Merge pull request #382 from intersective/feature/CORE-6447/feture-me… #135
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
################################################ | |
# GITHUB ACTION WORKFLOW NAME | |
################################################ | |
name: Deploy to p1-stage environment | |
################################################ | |
# GITHUB ACTION EVENT TRIGGER | |
################################################ | |
on: | |
workflow_dispatch: | |
push: | |
branches: [ 'trunk' ] | |
################################################ | |
# GITHUB ACTION JOBS | |
################################################ | |
jobs: | |
deploy-p1-stage: | |
name: deploy-p1-stage | |
runs-on: ubuntu-latest | |
environment: p1-stage | |
timeout-minutes: 15 | |
################################################ | |
# GITHUB ACTIONS GLOBAL ENV VARIABLES | |
################################################ | |
env: | |
REGION : ap-southeast-2 | |
ENV : test # Valid values are dev,test,live only | |
STACK_NAME: p1-stage # Valid values are au,us,uk,p2,lf,nu,p1-sandbox,p1-stage,p2-sandbox,shared only | |
ROOTSTACK: cutie-app | |
CFNS3BucketName: devops-cfn-templates | |
PRIVATES3BucketName: devops-shared-private | |
PUBLICZONENAME: p1-stage.practera.com | |
BUILD_CONFIG: custom | |
STATUSREPORTS3Bucket: deployment-status.practera.com | |
STATUS: DEPLOYED | |
REQUESTOR: ${{ github.event.inputs.REQUESTOR }} | |
REASON: ${{ github.event.inputs.REASON }} | |
ENDPOINT: cutie-app.p1-stage.practera.com | |
BRANCH_TAG_NAME: trunk | |
################################################ | |
# GITHUB REPO CHECKOUT | |
################################################ | |
steps: | |
- uses: actions/checkout@v2 | |
with: | |
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis | |
################################################ | |
# NODE ENV | |
################################################ | |
- name: Setup Node.js environment | |
uses: actions/setup-node@v2 | |
with: | |
node-version: '14' | |
################################################ | |
# NODE MODULES CACHE | |
################################################ | |
- name: Cache node modules | |
uses: actions/cache@v2 | |
id: cache-node-modules | |
env: | |
cache-name: cache | |
with: | |
# npm cache files are stored in `~/.npm` on Linux/macOS | |
path: | | |
~/.npm | |
node_modules | |
*/*/node_modules | |
key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('**/package.json') }} | |
restore-keys: | | |
${{ runner.os }}-build-${{ env.cache-name }}- | |
${{ runner.os }}-build- | |
${{ runner.os }}- | |
################################################ | |
# NODE MODULES INSTALL | |
################################################ | |
- name: Install dependencies | |
if: steps.cache-node-modules.outputs.cache-hit != 'true' | |
run: npm install | |
################################################ | |
# AWS CLI CONFIGURATION - DEVOPS | |
################################################ | |
- name: Configure AWS credentials from $STACK_NAME account in $REGION region | |
uses: aws-actions/configure-aws-credentials@v1 | |
with: | |
aws-access-key-id: ${{ secrets.DEVOPS_AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.DEVOPS_AWS_SECRET_ACCESS_KEY }} | |
aws-region: ap-southeast-2 | |
########################################################## | |
# AWS DEPLOY SECRET - MASK CONSOLE DISPLAY | |
########################################################## | |
- name: AWS Deploy Secret | |
id: DeploySecret | |
run: | | |
echo "Enable SLACK NOTIFY" | |
SLACK_WEBHOOK_URL=$(aws secretsmanager get-secret-value --secret-id $STACK_NAME-DEPLOY-$ENV| jq --raw-output '.SecretString' | jq -r .SLACK_WEBHOOK_URL) | |
echo "::add-mask::$SLACK_WEBHOOK_URL" | |
echo "::set-output name=SLACK_WEBHOOK_URL::$SLACK_WEBHOOK_URL" | |
echo "Enable P1 Stage ACCOUNT CLI Login" | |
P1_STAGE_AWS_ACCESS_KEY_ID=$(aws secretsmanager get-secret-value --secret-id $STACK_NAME-DEPLOY-$ENV| jq --raw-output '.SecretString' | jq -r .P1_STAGE_AWS_ACCESS_KEY_ID) | |
P1_STAGE_AWS_SECRET_ACCESS_KEY=$(aws secretsmanager get-secret-value --secret-id $STACK_NAME-DEPLOY-$ENV| jq --raw-output '.SecretString' | jq -r .P1_STAGE_AWS_SECRET_ACCESS_KEY) | |
echo "::add-mask::$P1_STAGE_AWS_ACCESS_KEY_ID" | |
