Merge pull request #374 from TheTechCompany/staging #52
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: HiveCommand Infrastructure | |
| on: | |
| push: | |
| branches: | |
| # - staging | |
| - master | |
| paths: ["packages/app/hivecommand-backend/**", "packages/network/**", "packages/infrastructure/main/**"] | |
| concurrency: hivecommand-infra-${{ github.ref }} | |
| jobs: | |
| build_server: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: checkout | |
| uses: actions/checkout@v2 | |
| - name: Docker meta | |
| id: meta | |
| uses: docker/metadata-action@v3 | |
| with: | |
| # list of Docker images to use as base name for tags | |
| images: | | |
| thetechcompany/hivecommand-backend | |
| # generate Docker tags based on the following events/attributes | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=pr | |
| type=semver,pattern={{version}} | |
| type=semver,pattern={{major}}.{{minor}} | |
| type=semver,pattern={{major}} | |
| type=sha | |
| - name: Setup QEMU | |
| uses: docker/setup-qemu-action@v1 | |
| - name: Setup docker buildx | |
| uses: docker/setup-buildx-action@v1 | |
| - name: Login to dockerhub | |
| uses: docker/login-action@v1 | |
| with: | |
| username: ${{ secrets.DOCKER_USERNAME }} | |
| password: ${{ secrets.DOCKER_TOKEN }} | |
| - name: Build and push | |
| id: docker_build | |
| uses: docker/build-push-action@v2 | |
| with: | |
| context: . | |
| file: ./packages/app/hivecommand-backend/Dockerfile | |
| push: ${{ github.event_name != 'pull_request' }} | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| build-args: | | |
| BUILD_ENV=github | |
| - name: Image digest | |
| run: echo ${{ steps.docker_build.outputs.digest }} | |
| build_gds: | |
| runs-on: ubuntu-latest | |
| env: | |
| JWT_SECRET: ${{ secrets.JWT_SECRET }} | |
| steps: | |
| - name: checkout | |
| uses: actions/checkout@v2 | |
| - name: Docker meta | |
| id: meta | |
| uses: docker/metadata-action@v3 | |
| with: | |
| # list of Docker images to use as base name for tags | |
| images: | | |
| thetechcompany/hive-command-gds | |
| # generate Docker tags based on the following events/attributes | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=pr | |
| type=semver,pattern={{version}} | |
| type=semver,pattern={{major}}.{{minor}} | |
| type=semver,pattern={{major}} | |
| type=sha | |
| - name: Setup QEMU | |
| uses: docker/setup-qemu-action@v1 | |
| - name: Setup docker buildx | |
| uses: docker/setup-buildx-action@v1 | |
| - name: Login to dockerhub | |
| uses: docker/login-action@v1 | |
| with: | |
| username: ${{ secrets.DOCKER_USERNAME }} | |
| password: ${{ secrets.DOCKER_TOKEN }} | |
| - name: Build and push | |
| id: docker_build | |
| uses: docker/build-push-action@v2 | |
| with: | |
| context: ./ | |
| file: ./packages/network/global-discovery-network/Dockerfile | |
| push: ${{ github.event_name != 'pull_request' }} | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| build-args: | | |
| BUILD_ENV=github | |
| - name: Image digest | |
| run: echo ${{ steps.docker_build.outputs.digest }} | |
| push_infra: | |
| name: Update Pulumi Infra | |
| runs-on: ubuntu-latest | |
| needs: [build_server, build_gds] | |
| env: | |
| COMMAND_MONGO_URL: ${{ secrets.COMMAND_MONGO_URL }} | |
| COMMAND_MONGO_DB: ${{ secrets.COMMAND_MONGO_DB }} | |
| COMMAND_MONGO_USER: ${{ secrets.COMMAND_MONGO_USER }} | |
| COMMAND_MONGO_PASS: ${{ secrets.COMMAND_MONGO_PASS }} | |
| COMMAND_MONGO_AUTH_DB: ${{ secrets.COMMAND_MONGO_AUTH_DB }} | |
| RABBIT_URL: ${{ secrets.RABBIT_URL }} | |
| TIMESERIES_HOST: ${{ secrets.TIMESERIES_HOST }} | |
| TIMESERIES_PASSWORD: ${{ secrets.TIMESERIES_PASSWORD }} | |
| JWT_SECRET: ${{ secrets.JWT_SECRET }} | |
| steps: | |
| - name: checkout | |
| uses: actions/checkout@v2 | |
| - uses: actions/setup-node@v2 | |
| with: | |
| node-version: 16.x | |
| - run: echo "IMAGE_TAG=sha-$(echo $GITHUB_SHA | cut -c1-7)" >> $GITHUB_ENV | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v2 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-region: ap-southeast-2 | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| - run: yarn install --frozen-lockfile | |
| - name: Setup stack | |
| run: | | |
| echo "STACK_NAME=ultraviolet/hivecommand-staging" >> $GITHUB_ENV | |
