forked from fossgis-routing-server/osrm-frontend
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feature: deployment to aws and profile switcher
- Loading branch information
1 parent
aab6ac3
commit ff7c4de
Showing
32 changed files
with
2,068 additions
and
11,361 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
files: | ||
/home/ec2-user/.ssh/extra_authorized_keys: | ||
mode: "000400" | ||
owner: ec2-user | ||
group: ec2-user | ||
content: | | ||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH1+VZgAMiuz7Z31FMbemWLowmG7qgsDCLfh5zp3iWLY wemap-devops | ||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCsxx31EqpdWNmwqZCj9CCGy2vaKwFAHjpG2CYnK5o8Jsjxq3XQq8z2UEUQ/2uRDJmKwcGpx7L3jo8Mg8Az8c4MM3kpOR6y5qgrMGCOXVdhtOPFZ41QFVSR59wKVt6Y22SBUXddQBeClc4nANfzs9Cq9wFfI91ksyk78tUtcg7o2r23fkyKDzGPl9AF7r7HDmZ6Y3MMzAexoAFGiME6R7SJO4qo0z/1/mRc5Mex806tr8fF3fAM9U/7+v+JOb5ekAn3osiXMXBmV/AaUVWUltWyOpUtSrMU+ccdxHBlNYC6uRsRACVuhQyrVD2aBD85NA6PIXT67P+jyiKczfliSfD9jjZlseBbZgA2eNp6mJTnOIuYzhuI73P7Ne6sUJr5lghdAokrItHspvtbjCwX67tqvpEUY4PBWsDaW7ZGeICOLMTStBTliy7mc9WbxFFUe1KDDryog0i4sikJz1VZ2/bOywUwIgpHM3ZiiJ4vB3eJSINo1crDbfMTLimbBroaehFwSikeg2Nm70yo/u2wWCfGElB/cpzhAM1+e72iO1NP8O+vM/blF7bNFWMA0etEOUputMB+I0lOxYLZ4460rVV23f/2/XDvVkYsLCOfU/8quYvyKsChmcmIdbAupdfHcCgSAODWPWE+foO522kLrn4dWbLgy1QJUrDIoTQ4NAEtnQ== [email protected] | ||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCnFyXbf6LhJYJia27suj2p52ueZTgPfMSaWiRNNfN5mnLJK1L1gvkIBQDzWyv5aHZd1YbmBopN9G+RZiEOEhghDJRzzENGsTYXiLJIOjd9P9enXf3XdvEvhcScJcnCr5+j/tKVY4awTD/G2LRD0FHUEYz7mI2pCaklmOYz5snjV9N86P1Z7NhgmA36bpTN5DppbfN9Zs/UAW0gVa76mzzt7uUQi7MY5appC9JhQV9WEbjf9U4eteglTPwH70lhm9v3o5K+/uj1p6h/2yl3ZNk5bBKq+91J8mggmE5h2vSOElQB78ISgtviGhohJbLKLoRTLzev52+rj1NzP0gAzxKQ8iUt1IAekfSrRSASBLxqT0eRIwUDjYPxXWm5Ddm03UUQmnKo6hLHsyqHRIKwfOEKfv6uPkH9J0hqBKaIsXBNpQOb/3ynOAFRPhpX8tXfJxM2ioJgB8JWTs5UEoELmCAMA8c3PAcg1WODaOctY1H/FMJvWJEHQ6Cc4e2bLYc3HqM= adrian@getwemap | ||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQClrda9Jv2vqqg2OCk7zLYX/pYZtPEISP53b6fthjUanE4q4uEEGU029ySqfQReqlEjcbiS+N9Gn42utNUU1cS0CCpxJYGxCielfCtsoI/5jjGwwA5oPcPyFeeM5ioCHfWUIrM1ZFc7XKrhKLpxvfFmSt8q7tHvLx7Nlf+ZG6rne0H+k477BIwD2lubjwYkLeomrj6MvYB5i9PxNSgALL+KiP5eScewK6Vxwrf0zuRsqHo5nIFu/kf+mebOXKW5rP28RNSVMqJtOGohgURkhr4QP7pb26qm9gmqHj3l5ddZem2vfGTHVtAIDXxKgaXvP20l+NIhOAuWUDdclBcTIX13 [email protected] | ||
commands: | ||
01_append_keys: | ||
cwd: /home/ec2-user/.ssh/ | ||
command: sort -u extra_authorized_keys authorized_keys -o authorized_keys | ||
99_rm_extra_keys: | ||
cwd: /home/ec2-user/.ssh/ | ||
command: rm extra_authorized_keys |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
deploy: | ||
artifact: wemap-osrm-frontend-artifact.zip | ||
global: | ||
application_name: wemap-osrm-frontend | ||
default_region: eu-west-1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,104 @@ | ||
name: CI/CD | ||
|
||
on: [push] | ||
|
||
################################## | ||
# Global environment variables # | ||
################################## | ||