echo "::add-mask::$P1_STAGE_AWS_SECRET_ACCESS_KEY" | |
echo "::set-output name=P1_STAGE_AWS_ACCESS_KEY_ID::$P1_STAGE_AWS_ACCESS_KEY_ID" | |
echo "::set-output name=P1_STAGE_AWS_SECRET_ACCESS_KEY::$P1_STAGE_AWS_SECRET_ACCESS_KEY" | |
env: #TODO: Update once manually to new stack accordingly | |
STACK_NAME: shared # Valid values are au,us,uk,p2,lf,nu,p1-sandbox,p1-stage,p2-sandbox,shared only | |
ENV: live # Valid values are sandbox,stage,live only | |
########################################################## | |
# AWS P1 STAGE ACCOUNT STEPS BELOW | |
########################################################## | |
- name: Configure AWS credentials from $STACK_NAME account in $REGION region | |
uses: aws-actions/configure-aws-credentials@v1 | |
with: | |
aws-access-key-id: ${{ steps.DeploySecret.outputs.P1_STAGE_AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ steps.DeploySecret.outputs.P1_STAGE_AWS_SECRET_ACCESS_KEY }} | |
aws-region: ${{env.REGION}} | |
env: | |
AWS_ACCESS_KEY_ID: ${{ steps.DeploySecret.outputs.P1_STAGE_AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ steps.DeploySecret.outputs.P1_STAGE_AWS_SECRET_ACCESS_KEY }} | |
########################################################## | |
# AWS S3 SYNC - SERVERLESS TEMPLATES | |
########################################################## | |
- name: AWS S3 Sync operation | |
run: | | |
aws s3 cp serverless.yml s3://$CFNS3BucketName/$STACK_NAME/$REGION/$ROOTSTACK/sls-templates/serverless.yml | |
########################################################## | |
# CLOUDFORMATION EXPORT VARIABLES | |
########################################################## | |
- name: Cloudformation Export variables | |
run: | | |
cat >> .env <<EOF | |
CDNSharedACMCertificateArn=$(aws cloudformation list-exports --query "Exports[?Name==\`$STACK_NAME-CDNSharedACMCertificateArn-$ENV\`].Value" --no-paginate --output text) | |
ChatBotSNSTopicARN=$(aws cloudformation list-exports --query "Exports[?Name==\`$STACK_NAME-ChatBotSNSTopicARN-$ENV\`].Value" --no-paginate --output text) | |
EOF | |
############################################################### | |
# SERVERLESS DEPLOYMENT | |
############################################################## | |
- name: Serverless deployment | |
run: | | |
echo "Serverless Deploying" | |
node_modules/.bin/serverless deploy | |
rm serverless.yml | |
env: | |
CUTIES3BUCKET: cutie-app.${{ env.PUBLICZONENAME }} | |
S3VERSIONING: true | |
NONCURRENTVERSION_EXPIREINDAYS: 30 | |
# DEFAULT_EXPIREINDAYS: 0 # Mandatory to disable | |
############################################################### | |
# ANGULAR ENVIRONMENT CREATION | |
############################################################## | |
- name: Angular Environment creation | |
run: | | |
printf "Creating required secret variables for angular environment variable creation\n\n" | |
export CUSTOM_APPKEY=$(aws secretsmanager get-secret-value --secret-id $STACK_NAME-AppKeySecret-$ENV| jq --raw-output '.SecretString' | jq -r .appkey) | |
export CUSTOM_FILESTACK_SIGNATURE=$(aws secretsmanager get-secret-value --secret-id $STACK_NAME-FilestackSecret-$ENV| jq --raw-output '.SecretString' | jq -r .signature) | |
export CUSTOM_FILESTACK_VIRUS_DETECTION=$(aws secretsmanager get-secret-value --secret-id $STACK_NAME-FilestackSecret-$ENV| jq --raw-output '.SecretString' | jq -r .virusdetection) | |
export CUSTOM_FILESTACK_KEY=$(aws secretsmanager get-secret-value --secret-id $STACK_NAME-FilestackSecret-$ENV| jq --raw-output '.SecretString' | jq -r .apikey) | |
export CUSTOM_FILESTACK_POLICY=$(aws secretsmanager get-secret-value --secret-id $STACK_NAME-FilestackSecret-$ENV| jq --raw-output '.SecretString' | jq -r .policy) | |
export CUSTOM_PUSHER_APPID=$(aws secretsmanager get-secret-value --secret-id $STACK_NAME-PusherSecret-$ENV| jq --raw-output '.SecretString' | jq -r .app_id) | |
export CUSTOM_PUSHERKEY=$(aws secretsmanager get-secret-value --secret-id $STACK_NAME-PusherSecret-$ENV| jq --raw-output '.SecretString' | jq -r .key) | |
export CUSTOM_PUSHER_SECRET=$(aws secretsmanager get-secret-value --secret-id $STACK_NAME-PusherSecret-$ENV| jq --raw-output '.SecretString' | jq -r .secret) | |
