204 lines
8 KiB
YAML
204 lines
8 KiB
YAML
name: Auth Server
|
|
|
|
concurrency:
|
|
group: auth
|
|
cancel-in-progress: true
|
|
|
|
on:
|
|
push:
|
|
tags:
|
|
- '*standardnotes/auth-server*'
|
|
workflow_dispatch:
|
|
|
|
jobs:
|
|
test:
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- uses: actions/checkout@v3
|
|
- uses: actions/setup-node@v1
|
|
with:
|
|
node-version: '16.x'
|
|
- run: yarn lint:auth
|
|
- run: yarn test:auth
|
|
|
|
publish-aws-ecr:
|
|
needs: test
|
|
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- uses: actions/checkout@v3
|
|
- name: Build locally
|
|
run: yarn build:auth
|
|
- name: Configure AWS credentials
|
|
uses: aws-actions/configure-aws-credentials@v1
|
|
with:
|
|
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
|
|
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
|
|
aws-region: us-east-1
|
|
- name: Login to Amazon ECR
|
|
id: login-ecr
|
|
uses: aws-actions/amazon-ecr-login@v1
|
|
- name: Build, tag, and push image to Amazon ECR
|
|
id: build-image
|
|
env:
|
|
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
|
|
ECR_REPOSITORY: auth
|
|
IMAGE_TAG: ${{ github.sha }}
|
|
run: |
|
|
yarn docker build @standardnotes/auth-server -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
|
|
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
|
|
docker tag $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG $ECR_REGISTRY/$ECR_REPOSITORY:latest
|
|
docker push $ECR_REGISTRY/$ECR_REPOSITORY:latest
|
|
|
|
publish-docker-hub:
|
|
needs: test
|
|
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- uses: actions/checkout@v3
|
|
- name: Build locally
|
|
run: yarn build:auth
|
|
- name: Login to Docker Hub
|
|
uses: docker/login-action@v2
|
|
with:
|
|
username: ${{ secrets.DOCKER_USERNAME }}
|
|
password: ${{ secrets.DOCKER_PASSWORD }}
|
|
- name: Build, tag, and push image to Docker Hub
|
|
run: |
|
|
yarn docker build @standardnotes/auth-server -t standardnotes/auth:${{ github.sha }}
|
|
docker push standardnotes/auth:${{ github.sha }}
|
|
docker tag standardnotes/auth:${{ github.sha }} standardnotes/auth:latest
|
|
docker push standardnotes/auth:latest
|
|
|
|
deploy-web:
|
|
needs: publish-aws-ecr
|
|
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- name: Configure AWS credentials
|
|
uses: aws-actions/configure-aws-credentials@v1
|
|
with:
|
|
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
|
|
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
|
|
aws-region: us-east-1
|
|
- name: DEV - Download task definition
|
|
run: |
|
|
aws ecs describe-task-definition --task-definition auth-dev --query taskDefinition > task-definition.json
|
|
- name: DEV - Fill in the new version in the Amazon ECS task definition
|
|
run: |
|
|
jq '(.containerDefinitions[] | select(.name=="auth-dev") | .environment[] | select(.name=="VERSION")).value = "${{ github.sha }}"' task-definition.json > tmp.json && mv tmp.json task-definition.json
|
|
- name: DEV - Fill in the new image ID in the Amazon ECS task definition
|
|
id: task-def-dev
|
|
uses: aws-actions/amazon-ecs-render-task-definition@v1
|
|
with:
|
|
task-definition: task-definition.json
|
|
container-name: auth-dev
|
|
image: ${{ secrets.AWS_ECR_REGISTRY }}/auth:${{ github.sha }}
|
|
- name: DEV - Deploy Amazon ECS task definition
|
|
uses: aws-actions/amazon-ecs-deploy-task-definition@v1
|
|
with:
|
|
task-definition: ${{ steps.task-def-dev.outputs.task-definition }}
|
|
service: auth-dev
|
|
cluster: dev
|
|
wait-for-service-stability: true
|
|
- name: PROD - Download task definition
|
|
run: |
|
|
aws ecs describe-task-definition --task-definition auth-prod --query taskDefinition > task-definition.json
|
|
- name: PROD - Fill in the new version in the Amazon ECS task definition
|
|
run: |
|
|
jq '(.containerDefinitions[] | select(.name=="auth-prod") | .environment[] | select(.name=="VERSION")).value = "${{ github.sha }}"' task-definition.json > tmp.json && mv tmp.json task-definition.json
