Omni kit automations clean up (#3720) #3402
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
on: | |
push: | |
branches: | |
- dev | |
name: Build and deploy to AWS Staging | |
env: | |
AWS_REGION: eu-central-1 | |
ENVIRONMENT_TAG: staging | |
SERVICE_NAME: summer-fi-staging | |
CLUSTER_NAME: summer-fi-staging | |
CONFIG_URL: ${{ secrets.CONFIG_URL }} | |
jobs: | |
deploy: | |
name: Build and deploy to AWS Staging | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Setup node | |
uses: actions/setup-node@v3 | |
with: | |
node-version: 18.12 | |
- name: Check required secrets | |
env: | |
ADROLL_ADV_ID_STAGING: ${{ secrets.ADROLL_ADV_ID_STAGING }} | |
ADROLL_PIX_ID_STAGING: ${{ secrets.ADROLL_PIX_ID_STAGING }} | |
AJNA_SUBGRAPH_URL_GOERLI: ${{ secrets.AJNA_SUBGRAPH_URL_GOERLI }} | |
AJNA_SUBGRAPH_URL_STAGING: ${{ secrets.AJNA_SUBGRAPH_URL_STAGING }} | |
AJNA_SUBGRAPH_V2_URL_GOERLI: ${{ secrets.AJNA_SUBGRAPH_V2_URL_GOERLI }} | |
AJNA_SUBGRAPH_V2_URL_STAGING: ${{ secrets.AJNA_SUBGRAPH_V2_URL_STAGING }} | |
BLOCKNATIVE_API_KEY_STAGING: ${{ secrets.BLOCKNATIVE_API_KEY_STAGING }} | |
ETHERSCAN_API_KEY: ${{ secrets.ETHERSCAN_API_KEY }} | |
INFURA_PROJECT_ID_STAGING: ${{ secrets.INFURA_PROJECT_ID_STAGING }} | |
MAINNET_CACHE_URL_STAGING: ${{ secrets.MAINNET_CACHE_URL_STAGING }} | |
MIXPANEL_KEY_STAGING: ${{ secrets.MIXPANEL_KEY_STAGING }} | |
ONE_INCH_API_KEY_STAGING: ${{ secrets.ONE_INCH_API_KEY_STAGING }} | |
ONE_INCH_API_URL_STAGING: ${{ secrets.ONE_INCH_API_URL_STAGING }} | |
PRODUCT_HUB_KEY: ${{ secrets.PRODUCT_HUB_KEY }} | |
REFERRAL_SUBGRAPH_URL_STAGING: ${{ secrets.REFERRAL_SUBGRAPH_URL_STAGING }} | |
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} | |
run: | | |
required_secrets=("AJNA_SUBGRAPH_URL_STAGING" "AJNA_SUBGRAPH_URL_GOERLI" "AJNA_SUBGRAPH_V2_URL_STAGING" "AJNA_SUBGRAPH_V2_URL_GOERLI" "MIXPANEL_KEY_STAGING" "ADROLL_ADV_ID_STAGING" "ADROLL_PIX_ID_STAGING" "MAINNET_CACHE_URL_STAGING" "INFURA_PROJECT_ID_STAGING" "ETHERSCAN_API_KEY" "BLOCKNATIVE_API_KEY_STAGING" "SENTRY_AUTH_TOKEN" "PRODUCT_HUB_KEY" "ONE_INCH_API_KEY_STAGING" "ONE_INCH_API_URL_STAGING" "REFERRAL_SUBGRAPH_URL_STAGING") | |
fail=false | |
for secret in "${required_secrets[@]}"; do | |
secret_value=$(printenv $secret) | |
if [[ -z "$secret_value" ]]; then | |
echo "::error::Secret $secret is not set" | |
fail=true | |
fi | |
done | |
if [[ $fail == true ]]; then | |
echo "::error::One or more secrets are not set. Exiting..." | |
exit 1 | |
fi | |
- name: Extract commit hash | |
id: vars | |
shell: bash | |
run: | | |
echo "::set-output name=sha_short::$(git rev-parse --short HEAD)" | |
- name: Use modules cache | |
uses: actions/cache@v3 | |
id: yarn-cache | |
with: | |
path: '**/node_modules' | |
key: ${{ runner.os }}-node-${{ hashFiles('**/yarn.lock') }} | |
- name: Install packages | |
if: steps.yarn-cache.outputs.cache-hit != 'true' | |
run: yarn --no-progress --non-interactive --frozen-lockfile | |
- name: Run postinstall | |
if: steps.yarn-cache.outputs.cache-hit == 'true' | |
run: yarn postinstall | |