export CUSTOM_PUSHER_CLUSTER=$(aws secretsmanager get-secret-value --secret-id $STACK_NAME-PusherSecret-$ENV| jq --raw-output '.SecretString' | jq -r .cluster) | |
printf "Angular environment variable creation complete\n\n" | |
printf "Executing env.sh script\n\n" | |
chmod +x env.sh && ./env.sh | |
env: | |
CUSTOM_APPENV: ${{ env.ENV }} | |
CUSTOM_AWS_REGION_CHINA: ap-northeast-2 #TODO CHECK | |
CUSTOM_S3_BUCKET_CHINA: practera-seoul-1 #TODO CHECK | |
CUSTOM_CHATGEAPHQLENDPOINT: https://chat-api.${{ env.PUBLICZONENAME }}/ | |
CUSTOM_PATH_IMAGE: /cutie/image/uploads/ | |
CUSTOM_AWS_REGION: ${{ env.REGION }} | |
CUSTOM_PATH_ANY: /cutie/any/uploads/ | |
CUSTOM_S3_BUCKET: files.${{ env.PUBLICZONENAME }} | |
CUSTOM_APIENDPOINT: https://cutie-api.${{ env.PUBLICZONENAME }}/ | |
CUSTOM_APIENDPOINTOLD: https://admin.${{ env.PUBLICZONENAME }}/ | |
CUSTOM_PRACTERCORE: https://admin.${{ env.PUBLICZONENAME }}/ | |
CUSTOM_PATH_VIDEO: /cutie/video/uploads/ | |
CUSTOM_GEAPHQLENDPOINT: https://core-graphql-api.${{ env.PUBLICZONENAME }}/ | |
############################################################### | |
# BUILD WEB PACKAGES | |
############################################################## | |
- name: Build Web Packages | |
run: | | |
printf '' > src/environments/environment.ts | |
node_modules/.bin/ng build --configuration=${{ env.BUILD_CONFIG }} | |
########################################################## | |
# AWS S3 SYNC OPERATIONS | |
########################################################## | |
- name: AWS S3 Sync Operations | |
run: | | |
CUTIEAPPS3=$(aws cloudformation list-exports --query "Exports[?Name==\`$STACK_NAME-CUTIES3BUCKET-$ENV\`].Value" --no-paginate --output text) | |
aws s3 sync www/ s3://$CUTIEAPPS3 --delete | |
########################################################## | |
# AWS CDN CACHE INVALIDATION | |
########################################################## | |
- name: AWS Cloudfront Cache invalidation | |
run: | | |
CUTIEAPPCDN=$(aws cloudformation list-exports --query "Exports[?Name==\`$STACK_NAME-CutieCloudFrontDistributionID-$ENV\`].Value" --no-paginate --output text) | |
for i in $CUTIEAPPCDN;do aws cloudfront create-invalidation --distribution-id $i --paths "/*";done | |
########################################################## | |
# SLACK NOTIFICATION | |
########################################################## | |
- name: Slack Notification | |
if: always() # Pick up events even if the job fails or is canceled. | |
uses: 8398a7/action-slack@v3 | |
env: | |
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | |
MATRIX_CONTEXT: ${{ toJson(matrix) }} # required | |
with: | |
status: ${{ job.status }} | |
author_name: ${{ env.BRANCH_TAG_NAME }} - ${{ env.ROOTSTACK }} deployed to ${{ env.ENV }} environemnt in ${{ env.STACK_NAME }} AWS account | |
mention: 'here' | |
if_mention: failure,cancelled | |
job_name: deploy-p1-stage # Match the name above. | |
fields: repo,commit,eventName,ref,workflow,message,author,job,took | |
custom_payload: | | |
{ | |
username: 'GitHub Action CI WorkFlow', | |
icon_emoji: ':github:', | |
attachments: [{ | |
color: '${{ job.status }}' === 'success' ? 'good' : ${{ job.status }}' === 'failure' ? 'danger' : 'warning', | |
text: | |
`${process.env.AS_REPO}\n | |
${process.env.AS_COMMIT}\n | |
${process.env.AS_EVENT_NAME}\n | |
@${process.env.AS_REF}\n | |
@${process.env.AS_WORKFLOW}\n | |
${process.env.AS_MESSAGE}\n | |
${process.env.AS_AUTHOR}\n | |
${process.env.AS_JOB}\n | |
${process.env.AS_TOOK}`, | |
}] | |
} | |
# ################################################ | |
# # STATUS VARIABLE UPDATE | |
# ################################################ | |
- name: Deployment status variable update | |
if: ${{ failure() }} | |
run: | | |
echo "STATUS=FAILURE" >> $GITHUB_ENV | |
# ################################################ | |
# # DEVOPS-DEPLOYMENT REPORT | |
# ################################################ | |
- name: DevOps Deployment Reporting | |
if: always() | |
run: | | |
pip install --upgrade pip | |
pip install --upgrade csvtotable | |
export REASON=$(git log -2 --format=%s | sed -n 2p) | |
export REQUESTOR=${{ github.actor }} | |
aws s3 cp s3://$STATUSREPORTS3Bucket/deploy-reporting.sh deploy-reporting.sh | |
chmod +x deploy-reporting.sh && ./deploy-reporting.sh |