|
|
- name: PROD - Fill in the new image ID in the Amazon ECS task definition
|
|
id: task-def-prod
|
|
uses: aws-actions/amazon-ecs-render-task-definition@v1
|
|
with:
|
|
task-definition: task-definition.json
|
|
container-name: auth-prod
|
|
image: ${{ secrets.AWS_ECR_REGISTRY }}/auth:${{ github.sha }}
|
|
- name: PROD - Deploy Amazon ECS task definition
|
|
uses: aws-actions/amazon-ecs-deploy-task-definition@v1
|
|
with:
|
|
task-definition: ${{ steps.task-def-prod.outputs.task-definition }}
|
|
service: auth-prod
|
|
cluster: prod
|
|
wait-for-service-stability: true
|
|
|
|
deploy-worker:
|
|
needs: publish-aws-ecr
|
|
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- name: Configure AWS credentials
|
|
uses: aws-actions/configure-aws-credentials@v1
|
|
with:
|
|
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
|
|
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
|
|
aws-region: us-east-1
|
|
- name: DEV - Download task definition
|
|
run: |
|
|
aws ecs describe-task-definition --task-definition auth-worker-dev --query taskDefinition > task-definition.json
|
|
- name: DEV - Fill in the new version in the Amazon ECS task definition
|
|
run: |
|
|
jq '(.containerDefinitions[] | select(.name=="auth-worker-dev") | .environment[] | select(.name=="VERSION")).value = "${{ github.sha }}"' task-definition.json > tmp.json && mv tmp.json task-definition.json
|
|
- name: DEV - Fill in the new image ID in the Amazon ECS task definition
|
|
id: task-def-dev
|
|
uses: aws-actions/amazon-ecs-render-task-definition@v1
|
|
with:
|
|
task-definition: task-definition.json
|
|
container-name: auth-worker-dev
|
|
image: ${{ secrets.AWS_ECR_REGISTRY }}/auth:${{ github.sha }}
|
|
- name: DEV - Deploy Amazon ECS task definition
|
|
uses: aws-actions/amazon-ecs-deploy-task-definition@v1
|
|
with:
|
|
task-definition: ${{ steps.task-def-dev.outputs.task-definition }}
|
|
service: auth-worker-dev
|
|
cluster: dev
|
|
wait-for-service-stability: true
|
|
- name: PROD - Download task definition
|
|
run: |
|
|
aws ecs describe-task-definition --task-definition auth-worker-prod --query taskDefinition > task-definition.json
|
|
- name: PROD - Fill in the new version in the Amazon ECS task definition
|
|
run: |
|
|
jq '(.containerDefinitions[] | select(.name=="auth-worker-prod") | .environment[] | select(.name=="VERSION")).value = "${{ github.sha }}"' task-definition.json > tmp.json && mv tmp.json task-definition.json
|
|
- name: PROD - Fill in the new image ID in the Amazon ECS task definition
|
|
id: task-def-prod
|
|
uses: aws-actions/amazon-ecs-render-task-definition@v1
|
|
with:
|
|
task-definition: task-definition.json
|
|
container-name: auth-worker-prod
|
|
image: ${{ secrets.AWS_ECR_REGISTRY }}/auth:${{ github.sha }}
|
|
- name: PROD - Deploy Amazon ECS task definition
|
|
uses: aws-actions/amazon-ecs-deploy-task-definition@v1
|
|
with:
|
|
task-definition: ${{ steps.task-def-prod.outputs.task-definition }}
|
|
service: auth-worker-prod
|
|
cluster: prod
|
|
wait-for-service-stability: true
|
|
|
|
newrelic:
|
|
needs: [ deploy-web, deploy-worker ]
|
|
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Create New Relic deployment marker for Web
|
|
uses: newrelic/deployment-marker-action@v1
|
|
with:
|
|
accountId: ${{ secrets.NEW_RELIC_ACCOUNT_ID }}
|
|
apiKey: ${{ secrets.NEW_RELIC_API_KEY }}
|
|
applicationId: ${{ secrets.NEW_RELIC_APPLICATION_ID_AUTH_WEB_PROD }}
|
|
revision: "${{ github.sha }}"
|
|
description: "Automated Deployment via Github Actions"
|
|
user: "${{ github.actor }}"
|
|
- name: Create New Relic deployment marker for Worker
|
|
uses: newrelic/deployment-marker-action@v1
|
|
with:
|
|
accountId: ${{ secrets.NEW_RELIC_ACCOUNT_ID }}
|
|
apiKey: ${{ secrets.NEW_RELIC_API_KEY }}
|
|
applicationId: ${{ secrets.NEW_RELIC_APPLICATION_ID_AUTH_WORKER_PROD }}
|
|
revision: "${{ github.sha }}"
|
|
description: "Automated Deployment via Github Actions"
|
|
user: "${{ github.actor }}"
|