env: | ||
AWS_OWNER_ACCOUNT_ID: ${{ secrets.AWS_OWNER_ACCOUNT_ID }} | ||
SLACK_HOOK_URL: ${{ secrets.SLACK_HOOK_URL }} | ||
CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }} | ||
EB_APP_NAME: wemap-osrm-frontend | ||
|
||
permissions: | ||
id-token: write | ||
contents: read | ||
|
||
jobs: | ||
|
||
deploy: | ||
if: | | ||
startsWith(github.ref_name, 'dev-') || | ||
startsWith(github.ref_name, 'prod-') | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: actions/checkout@v3 | ||
|
||
- name: Configure AWS Credentials | ||
uses: aws-actions/configure-aws-credentials@v2 | ||
with: | ||
role-to-assume: arn:aws:iam::${{secrets.AWS_OWNER_ACCOUNT_ID}}:role/wemap-osrm-frontend | ||
role-session-name: wemap-osrm-frontend | ||
aws-region: eu-west-1 | ||
|
||
- name: Install eb cli | ||
run: | | ||
pip install awsebcli --upgrade | ||
echo "PATH=$PATH:/.local/bin" >> $GITHUB_ENV | ||
- name: Setup Terragrunt | ||
uses: autero1/[email protected] | ||
with: | ||
terragrunt_version: 0.45.15 | ||
|
||
- name: Update infra | ||
env: | ||
CLOUDFLARE_DEV_ZONE_ID: ${{ secrets.CLOUDFLARE_DEV_ZONE_ID }} | ||
CLOUDFLARE_PROD_ZONE_ID: ${{ secrets.CLOUDFLARE_PROD_ZONE_ID }} | ||
ENVIRONMENT: ${{ github.ref_name }} | ||
run: | | ||
mkdir -p ~/.ssh; chmod go-rwx ~/.ssh | ||
ssh-keyscan github.com >> ~/.ssh/known_hosts | ||
eval `ssh-agent -s` | ||
ssh-add - <<< '${{ secrets.SSH_KEY_GITHUB_ACTIONS }}' | ||
cd infra/terraform | ||
./manage_infra.sh --deploy | ||
- name: Deploy to app to eb environment | ||
env: | ||
ENVIRONMENT: ${{ github.ref_name }} | ||
run: | | ||
zip -r $EB_APP_NAME-artifact.zip . --symlinks --exclude ".github/*" ".vscode/*" "act/*" "infra/*" ".git/*" "settings/*" | ||
eb deploy $EB_APP_NAME-$ENVIRONMENT --nohang | ||
notify: | ||
needs: | ||
- deploy | ||
if: | | ||
always() && | ||
(needs.deploy.result == 'success' || needs.deploy.result == 'failure') | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: actions/checkout@v3 | ||
- name: Define branch and notification msg | ||
if: always() | ||
env: | ||
WORKFLOW_STATUS: ${{ job.status }} ${{ needs.deploy.result }} | ||
run: | | ||
if [[ "${{ github.ref_name }}" == *"prod"* ]]; then | ||
echo "CHANNEL_TAG=<!channel>" >> $GITHUB_ENV | ||
echo "SLACK_MSG="$(echo ${{ github.ref_name }} | cut -d "-" -f2-) profile has been deployed to PRODUCTION :rocket:"" >> $GITHUB_ENV | ||
elif [[ ${{ github.ref_name }} == *"dev"* ]]; then | ||
echo "ENVIRONMENT=DEVELOP" >> $GITHUB_ENV | ||
echo "SLACK_MSG="$(echo ${{ github.ref_name }} | cut -d "-" -f2-) profile has been deployed to DEVELOP :rocket:"" >> $GITHUB_ENV | ||
fi | ||
echo "WORKFLOW_STATUS=success" >> $GITHUB_ENV | ||
if ${{ contains(env.WORKFLOW_STATUS, 'failure') }}; then | ||
echo "WORKFLOW_STATUS=failure" >> $GITHUB_ENV | ||
echo "SLACK_MSG= unable to deployed profile ${{ github.ref_name }} :x:" >> $GITHUB_ENV | ||
fi | ||
- name: Slack Notification | ||
if: always() | ||
uses: rtCamp/action-slack-notify@v2 | ||
