diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index e0a0c1153..43256e40c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -22,7 +22,7 @@ on: default: master jobs: - deploy: + package: runs-on: ubuntu-latest if: | github.event_name == 'workflow_dispatch' || @@ -36,6 +36,10 @@ jobs: PROD_DEPLOY_ROLE_ARN: ${{ vars.PROD_DEPLOY_ROLE_ARN }} DEPLOY_ENV: ${{ github.event.inputs.deploy_env || 'staging' }} + outputs: + deploy_role_arn: ${{ steps.get_role_arn.outputs.role_arn }} + short_git_sha: ${{ steps.short_git_sha.outputs.short_git_sha }} + steps: - name: Workflow details run: | @@ -49,9 +53,11 @@ jobs: ref: ${{ github.event.inputs.git_ref }} - name: Set short Git SHA + id: short_git_sha run: | SHORT_GIT_SHA=$(git rev-parse HEAD | cut -c1-7) echo "SHORT_GIT_SHA=$SHORT_GIT_SHA" >> "$GITHUB_ENV" + echo "short_git_sha=$SHORT_GIT_SHA" >> "$GITHUB_OUTPUT" echo "Git SHA: ${SHORT_GIT_SHA}" - name: Checkout deploy repository @@ -82,60 +88,19 @@ jobs: path: target/deploy.zip - name: Get deploy role ARN - id: get-role-arn + id: get_role_arn run: | role_arn_name=${DEPLOY_ENV^^}_DEPLOY_ROLE_ARN role_arn=$(eval echo \$$role_arn_name) echo "role_arn=$role_arn" >> "$GITHUB_OUTPUT" - - name: Configure AWS credentials with assume role - id: aws_credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - role-to-assume: ${{ steps.get-role-arn.outputs.role_arn }} - role-session-name: github-actions-beanstalk-session - role-duration-seconds: 1200 - role-skip-session-tagging: true - aws-region: us-west-2 - output-credentials: true - - - name: Deploy ${{ env.DEPLOY_ENV }} Backend - API - uses: einaregilsson/beanstalk-deploy@v22 - with: - aws_access_key: ${{ steps.aws_credentials.outputs.aws-access-key-id }} - aws_secret_key: ${{ steps.aws_credentials.outputs.aws-secret-access-key }} - application_name: backend - environment_name: ${{ env.DEPLOY_ENV }}-backend-api - version_label: ${{ env.SHORT_GIT_SHA }} - use_existing_version_if_available: true - region: us-west-2 - deployment_package: target/deploy.zip - wait_for_environment_recovery: 120 - - - name: Deploy ${{ env.DEPLOY_ENV }} Backend - Main Worker - uses: einaregilsson/beanstalk-deploy@v22 - with: - aws_access_key: ${{ steps.aws_credentials.outputs.aws-access-key-id }} - aws_secret_key: ${{ steps.aws_credentials.outputs.aws-secret-access-key }} - application_name: backend - environment_name: ${{ env.DEPLOY_ENV }}-backend-worker-main - version_label: ${{ env.SHORT_GIT_SHA }} - use_existing_version_if_available: true - region: us-west-2 - deployment_package: target/deploy.zip - wait_for_environment_recovery: 120 - - - name: Deploy ${{ env.DEPLOY_ENV }} Backend - Cermine Worker - uses: einaregilsson/beanstalk-deploy@v22 - with: - aws_access_key: ${{ steps.aws_credentials.outputs.aws-access-key-id }} - aws_secret_key: ${{ steps.aws_credentials.outputs.aws-secret-access-key }} - application_name: backend - environment_name: ${{ env.DEPLOY_ENV }}-backend-worker-cermine - version_label: ${{ env.SHORT_GIT_SHA }} - use_existing_version_if_available: true - region: us-west-2 - deployment_package: target/deploy.zip - wait_for_environment_recovery: 120 + deploy: + uses: researchhub/researchhub-backend/.github/workflows/deploy_eb.yml@github-workflow-reusable-deploy + needs: package + with: + deploy_env: ${{ inputs.deploy_env }} + deploy_role_arn: ${{ needs.package.outputs.deploy_role_arn }} + version: ${{ needs.package.outputs.short_git_sha }} + secrets: + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} diff --git a/.github/workflows/deploy_eb.yml b/.github/workflows/deploy_eb.yml new file mode 100644 index 000000000..14a88f508 --- /dev/null +++ b/.github/workflows/deploy_eb.yml @@ -0,0 +1,69 @@ +name: Deploy Elastic Beanstalk + +on: + workflow_call: + inputs: + deploy_env: + required: true + type: string + deploy_role_arn: + required: true + type: string + version: + required: true + type: string + secrets: + AWS_ACCESS_KEY_ID: + required: true + AWS_SECRET_ACCESS_KEY: + required: true + +jobs: + deploy: + runs-on: ubuntu-latest + + steps: + - name: Checkout application repository + uses: actions/checkout@v4 + + - name: Download deployment package + uses: actions/download-artifact@v4 + with: + name: "backend-${{ inputs.version }}" + + - name: Unpack deployment package + run: | + ls -lha + unzip deploy.zip -d target + ls -lhr ./.github/workflows + + - name: Configure AWS credentials with assume role + id: aws_credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + role-to-assume: ${{ inputs.deploy_role_arn }} + role-session-name: github-actions-beanstalk-session + role-duration-seconds: 1200 + role-skip-session-tagging: true + aws-region: us-west-2 + output-credentials: true + + - name: Testing + run: | + echo "Role: ${{ inputs.deploy_role_arn }}" + echo "Env: ${{ inputs.deploy_env }}" + echo "Version: ${{ inputs.version }}" + #- name: Deploy ${{ inputs.deploy_env }} Backend - API + # uses: einaregilsson/beanstalk-deploy@v22 + # with: + # aws_access_key: ${{ steps.aws_credentials.outputs.aws-access-key-id }} + # aws_secret_key: ${{ steps.aws_credentials.outputs.aws-secret-access-key }} + # application_name: backend + # environment_name: ${{ inputs.deploy_env }}-backend-api + # version_label: ${{ inputs.version }} + # use_existing_version_if_available: true + # region: us-west-2 + # deployment_package: target/deploy.zip + # wait_for_environment_recovery: 120