Update zero.ts #350
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and Deploy Sandbox Zero-Cache AWS SST | |
| on: | |
| push: | |
| branches: [sandbox] | |
| env: | |
| # Setting an environment variable with the value of a configuration variable | |
| ECR_IMAGE_ZERO_CACHE: zero-zbugs-sandbox | |
| AWS_DEFAULT_REGION: ${{ vars.AWS_DEFAULT_REGION }} | |
| jobs: | |
| deploy: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v3 | |
| - name: Set up Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 20 | |
| cache: 'npm' | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v2 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: ${{ vars.AWS_DEFAULT_REGION }} | |
| - name: Set up QEMU for amd64 | |
| run: | | |
| docker run --rm --privileged multiarch/qemu-user-static --reset -p yes | |
| if: runner.os == 'Linux' | |
| - name: Set up Docker for amd64 | |
| uses: docker/setup-qemu-action@v2 | |
| with: | |
| platforms: linux/amd64 | |
| - name: Set up Docker | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Login to Amazon ECR | |
| run: | | |
| aws ecr get-login-password --region $AWS_DEFAULT_REGION | docker login --username AWS --password-stdin ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com | |
| - name: Install dependencies | |
| run: | | |
| npm run build-ci | |
| - name: Get Git SHA | |
| id: git-sha | |
| run: echo "SHA=$(git rev-parse --short HEAD)" >> $GITHUB_ENV | |
| - name: Create package tarball | |
| run: | | |
| cd packages/zero | |
| npm pack | |
| ZERO_TARBALL="$(ls rocicorp-zero-*.tgz | xargs -- basename -s .tgz)+${{ env.SHA }}.tgz" | |
| mv rocicorp-zero-*.tgz ./pkgs/$ZERO_TARBALL | |
| echo "ZERO_VERSION=$ZERO_TARBALL" >> $GITHUB_ENV | |
| - name: Build and push Docker image | |
| run: | | |
| cd packages/zero | |
| docker buildx create --use | |
| docker buildx inspect --bootstrap | |
| docker buildx build --platform linux/amd64 --build-arg ZERO_VERSION=${{ env.ZERO_VERSION }} -t ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$ECR_IMAGE_ZERO_CACHE:${{ env.SHA }} -f ./Dockerfile --push . | |
| - name: Deploy SST app | |
| env: | |
| ZERO_UPSTREAM_DB: ${{ secrets.SANDBOX_ZERO_UPSTREAM_DB }} | |
| ZERO_CVR_DB: ${{ secrets.SANDBOX_ZERO_CVR_DB }} | |
| ZERO_CHANGE_DB: ${{ secrets.SANDBOX_ZERO_CHANGE_DB }} | |
| ZERO_AUTH_SECRET: ${{ secrets.SANDBOX_ZERO_JWT_SECRET }} | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| AWS_REGION: ${{ vars.AWS_DEFAULT_REGION }} | |
| AWS_ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID }} | |
| ZERO_IMAGE_URL: ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ vars.AWS_DEFAULT_REGION }}.amazonaws.com/${{ env.ECR_IMAGE_ZERO_CACHE }}:${{ env.SHA }} | |
| DOMAIN_NAME: 'zbugs-sync-sandbox.rocicorp.dev' | |
| DOMAIN_CERT: ${{ vars.SANDBOX_CERTIFICATE_ARN }} | |
| run: | | |
| cd prod/sst | |
| # The permissions.deployer function's package.json is configured to install | |
| # "@rocicorp/zero" from "file:rocicorp-zero.tgz". This allows us to deploy | |
| # permissions with the same code that the view-syncer is running. | |
| cp ../../packages/zero/pkgs/${{ env.ZERO_VERSION }} ./rocicorp-zero.tgz | |
| npm install | |
| npx sst deploy --stage sandbox |