From a4402c25fccc32b853b38245657511bd8a515588 Mon Sep 17 00:00:00 2001 From: Gregor Zurowski Date: Wed, 18 Sep 2024 17:07:55 +0200 Subject: [PATCH 1/7] Relocate deployment steps into reusable workflow --- .github/workflows/ci.yml | 71 +++++++++------------------------ .github/workflows/deploy_eb.yml | 69 ++++++++++++++++++++++++++++++++ 2 files changed, 87 insertions(+), 53 deletions(-) create mode 100644 .github/workflows/deploy_eb.yml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index e0a0c11532..43256e40c0 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -22,7 +22,7 @@ on: default: master jobs: - deploy: + package: runs-on: ubuntu-latest if: | github.event_name == 'workflow_dispatch' || @@ -36,6 +36,10 @@ jobs: PROD_DEPLOY_ROLE_ARN: ${{ vars.PROD_DEPLOY_ROLE_ARN }} DEPLOY_ENV: ${{ github.event.inputs.deploy_env || 'staging' }} + outputs: + deploy_role_arn: ${{ steps.get_role_arn.outputs.role_arn }} + short_git_sha: ${{ steps.short_git_sha.outputs.short_git_sha }} + steps: - name: Workflow details run: | @@ -49,9 +53,11 @@ jobs: ref: ${{ github.event.inputs.git_ref }} - name: Set short Git SHA + id: short_git_sha run: | SHORT_GIT_SHA=$(git rev-parse HEAD | cut -c1-7) echo "SHORT_GIT_SHA=$SHORT_GIT_SHA" >> "$GITHUB_ENV" + echo "short_git_sha=$SHORT_GIT_SHA" >> "$GITHUB_OUTPUT" echo "Git SHA: ${SHORT_GIT_SHA}" - name: Checkout deploy repository @@ -82,60 +88,19 @@ jobs: path: target/deploy.zip - name: Get deploy role ARN - id: get-role-arn + id: get_role_arn run: | role_arn_name=${DEPLOY_ENV^^}_DEPLOY_ROLE_ARN role_arn=$(eval echo \$$role_arn_name) echo "role_arn=$role_arn" >> "$GITHUB_OUTPUT" - - name: Configure AWS credentials with assume role - id: aws_credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - role-to-assume: ${{ steps.get-role-arn.outputs.role_arn }} - role-session-name: github-actions-beanstalk-session - role-duration-seconds: 1200 - role-skip-session-tagging: true - aws-region: us-west-2 - output-credentials: true - - - name: Deploy ${{ env.DEPLOY_ENV }} Backend - API - uses: einaregilsson/beanstalk-deploy@v22 - with: - aws_access_key: ${{ steps.aws_credentials.outputs.aws-access-key-id }} - aws_secret_key: ${{ steps.aws_credentials.outputs.aws-secret-access-key }} - application_name: backend - environment_name: ${{ env.DEPLOY_ENV }}-backend-api - version_label: ${{ env.SHORT_GIT_SHA }} - use_existing_version_if_available: true - region: us-west-2 - deployment_package: target/deploy.zip - wait_for_environment_recovery: 120 - - - name: Deploy ${{ env.DEPLOY_ENV }} Backend - Main Worker - uses: einaregilsson/beanstalk-deploy@v22 - with: - aws_access_key: ${{ steps.aws_credentials.outputs.aws-access-key-id }} - aws_secret_key: ${{ steps.aws_credentials.outputs.aws-secret-access-key }} - application_name: backend - environment_name: ${{ env.DEPLOY_ENV }}-backend-worker-main - version_label: ${{ env.SHORT_GIT_SHA }} - use_existing_version_if_available: true - region: us-west-2 - deployment_package: target/deploy.zip - wait_for_environment_recovery: 120 - - - name: Deploy ${{ env.DEPLOY_ENV }} Backend - Cermine Worker - uses: einaregilsson/beanstalk-deploy@v22 - with: - aws_access_key: ${{ steps.aws_credentials.outputs.aws-access-key-id }} - aws_secret_key: ${{ steps.aws_credentials.outputs.aws-secret-access-key }} - application_name: backend - environment_name: ${{ env.DEPLOY_ENV }}-backend-worker-cermine - version_label: ${{ env.SHORT_GIT_SHA }} - use_existing_version_if_available: true - region: us-west-2 - deployment_package: target/deploy.zip - wait_for_environment_recovery: 120 + deploy: + uses: researchhub/researchhub-backend/.github/workflows/deploy_eb.yml@github-workflow-reusable-deploy + needs: package + with: + deploy_env: ${{ inputs.deploy_env }} + deploy_role_arn: ${{ needs.package.outputs.deploy_role_arn }} + version: ${{ needs.package.outputs.short_git_sha }} + secrets: + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} diff --git a/.github/workflows/deploy_eb.yml