Deploy to production #587
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy to production | |
| on: | |
| workflow_dispatch: # allows manual triggering | |
| schedule: | |
| - cron: '0 4 * * *' # runs daily at 00:00 | |
| jobs: | |
| test: | |
| name: Unit tests | |
| runs-on: ubuntu-20.04 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: main | |
| - name: Set up Python 3.x | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: '3.11' | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: '20' | |
| - name: Unit tests | |
| run: | | |
| python3 -m venv venv | |
| source venv/bin/activate | |
| pip install --upgrade pip | |
| pip install -r requirements_for_test.txt | |
| export DB_SECRET="{'dbClusterIdentifier':'none','password':'secret','dbname':'accessibility_monitoring_app','engine':'postgres','port':5432,'host':'localhost','username':'admin'}" | |
| export DB_NAME=bucket-name | |
| export ALLOWED_HOSTS='localhost 127.0.0.1 0.0.0.0' | |
| export SECRET_KEY=1234 | |
| export DEBUG=TRUE | |
| npm i | |
| make static_files_process | |
| make test | |
| int-test: | |
| needs: test | |
| name: Integration tests | |
| runs-on: ubuntu-20.04 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: main | |
| - name: Set up Python 3.x | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: '3.11' | |
| - name: Integration tests | |
| run: | | |
| cd stack_tests/integration_tests | |
| docker compose up --abort-on-container-exit | |
| deploy: | |
| needs: int-test | |
| name: Deploy to AWS | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: main | |
| - name: Install AWS Copilot | |
| run: | | |
| mkdir -p $GITHUB_WORKSPACE/bin | |
| # download copilot | |
| # curl -Lo copilot https://github.com/aws/copilot-cli/releases/latest/download/copilot-linux && chmod +x copilot && sudo mv copilot /usr/local/bin/copilot && copilot --help | |
| curl -Lo copilot-linux https://github.com/aws/copilot-cli/releases/latest/download/copilot-linux && \ | |
| # make copilot bin executable | |
| sudo chmod +x copilot-linux && \ | |
| # move to path | |
| sudo mv copilot-linux $GITHUB_WORKSPACE/bin/copilot && \ | |
| # add to PATH | |
| echo "$GITHUB_WORKSPACE/bin" >> $GITHUB_PATH | |
| - name: Install AWS session manager | |
| run: | | |
| curl "https://s3.amazonaws.com/session-manager-downloads/plugin/latest/ubuntu_64bit/session-manager-plugin.deb" -o "session-manager-plugin.deb" | |
| sudo dpkg -i session-manager-plugin.deb | |
| - name: Backup databases | |
| run: | | |
| copilot svc exec -a ampapp -e prodenv -n amp-svc --command "python aws_tools/dump_rds_to_s3_as_sql.py" && \ | |
| sleep 30 && \ | |
| aws s3 sync s3://ampapp-prodenv-addonsstack-yu-reportstoragebucket-18zkdeyu0it3u/ s3://amp-aurora-backup-prod/ | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID_COPILOT }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY_COPILOT }} | |
| AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION_COPILOT }} | |
| - name: Staging tests | |
| run: | | |
| aws s3 sync s3://ampapp-prodenv-addonsstack-yu-reportstoragebucket-18zkdeyu0it3u/ s3://ampapp-stageenv-addonsstack-u-reportstoragebucket-hms911jlrqzu/ && \ | |
| copilot svc exec -a ampapp -e stageenv -n amp-svc --command "python aws_tools/reset_staging_db.py" && \ | |
| copilot svc deploy --name viewer-svc --env stageenv && \ | |
| copilot svc deploy --name amp-svc --env stageenv && \ | |
| docker compose --file stack_tests/smoke_tests/staging-platform.docker-compose.yml up --abort-on-container-exit && \ | |
| docker compose --file stack_tests/smoke_tests_viewer/staging-viewer.docker-compose.yml up --abort-on-container-exit | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID_COPILOT }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY_COPILOT }} | |
| AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION_COPILOT }} | |
| SMOKE_TESTS_USERNAME: ${{ secrets.SMOKE_TESTS_USERNAME }} | |
| SMOKE_TESTS_PASSWORD: ${{ secrets.SMOKE_TESTS_PASSWORD }} | |
| - name: Deploy to AWS | |
| run: | | |
| copilot svc deploy --name viewer-svc --env prodenv && \ | |
| copilot svc deploy --name amp-svc --env prodenv | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID_COPILOT }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY_COPILOT }} | |
| AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION_COPILOT }} | |
| - name: Smoke tests | |
| run: | | |
| cd stack_tests/smoke_tests | |
| docker compose up --abort-on-container-exit | |
| cd ../smoke_tests_viewer | |
| docker compose up --abort-on-container-exit | |
| env: | |
| SMOKE_TESTS_USERNAME: ${{ secrets.SMOKE_TESTS_USERNAME }} | |
| SMOKE_TESTS_PASSWORD: ${{ secrets.SMOKE_TESTS_PASSWORD }} |