name: deploy to aws production on: workflow_dispatch env: repo_name: 'vision-agent' aws_account_id: '944932498359' aws_region: 'us-east-2' cluster_name: 'llens-app-production' namespace: 'datamanagement' jobs: db_migration: runs-on: ubuntu-latest environment: aws-production permissions: id-token: write contents: read steps: - uses: actions/checkout@v4 with: ref: main - name: Set up Node.js uses: actions/setup-node@v4 with: node-version: '20' - name: Install pnpm run: npm install -g pnpm@9.1.1 - name: Install dependencies run: pnpm install - name: prisma migrate deploy env: POSTGRES_PRISMA_URL: ${{ vars.DB_MIGRATION_URL }} POSTGRES_URL_NON_POOLING: ${{ vars.DB_MIGRATION_URL }} run: | mkdir -p ~/.ssh echo "${{ secrets.BASTION_SSH_KEY }}" > ~/.ssh/id_ed25519 chmod 600 ~/.ssh/id_ed25519 ssh-keyscan -H 3.142.222.176 >> ~/.ssh/known_hosts ssh -o StrictHostKeyChecking=no -fN -v -L localhost:5432:platform.db.app.landing.ai:5432 ubuntu@ec2-3-142-222-176.us-east-2.compute.amazonaws.com pnpm prisma migrate deploy deploy_to_aws_production: needs: db_migration runs-on: ubuntu-latest environment: aws-production permissions: id-token: write contents: write steps: - uses: actions/checkout@v4 with: ref: main - name: Configure AWS Credentials uses: aws-actions/configure-aws-credentials@v4 with: role-to-assume: arn:aws:iam::${{ env.aws_account_id }}:role/github-actions-role aws-region: ${{ env.aws_region }} - name: kubeconfig run: | aws sts get-caller-identity aws eks update-kubeconfig --name ${{ env.cluster_name }} --region ${{ env.aws_region }} - name: install helm run: | curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash - name: get image tag based on the sha id: sha_short run: | echo "image_tag=$(git rev-parse --short HEAD)" echo "image_tag=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT - name: helm upgrade --install env: IMAGE_TAG: ${{ steps.sha_short.outputs.image_tag }} run: | helm upgrade --install --wait -n ${{ env.namespace }} ${{ env.repo_name }} -f chart/${{ vars.VALUES_FILE }} ./chart \ --set image.tag=$IMAGE_TAG \ --set env.AWS_BUCKET_NAME=${{ vars.AWS_BUCKET_NAME }} \ --set env.AWS_REGION=${{ vars.AWS_REGION }} \ --set env.NEXTAUTH_URL=${{ vars.NEXTAUTH_URL }} \ --set env.AUTH_GITHUB_ID=${{ vars.AUTH_GITHUB_ID }} \ --set env.AUTH_GITHUB_SECRET=${{ vars.AUTH_GITHUB_SECRET }} \ --set env.AUTH_SECRET=${{ vars.AUTH_SECRET }} \ --set env.AUTH_TRUST_HOST=${{ vars.AUTH_TRUST_HOST }} \ --set env.AWS_ACCESS_KEY_ID=${{ vars.AWS_ACCESS_KEY_ID }} \ --set env.AWS_SECRET_ACCESS_KEY=${{ vars.AWS_SECRET_ACCESS_KEY }} \ --set env.GOOGLE_CLIENT_ID=${{ vars.GOOGLE_CLIENT_ID }} \ --set env.GOOGLE_SECRET=${{ vars.GOOGLE_SECRET }} \ --set env.LOKI_AUTH_USER_PASSWORD=${{ vars.LOKI_AUTH_USER_PASSWORD }} \ --set env.OPENAI_API_KEY=${{ vars.OPENAI_API_KEY }} \ --set env.POSTGRES_PRISMA_URL=${{ vars.POSTGRES_PRISMA_URL }} \ --set env.AGENT_HOST=${{ vars.AGENT_HOST }} - name: Generate release tag id: release_tag uses: amitsingh-007/next-release-tag@v6.0.0 with: github_token: ${{ secrets.REPO_ACCESS_TOKEN }} tag_prefix: 'v' tag_template: 'yyyy.mm.dd.i' - name: Create new release uses: softprops/action-gh-release@v2 with: name: Release ${{ steps.release_tag.outputs.next_release_tag }} tag_name: ${{ steps.release_tag.outputs.next_release_tag }} token: ${{secrets.REPO_ACCESS_TOKEN}} generate_release_notes: true