env: | ||
SLACK_CHANNEL: deployments | ||
SLACK_COLOR: ${{ env.WORKFLOW_STATUS }} | ||
SLACK_ICON: https://s3-us-west-2.amazonaws.com/slack-files2/avatars/2022-10-11/4204602550962_14433d2bdcb7fb385ad2_72.png | ||
SLACL_LINK_NAMES: true | ||
SLACK_MESSAGE: "${{ env.CHANNEL_TAG }} ${{ github.event.head_commit.message }}" | ||
SLACK_TITLE: ${{ env.EB_APP_NAME }} pipeline ${{ env.WORKFLOW_STATUS }} ! ${{ env.SLACK_MSG }} | ||
SLACK_FOOTER: "Wemap notification system :love-wemap:" | ||
SLACK_USERNAME: Wemap-sentinel | ||
SLACK_WEBHOOK: ${{ secrets.SLACK_HOOK_URL }} |
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
AWS_DEFAULT_REGION="" | ||
AWS_ACCESS_KEY_ID="" | ||
AWS_SECRET_ACCESS_KEY="" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,104 @@ | ||
name: CI/CD | ||
|
||
on: [push] | ||
|
||
################################## | ||
# Global environment variables # | ||
################################## | ||
env: | ||
AWS_OWNER_ACCOUNT_ID: ${{ secrets.AWS_OWNER_ACCOUNT_ID }} | ||
SLACK_HOOK_URL: ${{ secrets.SLACK_HOOK_URL }} | ||
CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }} | ||
EB_APP_NAME: wemap-osrm-frontend | ||
|
||
permissions: | ||
id-token: write | ||
contents: read | ||
|
||
jobs: | ||
|
||
deploy: | ||
if: | | ||
startsWith(github.ref_name, 'dev-') || | ||
startsWith(github.ref_name, 'prod-') | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: actions/checkout@v3 | ||
|
||
# - name: Configure AWS Credentials | ||
# uses: aws-actions/configure-aws-credentials@v2 | ||
# with: | ||
# role-to-assume: arn:aws:iam::${{secrets.AWS_OWNER_ACCOUNT_ID}}:role/wemap-osrm-backend | ||
# role-session-name: wemap-osrm-backend | ||
# aws-region: eu-west-1 | ||
|
||
- name: Install eb cli | ||
run: | | ||
pip install awsebcli --upgrade | ||
echo "PATH=$PATH:/.local/bin" >> $GITHUB_ENV | ||
- name: Setup Terragrunt | ||
uses: autero1/[email protected] | ||
with: | ||
terragrunt_version: 0.45.15 | ||
|
||
- name: Update infra | ||
env: | ||
CLOUDFLARE_DEV_ZONE_ID: ${{ secrets.CLOUDFLARE_DEV_ZONE_ID }} | ||
CLOUDFLARE_PROD_ZONE_ID: ${{ secrets.CLOUDFLARE_PROD_ZONE_ID }} | ||
ENVIRONMENT: ${{ github.ref_name }} | ||
run: | | ||
mkdir -p ~/.ssh; chmod go-rwx ~/.ssh | ||
ssh-keyscan github.com >> ~/.ssh/known_hosts | ||
eval `ssh-agent -s` | ||
ssh-add - <<< '${{ secrets.SSH_KEY_GITHUB_ACTIONS }}' | ||
cd infra/terraform | ||
./manage_infra.sh --deploy | ||
- name: Deploy to app to eb environment | ||
env: | ||
ENVIRONMENT: ${{ github.ref_name }} | ||
run: | | ||
zip -r $EB_APP_NAME-artifact.zip . --symlinks --exclude ".github/*" ".vscode/*" "act/*" "infra/*" ".git/*" "settings/*" | ||
eb deploy $EB_APP_NAME-$ENVIRONMENT --nohang | ||
notify: | ||
needs: | ||
- deploy | ||
if: | | ||
always() && | ||
(needs.deploy.result == 'success' || needs.deploy.result == 'failure') | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: actions/checkout@v3 | ||
- name: Define branch and notification msg | ||