| echo "HEXHIVE_API_KEY=${{ secrets.STAGING_SYNC_KEY }}" >> $GITHUB_ENV | |
| echo "HEXHIVE_API_URL=${{ secrets.STAGING_API_URL }}" >> $GITHUB_ENV | |
| if: ${{ github.ref == 'refs/heads/staging' }} | |
| - name: Setup stack | |
| run: | | |
| echo "STACK_NAME=ultraviolet/hivecommand-next" >> $GITHUB_ENV | |
| echo "HEXHIVE_API_KEY=${{ secrets.STAGING_SYNC_KEY }}" >> $GITHUB_ENV | |
| echo "HEXHIVE_API_URL=${{ secrets.STAGING_API_URL }}" >> $GITHUB_ENV | |
| if: ${{ github.ref == 'refs/heads/next' }} | |
| - name: Setup stack | |
| run: | | |
| echo "STACK_NAME=ultraviolet/hivecommand-prod" >> $GITHUB_ENV | |
| echo "HEXHIVE_API_KEY=${{ secrets.PROD_SYNC_KEY }}" >> $GITHUB_ENV | |
| echo "HEXHIVE_API_URL=${{ secrets.PROD_API_URL }}" >> $GITHUB_ENV | |
| if: ${{ github.ref == 'refs/heads/master' }} | |
| - name: Update infrastructure | |
| uses: pulumi/actions@v3 | |
| if: ${{ github.ref == 'refs/heads/staging' }} | |
| with: | |
| command: up | |
| stack-name: ${{env.STACK_NAME}} | |
| work-dir: ./packages/infrastructure/main | |
| env: | |
| STAGING_SYNC_OVPN: ${{ secrets.STAGING_SYNC_OVPN }} | |
| HEXHIVE_API_KEY: ${{ env.HEXHIVE_API_KEY }} | |
| HEXHIVE_API_URL: ${{ env.HEXHIVE_API_URL }} | |
| PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} | |
| - name: Update infrastructure | |
| uses: pulumi/actions@v3 | |
| if: ${{ github.ref == 'refs/heads/master' }} | |
| with: | |
| command: up | |
| stack-name: ${{env.STACK_NAME}} | |
| work-dir: ./packages/infrastructure/main | |
| env: | |
| IOT_USER: ${{ secrets.IOT_USER }} | |
| IOT_PASS: ${{ secrets.IOT_PASS }} | |
| IOT_EXCHANGE: ${{ secrets.IOT_EXCHANGE }} | |
| IOT_SECRET: ${{ secrets.IOT_SECRET }} | |
| PROD_SYNC_OVPN: ${{ secrets.PROD_SYNC_OVPN }} | |
| HEXHIVE_API_KEY: ${{ env.HEXHIVE_API_KEY }} | |
| HEXHIVE_API_URL: ${{ env.HEXHIVE_API_URL }} | |
| PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} | |
| deploy-db: | |
| name: Deploy DB Migration | |
| runs-on: ubuntu-latest | |
| needs: [build_gds, build_server] | |
| env: | |
| PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} | |
| steps: | |
| - uses: actions/checkout@v2 | |
| - uses: actions/setup-node@v2 | |
| with: | |
| node-version: 16.x | |
| - name: Install Pulumi CLI | |
| uses: pulumi/setup-pulumi@v2 | |
| - run: pulumi stack select ultraviolet/hivecommand-staging | |
| working-directory: ./packages/infrastructure/main | |
| - run: mkdir ~/.kube/ | |
| - name: Setup DB stack | |
| run: | | |
| echo "DB_NAME=ultraviolet/hexhive-db/db-staging" >> $GITHUB_ENV | |
| echo "NAMESPACE=db-staging" >> $GITHUB_ENV | |
| if: ${{ github.ref == 'refs/heads/staging' }} | |
| - name: Setup stack | |
| run: | | |
| echo "DB_NAME=ultraviolet/hexhive-db/db-prod" >> $GITHUB_ENV | |
| echo "NAMESPACE=db-prod" >> $GITHUB_ENV | |
| if: ${{ github.ref == 'refs/heads/next' }} | |
| - name: Setup stack | |
| run: | | |
| echo "DB_NAME=ultraviolet/hexhive-db/db-prod" >> $GITHUB_ENV | |
| echo "NAMESPACE=db-prod" >> $GITHUB_ENV | |
| if: ${{ github.ref == 'refs/heads/master' }} | |
| - run: pulumi stack -s ultraviolet/base-infrastructure/prod output k3sconfig > ~/.kube/config | |
| working-directory: ./packages/infrastructure/main | |
| id: kube_config | |
| - run: echo "::set-output name=postgres::$(pulumi stack -s ${{env.DB_NAME}} output timeseries_name)" | |
| working-directory: ./packages/infrastructure/main | |
| id: postgres_url | |
| - run: echo "::set-output name=pass::$(pulumi stack -s ${{env.DB_NAME}} output postgres_pass )" | |
| working-directory: ./packages/infrastructure/main | |
| id: postgres_pass | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v2 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-region: ap-southeast-2 | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| - uses: azure/[email protected] | |
| with: | |
| version: "v1.23.5" | |
| # - run: aws eks update-kubeconfig --name hexhive-cluster-eksCluster-506b63f | |
| - run: kubectl -n ${{ env.NAMESPACE }} port-forward service/${{ steps.postgres_url.outputs.postgres }} 5432:5432 & | |
| - run: sleep 30s | |
| - run: npx prisma migrate deploy | |
| env: | |
| DATABASE_URL: postgresql://postgres:${{ steps.postgres_pass.outputs.pass }}@localhost:5432/hivecommand | |
| working-directory: ./packages/core/command-data/ |