- name: Use next cache | |
uses: jongwooo/next-cache@v1 | |
- name: Build standalone app | |
id: build-app | |
env: | |
NODE_OPTIONS: '--max_old_space_size=4096' | |
SHA_TAG: ${{ steps.vars.outputs.sha_short }} | |
LATEST_TAG: latest | |
COMMIT_SHA: ${{ steps.vars.outputs.sha_short }} | |
AJNA_SUBGRAPH_URL: ${{ secrets.AJNA_SUBGRAPH_URL_STAGING }} | |
AJNA_SUBGRAPH_URL_GOERLI: ${{ secrets.AJNA_SUBGRAPH_URL_GOERLI }} | |
AJNA_SUBGRAPH_V2_URL: ${{ secrets.AJNA_SUBGRAPH_V2_URL_STAGING }} | |
AJNA_SUBGRAPH_V2_URL_GOERLI: ${{ secrets.AJNA_SUBGRAPH_V2_URL_GOERLI }} | |
MIXPANEL_ENV: staging | |
MIXPANEL_KEY: ${{ secrets.MIXPANEL_KEY_STAGING }} | |
ADROLL_ADV_ID: ${{ secrets.ADROLL_ADV_ID_STAGING }} | |
ADROLL_PIX_ID: ${{ secrets.ADROLL_PIX_ID_STAGING }} | |
MAINNET_CACHE_URL: ${{ secrets.MAINNET_CACHE_URL_STAGING }} | |
INFURA_PROJECT_ID: ${{ secrets.INFURA_PROJECT_ID_STAGING }} | |
ETHERSCAN_API_KEY: ${{ secrets.ETHERSCAN_API_KEY }} | |
BLOCKNATIVE_API_KEY: ${{ secrets.BLOCKNATIVE_API_KEY_STAGING }} | |
SHOW_BUILD_INFO: 1 | |
NODE_ENV: production | |
NEXT_PUBLIC_SENTRY_ENV: staging | |
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} | |
PRODUCT_HUB_KEY: ${{ secrets.PRODUCT_HUB_KEY }} | |
ONE_INCH_API_KEY: ${{ secrets.ONE_INCH_API_KEY_STAGING }} | |
ONE_INCH_API_URL: ${{ secrets.ONE_INCH_API_URL_STAGING }} | |
REFERRAL_SUBGRAPH_URL: ${{ secrets.REFERRAL_SUBGRAPH_URL_STAGING }} | |
BLOG_POSTS_API_KEY: ${{ secrets.BLOG_POSTS_API_KEY }} | |
BLOG_POSTS_API_URL: ${{ secrets.BLOG_POSTS_API_URL }} | |
run: yarn build | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v2 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_STAGING }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_STAGING }} | |
aws-region: ${{ env.AWS_REGION }} | |
- name: Login to Amazon ECR | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v1 | |
- name: Build runner image | |
id: build-image | |
env: | |
SHA_TAG: ${{ steps.vars.outputs.sha_short }} | |
LATEST_TAG: latest | |
ECR_REPO_NAME: summer-fi-staging | |
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
run: | | |
# Build a docker container and | |
# push it to ECR so that it can | |
# be deployed to ECS. | |
docker build -f Dockerfile.staging \ | |
--cache-from=$ECR_REGISTRY/$ECR_REPO_NAME:$LATEST_TAG \ | |
-t $ECR_REGISTRY/$ECR_REPO_NAME:$SHA_TAG \ | |
-t $ECR_REGISTRY/$ECR_REPO_NAME:$LATEST_TAG \ | |
-t $ECR_REGISTRY/$ECR_REPO_NAME:$ENVIRONMENT_TAG \ | |
. | |
docker push $ECR_REGISTRY/$ECR_REPO_NAME --all-tags | |
- name: Update ECS service with latest Docker image | |
id: service-update | |
run: | | |
aws ecs update-service --cluster $CLUSTER_NAME --service ${{ env.SERVICE_NAME }} --force-new-deployment --region $AWS_REGION | |
- name: Wait for all services to become stable | |
uses: oryanmoshe/[email protected] | |
with: | |
ecs-cluster: ${{ env.CLUSTER_NAME }} | |
ecs-services: '["${{ env.SERVICE_NAME }}"]' | |
- name: Invalidate CloudFront | |
run: | |
AWS_MAX_ATTEMPTS=10 aws cloudfront create-invalidation --distribution-id | |
${{secrets.CF_DIST_ID_STAGING }} --paths "/*" |