DevOps/passport-scroll-badge-service-${{ inputs.environment }}-secrets/service/AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY: op://DevOps/passport-scroll-badge-service-${{ inputs.environment }}-secrets/service/AWS_SECRET_ACCESS_KEY
PULUMI_ACCESS_TOKEN: op://DevOps/passport-scroll-badge-service-${{ inputs.environment }}-secrets/service/PULUMI_ACCESS_TOKEN
ROUTE_53_DOMAIN: op://DevOps/passport-scroll-badge-service-${{ inputs.environment }}-env/service/ROUTE_53_DOMAIN
SCROLL_SECRETS_ARN: op://DevOps/passport-scroll-badge-service-${{ inputs.environment }}-env/service/SCROLL_SECRETS_ARN
VC_SECRETS_ARN: op://DevOps/passport-scroll-badge-service-${{ inputs.environment }}-env/service/VC_SECRETS_ARN
- name: Prepare to Deploy to AWS
uses: ./.github/actions/prepare_deploy_to_aws
- name: Deploy Review
uses: ./.github/actions/deploy_to_aws
with:
docker_tag: ${{ needs.ref.outputs.docker_tag }}
stack_name: gitcoin/scroll-badge-service/${{ inputs.environment }}
aws_region: us-west-2
AWS_ACCESS_KEY_ID: ${{ env.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ env.AWS_SECRET_ACCESS_KEY }}
PULUMI_ACCESS_TOKEN: ${{ env.PULUMI_ACCESS_TOKEN }}
ROUTE_53_DOMAIN: ${{ env.ROUTE_53_DOMAIN }}
SCROLL_SECRETS_ARN: ${{ env.SCROLL_SECRETS_ARN }}
VC_SECRETS_ARN: ${{ env.VC_SECRETS_ARN }}