Spaces:
Running
Running
build: Simplify release note to production only and use existing solutions (#120)
882b826
unverified
name: deploy to aws production | |
on: workflow_dispatch | |
env: | |
repo_name: 'vision-agent' | |
aws_account_id: '944932498359' | |
aws_region: 'us-east-2' | |
cluster_name: 'llens-app-production' | |
namespace: 'datamanagement' | |
jobs: | |
db_migration: | |
runs-on: ubuntu-latest | |
environment: aws-production | |
permissions: | |
id-token: write | |
contents: read | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
ref: main | |
- name: Set up Node.js | |
uses: actions/setup-node@v4 | |
with: | |
node-version: '20' | |
- name: Install pnpm | |
run: npm install -g pnpm@9.1.1 | |
- name: Install dependencies | |
run: pnpm install | |
- name: prisma migrate deploy | |
env: | |
POSTGRES_PRISMA_URL: ${{ vars.DB_MIGRATION_URL }} | |
POSTGRES_URL_NON_POOLING: ${{ vars.DB_MIGRATION_URL }} | |
run: | | |
mkdir -p ~/.ssh | |
echo "${{ secrets.BASTION_SSH_KEY }}" > ~/.ssh/id_ed25519 | |
chmod 600 ~/.ssh/id_ed25519 | |
ssh-keyscan -H 3.142.222.176 >> ~/.ssh/known_hosts | |
ssh -o StrictHostKeyChecking=no -fN -v -L localhost:5432:platform.db.app.landing.ai:5432 ubuntu@ec2-3-142-222-176.us-east-2.compute.amazonaws.com | |
pnpm prisma migrate deploy | |
deploy_to_aws_production: | |
needs: db_migration | |
runs-on: ubuntu-latest | |
environment: aws-production | |
permissions: | |
id-token: write | |
contents: write | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
ref: main | |
- name: Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
role-to-assume: arn:aws:iam::${{ env.aws_account_id }}:role/github-actions-role | |
aws-region: ${{ env.aws_region }} | |
- name: kubeconfig | |
run: | | |
aws sts get-caller-identity | |
aws eks update-kubeconfig --name ${{ env.cluster_name }} --region ${{ env.aws_region }} | |
- name: install helm | |
run: | | |
curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash | |
- name: get image tag based on the sha | |
id: sha_short | |
run: | | |
echo "image_tag=$(git rev-parse --short HEAD)" | |
echo "image_tag=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT | |
- name: helm upgrade --install | |
env: | |
IMAGE_TAG: ${{ steps.sha_short.outputs.image_tag }} | |
run: | | |
helm upgrade --install --wait -n ${{ env.namespace }} ${{ env.repo_name }} -f chart/${{ vars.VALUES_FILE }} ./chart \ | |
--set image.tag=$IMAGE_TAG \ | |
--set env.AWS_BUCKET_NAME=${{ vars.AWS_BUCKET_NAME }} \ | |
--set env.AWS_REGION=${{ vars.AWS_REGION }} \ | |
--set env.NEXTAUTH_URL=${{ vars.NEXTAUTH_URL }} \ | |
--set env.AUTH_GITHUB_ID=${{ vars.AUTH_GITHUB_ID }} \ | |
--set env.AUTH_GITHUB_SECRET=${{ vars.AUTH_GITHUB_SECRET }} \ | |
--set env.AUTH_SECRET=${{ vars.AUTH_SECRET }} \ | |
--set env.AUTH_TRUST_HOST=${{ vars.AUTH_TRUST_HOST }} \ | |
--set env.AWS_ACCESS_KEY_ID=${{ vars.AWS_ACCESS_KEY_ID }} \ | |
--set env.AWS_SECRET_ACCESS_KEY=${{ vars.AWS_SECRET_ACCESS_KEY }} \ | |
--set env.GOOGLE_CLIENT_ID=${{ vars.GOOGLE_CLIENT_ID }} \ | |
--set env.GOOGLE_SECRET=${{ vars.GOOGLE_SECRET }} \ | |
--set env.LOKI_AUTH_USER_PASSWORD=${{ vars.LOKI_AUTH_USER_PASSWORD }} \ | |
--set env.OPENAI_API_KEY=${{ vars.OPENAI_API_KEY }} \ | |
--set env.POSTGRES_PRISMA_URL=${{ vars.POSTGRES_PRISMA_URL }} \ | |
--set env.AGENT_HOST=${{ vars.AGENT_HOST }} | |
- name: Generate release tag | |
id: release_tag | |
uses: amitsingh-007/next-release-tag@v6.0.0 | |
with: | |
github_token: ${{ secrets.REPO_ACCESS_TOKEN }} | |
tag_prefix: 'v' | |
tag_template: 'yyyy.mm.dd.i' | |
- name: Create new release | |
uses: softprops/action-gh-release@v2 | |
with: | |
name: Release ${{ steps.release_tag.outputs.next_release_tag }} | |
tag_name: ${{ steps.release_tag.outputs.next_release_tag }} | |
token: ${{secrets.REPO_ACCESS_TOKEN}} | |
generate_release_notes: true | |