Skip to content
Deploy to Production

fix(ci): Replace complex Sphinx setup with placeholder API docs #109

Sign in to view logs

fix(ci): Replace complex Sphinx setup with placeholder API docs

fix(ci): Replace complex Sphinx setup with placeholder API docs #109

Workflow file for this run

.github/workflows/deploy.yml at 4d60e3b
name: Deploy to Production
on:
push:
branches: [ main ]
workflow_dispatch:
inputs:
environment:
description: 'Environment to deploy to'
required: true
default: 'staging'
type: choice
options:
- staging
- production
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
jobs:
deploy-staging:
name: Deploy to Staging
runs-on: ubuntu-latest
# DISABLED for open-source project - no staging infrastructure available
if: false && github.ref == 'refs/heads/main' && (github.event_name == 'push' || github.event.inputs.environment == 'staging')
environment: staging
steps:
- name: Checkout code
uses: actions/checkout@v5
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-1
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
- name: Deploy to ECS Staging
run: |
# Update ECS task definition with new image
aws ecs update-service \
--cluster openwatch-staging \
--service openwatch-app \
--force-new-deployment \
--desired-count 2
- name: Wait for deployment
run: |
aws ecs wait services-stable \
--cluster openwatch-staging \
--services openwatch-app
- name: Run smoke tests
run: |
# Wait for service to be ready
sleep 30
# Check health endpoints
curl -f https://staging.openwatch.hanalyx.com/health || exit 1
curl -f https://staging.openwatch.hanalyx.com/api/health || exit 1
- name: Notify deployment status
if: always()
uses: 8398a7/action-slack@v3
with:
status: ${{ job.status }}
text: 'Staging deployment ${{ job.status }}'
webhook_url: ${{ secrets.SLACK_WEBHOOK }}
deploy-production:
name: Deploy to Production
runs-on: ubuntu-latest
needs: deploy-staging
# DISABLED for open-source project - no production infrastructure available
if: false && github.event.inputs.environment == 'production'
environment: production
steps:
- name: Checkout code
uses: actions/checkout@v5
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_PROD }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_PROD }}
aws-region: us-east-1
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
- name: Create backup
run: |
# Backup current production database
aws rds create-db-snapshot \
--db-instance-identifier openwatch-prod \
--db-snapshot-identifier openwatch-prod-backup-${{ github.sha }}
- name: Deploy to ECS Production (Blue/Green)
run: |
# Create new task definition revision
TASK_DEFINITION=$(aws ecs describe-task-definition \
--task-definition openwatch-prod \
--query 'taskDefinition' \
--output json)
# Update image in task definition
NEW_TASK_DEF=$(echo $TASK_DEFINITION | \
jq '.containerDefinitions[0].image = "ghcr.io/hanalyx/openwatch-backend:${{ github.sha }}"' | \
jq '.containerDefinitions[1].image = "ghcr.io/hanalyx/openwatch-frontend:${{ github.sha }}"')
# Register new task definition
aws ecs register-task-definition --cli-input-json "$NEW_TASK_DEF"
# Update service with new task definition
aws ecs update-service \
--cluster openwatch-prod \
--service openwatch-app \
--task-definition openwatch-prod
- name: Monitor deployment
run: |
# Monitor deployment progress
aws ecs wait services-stable \
--cluster openwatch-prod \
--services openwatch-app \
--timeout 600
- name: Run production tests
run: |
# Run comprehensive health checks
./scripts/production-health-check.sh
- name: Rollback on failure
if: failure()
run: |
# Rollback to previous task definition
aws ecs update-service \
--cluster openwatch-prod \
--service openwatch-app \
--task-definition openwatch-prod:$(($(aws ecs describe-services \
--cluster openwatch-prod \
--services openwatch-app \
--query 'services[0].taskDefinition' \
--output text | cut -d: -f7) - 1))
- name: Notify deployment status
if: always()
uses: 8398a7/action-slack@v3
with:
status: ${{ job.status }}
text: 'Production deployment ${{ job.status }}'
webhook_url: ${{ secrets.SLACK_WEBHOOK }}
fields: repo,message,commit,author,action,eventName,ref,workflow
# Open Source Container Build and Publish
build-and-publish:
name: Build and Publish Containers
runs-on: ubuntu-latest
# TEMPORARILY DISABLED: GitHub package permissions reverted, user needs to reconfigure
if: false && github.ref == 'refs/heads/main' && github.event_name == 'push'
steps:
- name: Checkout code
uses: actions/checkout@v5
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Log in to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and push backend image
uses: docker/build-push-action@v5
with:
context: .
file: ./docker/Dockerfile.backend
push: true
tags: |
ghcr.io/hanalyx/openwatch-backend:latest
ghcr.io/hanalyx/openwatch-backend:${{ github.sha }}
cache-from: type=gha
cache-to: type=gha,mode=max
- name: Build and push frontend image
uses: docker/build-push-action@v5
with:
context: .
file: ./docker/Dockerfile.frontend
push: true
tags: |
ghcr.io/hanalyx/openwatch-frontend:latest
ghcr.io/hanalyx/openwatch-frontend:${{ github.sha }}
cache-from: type=gha
cache-to: type=gha,mode=max
- name: Run health check (local)
run: |
echo "Running local health check to verify scripts..."
./scripts/production-health-check.sh --local || echo "Health check completed with warnings"
- name: Create container deployment summary
run: |
echo "## 🐳 Container Images Published" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "The following container images have been built and published:" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "- \`ghcr.io/hanalyx/openwatch-backend:latest\`" >> $GITHUB_STEP_SUMMARY
echo "- \`ghcr.io/hanalyx/openwatch-backend:${{ github.sha }}\`" >> $GITHUB_STEP_SUMMARY
echo "- \`ghcr.io/hanalyx/openwatch-frontend:latest\`" >> $GITHUB_STEP_SUMMARY
echo "- \`ghcr.io/hanalyx/openwatch-frontend:${{ github.sha }}\`" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "### 🚀 Quick Start" >> $GITHUB_STEP_SUMMARY
echo "\`\`\`bash" >> $GITHUB_STEP_SUMMARY
echo "# Pull and run the latest images" >> $GITHUB_STEP_SUMMARY
echo "docker pull ghcr.io/hanalyx/openwatch-backend:latest" >> $GITHUB_STEP_SUMMARY
echo "docker pull ghcr.io/hanalyx/openwatch-frontend:latest" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "# Use docker-compose with published images" >> $GITHUB_STEP_SUMMARY
echo "docker-compose up -d" >> $GITHUB_STEP_SUMMARY
echo "\`\`\`" >> $GITHUB_STEP_SUMMARY
# Kubernetes deployment alternative (disabled for open source)
deploy-k8s:
name: Deploy to Kubernetes
runs-on: ubuntu-latest
if: false # Enable when K8s is configured
environment: production
steps:
- name: Checkout code
uses: actions/checkout@v5
- name: Configure kubectl
uses: azure/setup-kubectl@v3
with:
version: 'latest'
- name: Set up Kustomize
uses: imranismail/setup-kustomize@v2
- name: Update Kubernetes manifests
run: |
cd k8s/overlays/production
kustomize edit set image \
backend=ghcr.io/hanalyx/openwatch-backend:${{ github.sha }} \
frontend=ghcr.io/hanalyx/openwatch-frontend:${{ github.sha }}
- name: Deploy to Kubernetes
run: |
kubectl apply -k k8s/overlays/production
kubectl rollout status deployment/openwatch-backend -n openwatch
kubectl rollout status deployment/openwatch-frontend -n openwatch