b/.github/workflows/deploy_eb.yml new file mode 100644 index 0000000000..14a88f5083 --- /dev/null +++ b/.github/workflows/deploy_eb.yml @@ -0,0 +1,69 @@ +name: Deploy Elastic Beanstalk + +on: + workflow_call: + inputs: + deploy_env: + required: true + type: string + deploy_role_arn: + required: true + type: string + version: + required: true + type: string + secrets: + AWS_ACCESS_KEY_ID: + required: true + AWS_SECRET_ACCESS_KEY: + required: true + +jobs: + deploy: + runs-on: ubuntu-latest + + steps: + - name: Checkout application repository + uses: actions/checkout@v4 + + - name: Download deployment package + uses: actions/download-artifact@v4 + with: + name: "backend-${{ inputs.version }}" + + - name: Unpack deployment package + run: | + ls -lha + unzip deploy.zip -d target + ls -lhr ./.github/workflows + + - name: Configure AWS credentials with assume role + id: aws_credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + role-to-assume: ${{ inputs.deploy_role_arn }} + role-session-name: github-actions-beanstalk-session + role-duration-seconds: 1200 + role-skip-session-tagging: true + aws-region: us-west-2 + output-credentials: true + + - name: Testing + run: | + echo "Role: ${{ inputs.deploy_role_arn }}" + echo "Env: ${{ inputs.deploy_env }}" + echo "Version: ${{ inputs.version }}" + #- name: Deploy ${{ inputs.deploy_env }} Backend - API + # uses: einaregilsson/beanstalk-deploy@v22 + # with: + # aws_access_key: ${{ steps.aws_credentials.outputs.aws-access-key-id }} + # aws_secret_key: ${{ steps.aws_credentials.outputs.aws-secret-access-key }} + # application_name: backend + # environment_name: ${{ inputs.deploy_env }}-backend-api + # version_label: ${{ inputs.version }} + # use_existing_version_if_available: true + # region: us-west-2 + # deployment_package: target/deploy.zip + # wait_for_environment_recovery: 120 From 474f77d9bd26f936438c5806762c2d5a884bbfd9 Mon Sep 17 00:00:00 2001 From: Gregor Zurowski Date: Wed, 18 Sep 2024 19:31:30 +0200 Subject: [PATCH 2/7] Give deploy job a name --- .github/workflows/deploy_eb.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/deploy_eb.yml b/.github/workflows/deploy_eb.yml index 14a88f5083..83ca49b6ec 100644 --- a/.github/workflows/deploy_eb.yml +++ b/.github/workflows/deploy_eb.yml @@ -20,6 +20,7 @@ on: jobs: deploy: + name: ${{ inputs.deploy_env }} runs-on: ubuntu-latest steps: From d7481be9d7b38fe5555e709e19d4040ed61422ec Mon Sep 17 00:00:00 2001 From: Gregor Zurowski Date: Thu, 19 Sep 2024 16:31:25 +0200 Subject: [PATCH 3/7] [Minor] Use shortened Git SHA from steps - Stop writing shortened Git SHA to environment. - Read SHA from step output. --- .github/workflows/ci.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 43256e40c0..18dbf516ad 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -58,7 +58,6 @@ jobs: SHORT_GIT_SHA=$(git rev-parse HEAD | cut -c1-7) echo "SHORT_GIT_SHA=$SHORT_GIT_SHA" >> "$GITHUB_ENV" echo "short_git_sha=$SHORT_GIT_SHA" >> "$GITHUB_OUTPUT" - echo "Git SHA: ${SHORT_GIT_SHA}" - name: Checkout deploy repository uses: actions/checkout@v4 @@ -84,7 +83,7 @@ jobs: - name: Upload artifact uses: actions/upload-artifact@v4 with: - name: "backend-${{ env.SHORT_GIT_SHA }}" + name: "backend-${{ steps.short_git_sha.outputs.short_git_sha }}" path: target/deploy.zip - name: Get deploy role ARN From 6ef83f3b87c5a3e7747311e61a78cac849c58938 Mon Sep 17 00:00:00 2001 From: Gregor Zurowski Date: Thu, 19 Sep 2024 16:34:24 +0200 Subject: [PATCH 4/7] [Minor] Use lowercase secret parameter names --- .github/workflows/ci.yml | 4 ++-- .github/workflows/deploy_eb.yml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 18dbf516ad..126957577f 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -101,5 +101,5 @@ jobs: deploy_role_arn: ${{ needs.package.outputs.deploy_role_arn }} version: ${{ needs.package.outputs.short_git_sha }} secrets: - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} diff --git a/.github/workflows/deploy_eb.yml b/.github/workflows/deploy_eb.yml index 83ca49b6ec..2478b138d6 100644 --- a/.github/workflows/deploy_eb.yml +++ b/.github/workflows/deploy_eb.yml @@ -13,9 +13,9 @@ on: required: true type: string secrets: - AWS_ACCESS_KEY_ID: + aws_access_key_id: required: true - AWS_SECRET_ACCESS_KEY: + aws_secret_access_key: required: true jobs: From 6358580538572a6a3bb1359da9b9729c56d5ff14 Mon Sep 17 00:00:00 2001 From: Gregor Zurowski Date: Thu, 19 Sep 2024 16:35:00 +0200 Subject: [PATCH 5/7] Add step for printing workflow details --- .github/workflows/deploy_eb.