Merge pull request #7849 from opengovsg/release-v6.158.1 #2344
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Deploy to AWS Elastic Beanstalk | |
on: | |
push: | |
# There should be 7 environments in github actions secrets: | |
# release, release-al2, staging, staging-alt, staging-alt2, uat. | |
# This is different from the DEPLOY_ENV secret which corresponds to elastic beanstalk environment name. | |
branches: | |
- release | |
- release-al2 | |
- staging | |
- staging-alt | |
- staging-alt2 | |
- uat | |
permissions: | |
id-token: write | |
contents: read | |
jobs: | |
set_environment: | |
outputs: | |
current_env: ${{ steps.set-environment.outputs.current_env }} | |
runs-on: ubuntu-latest | |
steps: | |
- id: set-environment | |
run: echo "current_env=${{github.ref_name}}" >> $GITHUB_OUTPUT | |
build_deploy_application: | |
needs: set_environment | |
environment: | |
name: ${{ needs.set_environment.outputs.current_env }} | |
env: | |
IMAGE_TAG: github-actions-${{ github.sha }}-${{ github.run_id }}-${{github.run_attempt}} | |
BRANCH: ${{ needs.set_environment.outputs.current_env }} | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Setup secrets for datadog sourcemap deployment | |
run: | | |
echo "APP_VERSION=$(jq -r .version package.json)-$(echo ${GITHUB_REF##*/})-$(echo ${GITHUB_SHA} | cut -c1-8)" >> $GITHUB_ENV | |
- name: Inject frontend build env vars | |
env: | |
VITE_APP_DD_RUM_APP_ID: ${{ secrets.DD_RUM_APP_ID }} | |
VITE_APP_DD_RUM_CLIENT_TOKEN: ${{ secrets.DD_RUM_CLIENT_TOKEN }} | |
VITE_APP_DD_RUM_ENV: ${{ secrets.DD_ENV }} | |
VITE_APP_DD_SAMPLE_RATE: ${{ secrets.DD_SAMPLE_RATE }} | |
VITE_APP_GA_TRACKING_ID: ${{ secrets.GA_TRACKING_ID }} | |
VITE_APP_FORMSG_SDK_MODE: ${{ secrets.REACT_APP_FORMSG_SDK_MODE }} | |
VITE_APP_URL: ${{ secrets.APP_URL }} | |
run: | | |
sed -i -e "s|@VITE_APP_URL|${{secrets.APP_URL}}|g" -e "s/@VITE_APP_DD_RUM_APP_ID/$VITE_APP_DD_RUM_APP_ID/g" -e "s/@VITE_APP_DD_RUM_CLIENT_TOKEN/$VITE_APP_DD_RUM_CLIENT_TOKEN/g" -e "s/@VITE_APP_DD_RUM_ENV/$VITE_APP_DD_RUM_ENV/g" -e "s/@VITE_APP_VERSION/${{env.APP_VERSION}}/g" -e "s/@VITE_APP_DD_SAMPLE_RATE/$VITE_APP_DD_SAMPLE_RATE/g" frontend/datadog-chunk.ts | |
echo VITE_APP_VERSION=${{env.APP_VERSION}} > frontend/.env | |
echo VITE_APP_URL=$VITE_APP_URL > frontend/.env | |
echo VITE_APP_GA_TRACKING_ID=$VITE_APP_GA_TRACKING_ID >> frontend/.env | |
echo VITE_APP_FORMSG_SDK_MODE=$VITE_APP_FORMSG_SDK_MODE >> frontend/.env | |
echo VITE_APP_DD_RUM_CLIENT_TOKEN=$VITE_APP_DD_RUM_CLIENT_TOKEN >> frontend/.env | |
echo VITE_APP_DD_RUM_ENV=$VITE_APP_DD_RUM_ENV >> frontend/.env | |
- name: Configure AWS credentials | |
uses: aws-actions/[email protected] | |
with: | |
role-to-assume: ${{ secrets.AWS_CI_ROLE_TO_ASSUME }} | |
aws-region: ${{ secrets.AWS_DEFAULT_REGION }} | |