if: always() | ||
env: | ||
WORKFLOW_STATUS: ${{ job.status }} ${{ needs.deploy.result }} | ||
run: | | ||
if [[ "${{ github.ref_name }}" == *"prod"* ]]; then | ||
echo "CHANNEL_TAG=<!channel>" >> $GITHUB_ENV | ||
echo "SLACK_MSG="$(echo ${{ github.ref_name }} | cut -d "-" -f2-) profile has been deployed to PRODUCTION :rocket:"" >> $GITHUB_ENV | ||
elif [[ ${{ github.ref_name }} == *"dev"* ]]; then | ||
echo "ENVIRONMENT=DEVELOP" >> $GITHUB_ENV | ||
echo "SLACK_MSG="$(echo ${{ github.ref_name }} | cut -d "-" -f2-) profile has been deployed to DEVELOP :rocket:"" >> $GITHUB_ENV | ||
fi | ||
echo "WORKFLOW_STATUS=success" >> $GITHUB_ENV | ||
if ${{ contains(env.WORKFLOW_STATUS, 'failure') }}; then | ||
echo "WORKFLOW_STATUS=failure" >> $GITHUB_ENV | ||
echo "SLACK_MSG= unable to deployed profile ${{ github.ref_name }} :x:" >> $GITHUB_ENV | ||
fi | ||
- name: Slack Notification | ||
if: always() | ||
uses: rtCamp/action-slack-notify@v2 | ||
env: | ||
SLACK_CHANNEL: deployments-testing | ||
SLACK_COLOR: ${{ env.WORKFLOW_STATUS }} | ||
SLACK_ICON: https://s3-us-west-2.amazonaws.com/slack-files2/avatars/2022-10-11/4204602550962_14433d2bdcb7fb385ad2_72.png | ||
SLACL_LINK_NAMES: true | ||
SLACK_MESSAGE: "${{ env.CHANNEL_TAG }} ${{ github.event.head_commit.message }}" | ||
SLACK_TITLE: ${{ env.EB_APP_NAME }} pipeline ${{ env.WORKFLOW_STATUS }} ! ${{ env.SLACK_MSG }} | ||
SLACK_FOOTER: "Wemap notification system :love-wemap:" | ||
SLACK_USERNAME: Wemap-sentinel | ||
SLACK_WEBHOOK: ${{ secrets.SLACK_HOOK_URL }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
BRANCH="$1" | ||
AWS_DEFAULT_REGION="eu-west-1" | ||
SECRET_FILE_PATH=act/secrets/.github-actions.conf | ||
ENV_FILE_PATH="act/.env" | ||
EVENT_PATH="act/event_payload.json" | ||
PLATFORM_VERSION="3bcb267" | ||
PLATFORM="028996598430.dkr.ecr.eu-west-1.amazonaws.com/wemap-github-runner:$PLATFORM_VERSION" | ||
|
||
aws ecr get-login-password --region $AWS_DEFAULT_REGION | docker login --username AWS --password-stdin $PLATFORM | ||
SSH_KEY_GITHUB_ACTIONS="$(cat ~/.ssh/DeployKeys/infra-delivery/github_actions_terraform)" | ||
|
||
|
||
cat <<EOT > act/event_payload.json | ||
{ | ||
"ref": "refs/heads/$BRANCH", | ||
"ref_name": "$BRANCH", | ||
"head_commit": { | ||
"id": "commit_id", | ||
"message": "commit message", | ||
"author": { | ||
"name": "Author Name", | ||
"email": "[email protected]" | ||
} | ||
} | ||
} | ||
EOT | ||
|
||
act -P ubuntu-latest=$PLATFORM --secret-file $SECRET_FILE_PATH \ | ||
--eventpath $EVENT_PATH \ | ||
--env-file $ENV_FILE_PATH \ | ||
--workflows ./act/.github/workflows/ci_cd.yml \ | ||
--secret SSH_KEY_GITHUB_ACTIONS="$SSH_KEY_GITHUB_ACTIONS" \ | ||
--container-architecture linux/amd64 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
NPM_TOKEN="" | ||
SLACK_HOOK_URL="" | ||
CLOUDFLARE_API_TOKEN="" | ||
CLOUDFLARE_DEV_ZONE_ID="" | ||
CLOUDFLARE_PROD_ZONE_ID="" |
Large diffs are not rendered by default.
Oops, something went wrong.
Oops, something went wrong.