-
Notifications
You must be signed in to change notification settings - Fork 0
120 lines (119 loc) · 5.94 KB
/
deploy-to-environment.yml
File metadata and controls
120 lines (119 loc) · 5.94 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
name: Deploy to the selected environment
on:
workflow_call:
inputs:
environment:
description: Environment where to deploy the stack (dev, staging)
type: string
required: true
workflow_dispatch:
inputs:
environment:
description: Environment where to deploy the stack (dev, staging)
type: environment
required: true
jobs:
build-and-test:
name: Build and test
uses: ./.github/workflows/build-and-test.yml
secrets: inherit
deploy:
name: "Deploy to ${{ inputs.environment }}-environment"
environment: ${{ inputs.environment }}
runs-on: ubuntu-latest
needs: build-and-test
permissions:
id-token: write
contents: write
env:
DEPLOYMENT_EVENT_IDENT: users-api-deployment-${{ inputs.environment }}-${{ github.sha }}-${{ github.run_id }}-${{ github.run_number }}
IS_MVP_PRODUCTION_LIKE_DEPLOYMENT: ${{ startsWith(inputs.environment, 'mvp-') && inputs.environment != 'mvp-dev' }}
steps:
- uses: actions/setup-dotnet@v4
with:
dotnet-version: 6.0.x
- name: Install Pulumi CLI
uses: pulumi/actions@v5
- uses: actions/checkout@v4
with:
fetch-depth: 2
- uses: actions/download-artifact@v4
with:
name: Application_Artifacts
path: ./build-artifacts
- name: Configure AWS credentials
uses: Virtual-Finland-Development/infrastructure/.github/actions/configure-aws-credentials@main
with:
environment: ${{ inputs.environment }}
aws-region: ${{ secrets.AWS_REGION }}
pulumi-access-token: ${{ secrets.PULUMI_ACCESS_TOKEN }}
- name: Install Pulumi CLI
uses: pulumi/actions@v5
- name: Resolve Database identifier with Pulumi
id: get-pulumi-outputs
continue-on-error: true # Continue if db does not yet exist
working-directory: ./VirtualFinland.UsersAPI.Deployment
run: |
pulumi stack select ${{ secrets.PULUMI_ORGANIZATION }}/${{ inputs.environment }}
echo "DBIdentifier=$(pulumi stack output DBIdentifier)" >> $GITHUB_OUTPUT
echo "DBClusterIdentifier=$(pulumi stack output DBClusterIdentifier)" >> $GITHUB_OUTPUT
echo "AdminFunctionArn=$(pulumi stack output AdminFunctionArn)" >> $GITHUB_OUTPUT
echo "StackExists=true" >> $GITHUB_OUTPUT
env:
PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
- name: Resolve if deployment has database migrations
id: deployment-database-events
run: |
echo "Migrations=false" >> $GITHUB_OUTPUT
if git diff --name-only ${{ github.sha }}^ ${{ github.sha }} | grep -q "VirtualFinland.UserAPI/src/VirtualFinland.UsersAPI/Migrations/"; then
if [ "${{ steps.get-pulumi-outputs.outputs.StackExists }}" == "true" ]; then
echo "Migrations=true" >> $GITHUB_OUTPUT
fi
fi
echo "TermsOfService=false" >> $GITHUB_OUTPUT
if git diff --name-only ${{ github.sha }}^ ${{ github.sha }} | grep -q "Data/terms-of-services.json"; then
if [ "${{ steps.get-pulumi-outputs.outputs.StackExists }}" == "true" ]; then
echo "TermsOfService=true" >> $GITHUB_OUTPUT
fi
fi
- name: Create database backup snapshot on PRE-deployment
if: ${{ steps.deployment-database-events.outputs.Migrations == 'true' && !env.IS_MVP_PRODUCTION_LIKE_DEPLOYMENT }}
run: |
aws rds create-db-snapshot --db-instance-identifier ${{ steps.get-pulumi-outputs.outputs.DBIdentifier }} --db-snapshot-identifier PRE-${{ env.DEPLOYMENT_EVENT_IDENT }}
- name: Wait for the database snapshot to be ready
if: ${{ steps.deployment-database-events.outputs.Migrations == 'true' && !env.IS_MVP_PRODUCTION_LIKE_DEPLOYMENT }}
run: |
aws rds wait db-snapshot-available --db-snapshot-identifier PRE-${{ env.DEPLOYMENT_EVENT_IDENT }}
- name: Create database backup snapshot on PRE-deployment
if: ${{ steps.deployment-database-events.outputs.Migrations == 'true' && env.IS_MVP_PRODUCTION_LIKE_DEPLOYMENT }}
run: |
aws rds create-db-cluster-snapshot --db-cluster-identifier ${{ steps.get-pulumi-outputs.outputs.DBClusterIdentifier }} --db-cluster-snapshot-identifier PRE-${{ env.DEPLOYMENT_EVENT_IDENT }}
- name: Wait for the database snapshot to be ready
if: ${{ steps.deployment-database-events.outputs.Migrations == 'true' && env.IS_MVP_PRODUCTION_LIKE_DEPLOYMENT }}
run: |
aws rds wait db-cluster-snapshot-available --db-cluster-snapshot-identifier PRE-${{ env.DEPLOYMENT_EVENT_IDENT }}
- name: Deploy with Pulumi
id: pulumi-up
uses: pulumi/actions@v5
with:
work-dir: ./VirtualFinland.UsersAPI.Deployment
command: up
stack-name: ${{ secrets.PULUMI_ORGANIZATION }}/${{ inputs.environment }}
upsert: true
env:
PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
- name: Invoke database migration runner lambda call
if: ${{ steps.deployment-database-events.outputs.Migrations == 'true' }}
run: |
aws lambda invoke --payload '{"Action": "Migrate"}' --cli-binary-format raw-in-base64-out --function-name ${{ steps.get-pulumi-outputs.outputs.AdminFunctionArn }} output.json
cat output.json
- name: Invoke terms of service updater lambda call
if: ${{ steps.deployment-database-events.outputs.TermsOfService == 'true' }}
run: |
aws lambda invoke --payload '{"Action": "UpdateTermsOfService"}' --cli-binary-format raw-in-base64-out --function-name ${{ steps.get-pulumi-outputs.outputs.AdminFunctionArn }} output.json
- name: Tag the deployment
uses: Virtual-Finland-Development/automatic-release-action@v1.0
if: ${{ inputs.environment == 'staging' }}
with:
environment: ${{ inputs.environment }}
githubToken: ${{ secrets.GITHUB_TOKEN }}