- name: Login to Amazon ECR | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v1 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v2 | |
- name: Build docker image | |
uses: docker/build-push-action@v3 | |
env: | |
ECR_REPO: ${{ secrets.ECR_REPO }} | |
DD_API_KEY: ${{ secrets.DD_API_KEY }} | |
DD_ENV: ${{ secrets.DD_ENV }} | |
with: | |
context: . | |
file: ./Dockerfile.production | |
push: false | |
load: true # Load image into local docker daemon so we can tag and push in later steps | |
tags: ${{env.ECR_REPO}}:${{env.IMAGE_TAG}} | |
build-args: | | |
APP_VERSION=${{env.APP_VERSION}} | |
APP_URL=${{secrets.APP_URL}} | |
REPO_URL=${{github.server_url}}/${{github.repository}} | |
secrets: | | |
"dd_api_key=${{ secrets.DD_API_KEY }}" | |
- name: Push image to Amazon ECR | |
env: | |
ECR_REPOSITORY: ${{ secrets.ECR_REPO }} | |
DD_API_KEY: ${{ secrets.DD_API_KEY }} | |
DD_ENV: ${{ secrets.DD_ENV }} | |
DD_GIT_REPOSITORY_URL: ${{ github.server_url }}/${{ github.repository }} | |
DD_GIT_COMMIT_SHA: ${{ github.sha }} | |
run: | | |
docker tag $ECR_REPOSITORY:$IMAGE_TAG $ECR_REPOSITORY:$BRANCH | |
docker push -a $ECR_REPOSITORY | |
sed -i -e "s/@TAG/$IMAGE_TAG/g" Dockerrun.aws.json | |
sed -i -e "s/@DD_API_KEY/$DD_API_KEY/g" -e "s/@DD_ENV/$DD_ENV/g" .ebextensions/99datadog-amazon-linux-2.config | |
# Using "+" as delimiter to avoid escaping / in DD_GIT_REPOSITORY_URL | |
sed -i -e "s+@DD_GIT_REPOSITORY_URL+$DD_GIT_REPOSITORY_URL+g" -e "s/@DD_GIT_COMMIT_SHA/$DD_GIT_COMMIT_SHA/g" .ebextensions/02env-file-datadog.config | |
zip -r "$IMAGE_TAG.zip" .ebextensions Dockerrun.aws.json | |
- name: Copy Image to S3 | |
env: | |
BUCKET_NAME: ${{ secrets.BUCKET_NAME }} | |
run: | | |
aws s3 cp $IMAGE_TAG.zip s3://$BUCKET_NAME/$IMAGE_TAG.zip | |
- name: Copy Static Assets from Docker Image and Push to S3 | |
env: | |
S3_STATIC_ASSETS_BUCKET_NAME: ${{ secrets.S3_STATIC_ASSETS_BUCKET_NAME }} | |
ECR_REPOSITORY: ${{ secrets.ECR_REPO }} | |
run: | | |
mkdir -p /tmp/s3static | |
chmod 777 /tmp/s3static | |
docker run --rm -v /tmp/s3static:/tmp/s3static $ECR_REPOSITORY:$IMAGE_TAG cp -r ./dist/frontend/. /tmp/s3static | |
aws s3 sync /tmp/s3static s3://$S3_STATIC_ASSETS_BUCKET_NAME | |
- name: Create application version | |
env: | |
BUCKET_NAME: ${{ secrets.BUCKET_NAME }} | |
APP_NAME: ${{ secrets.APP_NAME }} | |
run: | | |
TRUNCATED_DESC=$(echo "${{github.event.head_commit.message}}" | head -c 180) | |
aws elasticbeanstalk create-application-version --application-name $APP_NAME \ | |
--version-label $IMAGE_TAG \ | |
--source-bundle S3Bucket=$BUCKET_NAME,S3Key=$IMAGE_TAG.zip \ | |
--description "$TRUNCATED_DESC" | |
- name: Update EB environment | |
id: update-eb-1 | |
env: | |
APP_NAME: ${{ secrets.APP_NAME }} | |
DEPLOY_ENV: ${{ secrets.DEPLOY_ENV }} | |
run: | | |
aws elasticbeanstalk update-environment --application-name $APP_NAME \ | |
--environment-name $DEPLOY_ENV \ | |
--version-label $IMAGE_TAG |