-
Notifications
You must be signed in to change notification settings - Fork 1
164 lines (155 loc) · 6.89 KB
/
deploy.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
name: 🚀 CI/CD Codigo Azteca prod y pruebas
on:
push:
branches:
- main
- dev
tags:
- "v*"
pull_request:
branches:
- dev
- main
env:
AUTH_SECRET: ${{ secrets.AUTH_SECRET }}
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
permissions:
actions: write
contents: read
jobs:
lint-and-test:
name: Lint, Test, and Check Formatting
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version: "20.x"
- name: Cache Dependencies and Builds
uses: actions/cache@v3
with:
path: |
.next/
.open-next/
.sst/
node_modules/
key: ${{ runner.os }}-npm-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-npm-
- name: Install Dependencies
run: npm install
- name: Check Formatting with Prettier
run: npm run prettier:check
- name: Lint
run: npm run lint
if: (github.ref == 'refs/heads/dev' || github.ref == 'refs/heads/main' || github.ref == 'refs/heads/WorkflowCI/CDsemanticversioning') && (github.event_name == 'push' || github.event_name == 'pull_request')
deploy-to-dev:
name: Deploy to Dev
runs-on: ubuntu-latest
needs: lint-and-test
if: (github.ref == 'refs/heads/dev' || github.ref == 'refs/heads/WorkflowCI/CDsemanticversioning') && github.event_name == 'push'
steps:
- uses: actions/checkout@v3
- name: Install SST
run: |
wget https://github.com/sst/ion/releases/download/v0.0.298/sst-linux-amd64.deb
sudo dpkg -i sst-linux-amd64.deb
sst version
- uses: oven-sh/setup-bun@v1
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
role-duration-seconds: 1200
aws-region: us-east-1
- name: Create .env File
run: |
echo "AUTH_SECRET=${{ secrets.AUTH_SECRET }}" > .env
echo "POSTGRES_URL=${{ secrets.POSTGRES_URL }}" >> .env
echo "POSTGRES_PRISMA_URL=${{ secrets.POSTGRES_PRISMA_URL }}" >> .env
echo "POSTGRES_URL_NO_SSL=${{ secrets.POSTGRES_URL_NO_SSL }}" >> .env
echo "POSTGRES_URL_NON_POOLING=${{ secrets.POSTGRES_URL_NON_POOLING }}" >> .env
echo "POSTGRES_USER=${{ secrets.POSTGRES_USER }}" >> .env
echo "POSTGRES_HOST=${{ secrets.POSTGRES_HOST }}" >> .env
echo "POSTGRES_PASSWORD=${{ secrets.POSTGRES_PASSWORD }}" >> .env
echo "POSTGRES_DATABASE=${{ secrets.POSTGRES_DATABASE }}" >> .env
- name: Debug Values
run: |
echo "POSTGRES_PRISMA_URL type: $(echo "${{ secrets.POSTGRES_PRISMA_URL }}" | awk '{print typeof($0)}')"
echo "POSTGRES_URL type: $(echo "${{ secrets.POSTGRES_URL }}" | awk '{print typeof($0)}')"
echo "AUTH_SECRET type: $(echo "${{ secrets.AUTH_SECRET }}" | awk '{print typeof($0)}')"
echo "POSTGRES_URL_NO_SSL type: $(echo "${{ secrets.POSTGRES_URL_NO_SSL }}" | awk '{print typeof($0)}')"
echo "POSTGRES_URL_NON_POOLING type: $(echo "${{ secrets.POSTGRES_URL_NON_POOLING }}" | awk '{print typeof($0)}')"
echo "POSTGRES_USER type: $(echo "${{ secrets.POSTGRES_USER }}" | awk '{print typeof($0)}')"
echo "POSTGRES_HOST type: $(echo "${{ secrets.POSTGRES_HOST }}" | awk '{print typeof($0)}')"
echo "POSTGRES_PASSWORD type: $(echo "${{ secrets.POSTGRES_PASSWORD }}" | awk '{print typeof($0)}')"
echo "POSTGRES_DATABASE type: $(echo "${{ secrets.POSTGRES_DATABASE }}" | awk '{print typeof($0)}')"
- name: Unlock SST
run: |
sst unlock
- name: Copy Secrets for Production
run: |
sst secret set PostgresUrl $POSTGRES_URL --stage=dev --verbose
sst secret set PostgresPrismaUrl $POSTGRES_PRISMA_URL --stage=dev --verbose
sst secret set AuthSecret $AUTH_SECRET --stage=dev --verbose
sst secret set PostgresUrlNoSsl $POSTGRES_URL_NO_SSL --stage=dev --verbose
sst secret set PostgresUrlNonPooling $POSTGRES_URL_NON_POOLING --stage=dev --verbose
sst secret set PostgresUser $POSTGRES_USER --stage=dev --verbose
sst secret set PostgresHost $POSTGRES_HOST --stage=dev --verbose
sst secret set PostgresPassword $POSTGRES_PASSWORD --stage=dev --verbose
sst secret set PostgresDatabase $POSTGRES_DATABASE --stage=dev --verbose
env:
POSTGRES_URL: ${{ secrets.POSTGRES_URL }}
POSTGRES_PRISMA_URL: ${{ secrets.POSTGRES_PRISMA_URL }}
AUTH_SECRET: ${{ secrets.AUTH_SECRET }}
POSTGRES_URL_NO_SSL: ${{ secrets.POSTGRES_URL_NO_SSL }}
POSTGRES_URL_NON_POOLING: ${{ secrets.POSTGRES_URL_NON_POOLING }}
POSTGRES_USER: ${{ secrets.POSTGRES_USER }}
POSTGRES_HOST: ${{ secrets.POSTGRES_HOST }}
POSTGRES_PASSWORD: ${{ secrets.POSTGRES_PASSWORD }}
POSTGRES_DATABASE: ${{ secrets.POSTGRES_DATABASE }}
- name: Deploy to AWS with SST
run: |
bun install
sst deploy --stage=dev --verbose
- name: Clean up AWS profile
run: rm -rf ~/.aws
deploy-to-production:
name: Deploy to Production
runs-on: ubuntu-latest
needs: lint-and-test
if: startsWith(github.ref, 'refs/tags/v')
steps:
- uses: actions/checkout@v3
- name: Install SST
run: |
wget https://github.com/sst/ion/releases/download/v0.0.298/sst-linux-amd64.deb
sudo dpkg -i sst-linux-amd64.deb
sst version
- uses: oven-sh/setup-bun@v1
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws:iam::211125454464:role/GitHub
role-duration-seconds: 1200 #adjust as needed for your build time
aws-region: us-east-1
- name: Copy Secrets for Production
run: |
sst secret set PostgresUrl ${{ secrets.POSTGRES_URL }}
sst secret set PostgresPrismaUrl ${{ secrets.POSTGRES_PRISMA_URL }}
sst secret set AuthSecret ${{ secrets.AUTH_SECRET }}
sst secret set PostgresUrlNoSsl ${{ secrets.POSTGRES_URL_NO_SSL }}
sst secret set PostgresUrlNonPooling ${{ secrets.POSTGRES_URL_NON_POOLING }}
sst secret set PostgresUser ${{ secrets.POSTGRES_USER }}
sst secret set PostgresHost ${{ secrets.POSTGRES_HOST }}
sst secret set PostgresPassword ${{ secrets.POSTGRES_PASSWORD }}
sst secret set PostgresDatabase ${{ secrets.POSTGRES_DATABASE }}
- name: Deploy to AWS with SST
run: |
bun install
sst deploy --stage=production --verbose
- name: Clean up AWS profile
run: rm -rf ~/.aws