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/deploy_eb.yml b/.github/workflows/deploy_eb.yml index 2478b138d6..44ebde4f79 100644 --- a/.github/workflows/deploy_eb.yml +++ b/.github/workflows/deploy_eb.yml @@ -27,6 +27,11 @@ jobs: - name: Checkout application repository uses: actions/checkout@v4 + - name: Workflow details + run: | + echo "Environment: ${{ inputs.deploy_env }}" + echo "Version: ${{ inputs.version }}" + - name: Download deployment package uses: actions/download-artifact@v4 with: From c1713bbd99918b6c641c5a9ccab1fdbf8532840e Mon Sep 17 00:00:00 2001 From: Gregor Zurowski Date: Thu, 19 Sep 2024 16:35:33 +0200 Subject: [PATCH 6/7] Deploy backend API --- .github/workflows/deploy_eb.yml | 29 ++++++++++++----------------- 1 file changed, 12 insertions(+), 17 deletions(-) diff --git a/.github/workflows/deploy_eb.yml b/.github/workflows/deploy_eb.yml index 44ebde4f79..c6c591600d 100644 --- a/.github/workflows/deploy_eb.yml +++ b/.github/workflows/deploy_eb.yml @@ -56,20 +56,15 @@ jobs: aws-region: us-west-2 output-credentials: true - - name: Testing - run: | - echo "Role: ${{ inputs.deploy_role_arn }}" - echo "Env: ${{ inputs.deploy_env }}" - echo "Version: ${{ inputs.version }}" - #- name: Deploy ${{ inputs.deploy_env }} Backend - API - # uses: einaregilsson/beanstalk-deploy@v22 - # with: - # aws_access_key: ${{ steps.aws_credentials.outputs.aws-access-key-id }} - # aws_secret_key: ${{ steps.aws_credentials.outputs.aws-secret-access-key }} - # application_name: backend - # environment_name: ${{ inputs.deploy_env }}-backend-api - # version_label: ${{ inputs.version }} - # use_existing_version_if_available: true - # region: us-west-2 - # deployment_package: target/deploy.zip - # wait_for_environment_recovery: 120 + - name: Deploy Backend - API + uses: einaregilsson/beanstalk-deploy@v22 + with: + aws_access_key: ${{ secrets.aws_access_key_id }} + aws_secret_key: ${{ secrets.aws_secret_access_key }} + application_name: backend + environment_name: ${{ inputs.deploy_env }}-backend-api + version_label: ${{ inputs.version }} + use_existing_version_if_available: true + region: us-west-2 + deployment_package: target/deploy.zip + wait_for_environment_recovery: 120 From 2723e91910efbaebdd0e06542425d4a1eb82c3cd Mon Sep 17 00:00:00 2001 From: Gregor Zurowski Date: Thu, 19 Sep 2024 16:44:35 +0200 Subject: [PATCH 7/7] Use AWS credentials from correct context --- .github/workflows/deploy_eb.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/deploy_eb.yml b/.github/workflows/deploy_eb.yml index c6c591600d..7a28984b20 100644 --- a/.github/workflows/deploy_eb.yml +++ b/.github/workflows/deploy_eb.yml @@ -47,8 +47,8 @@ jobs: id: aws_credentials uses: aws-actions/configure-aws-credentials@v4 with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-access-key-id: ${{ secrets.aws_access_key_id }} + aws-secret-access-key: ${{ secrets.aws_secret_access_key }} role-to-assume: ${{ inputs.deploy_role_arn }} role-session-name: github-actions-beanstalk-session role-duration-seconds: 1200 @@ -59,8 +59,8 @@ jobs: - name: Deploy Backend - API uses: einaregilsson/beanstalk-deploy@v22 with: - aws_access_key: ${{ secrets.aws_access_key_id }} - aws_secret_key: ${{ secrets.aws_secret_access_key }} + aws_access_key: ${{ steps.aws_credentials.outputs.access_key_id }} + aws_secret_key: ${{ steps.aws_credentials.outputs.secret_access_key }} application_name: backend environment_name: ${{ inputs.deploy_env }}-backend-api version_label: ${{ inputs.version }}