Skip to content

feat: storage submission with virus scans #1677

feat: storage submission with virus scans

feat: storage submission with virus scans #1677

Workflow file for this run

name: Deploy to AWS Elastic Beanstalk
on:
push:
# There should be 7 environments in github actions secrets:
# release, release-al2, staging, staging-alt, staging-alt2, uat.
# This is different from the DEPLOY_ENV secret which corresponds to elastic beanstalk environment name.
branches:
- release
- release-al2
- staging
- staging-alt
- staging-alt2
- uat
permissions:
id-token: write
contents: read
jobs:
set_environment:
outputs:
current_env: ${{ steps.set-environment.outputs.current_env }}
runs-on: ubuntu-latest
steps:
- id: set-environment
run: echo "current_env=${{github.ref_name}}" >> $GITHUB_OUTPUT
build_deploy_application:
needs: set_environment
environment:
name: ${{ needs.set_environment.outputs.current_env }}
env:
IMAGE_TAG: github-actions-${{ github.sha }}-${{ github.run_id }}-${{github.run_attempt}}
BRANCH: ${{ needs.set_environment.outputs.current_env }}
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Setup secrets for datadog sourcemap deployment
run: |
echo "APP_VERSION=$(jq -r .version package.json)-$(echo ${GITHUB_REF##*/})-$(echo ${GITHUB_SHA} | cut -c1-8)" >> $GITHUB_ENV
- name: Inject frontend build env vars
env:
REACT_APP_DD_RUM_APP_ID: ${{ secrets.DD_RUM_APP_ID }}
REACT_APP_DD_RUM_CLIENT_TOKEN: ${{ secrets.DD_RUM_CLIENT_TOKEN }}
REACT_APP_DD_RUM_ENV: ${{ secrets.DD_ENV }}
REACT_APP_DD_SAMPLE_RATE: ${{ secrets.DD_SAMPLE_RATE }}
REACT_APP_GA_TRACKING_ID: ${{ secrets.GA_TRACKING_ID }}
REACT_APP_FORMSG_SDK_MODE: ${{ secrets.REACT_APP_FORMSG_SDK_MODE }}
REACT_APP_URL: ${{ secrets.APP_URL }}
run: |
sed -i -e "s|@REACT_APP_URL|${{secrets.APP_URL}}|g" -e "s/@REACT_APP_DD_RUM_APP_ID/$REACT_APP_DD_RUM_APP_ID/g" -e "s/@REACT_APP_DD_RUM_CLIENT_TOKEN/$REACT_APP_DD_RUM_CLIENT_TOKEN/g" -e "s/@REACT_APP_DD_RUM_ENV/$REACT_APP_DD_RUM_ENV/g" -e "s/@REACT_APP_VERSION/${{env.APP_VERSION}}/g" -e "s/@REACT_APP_DD_SAMPLE_RATE/$REACT_APP_DD_SAMPLE_RATE/g" frontend/datadog-chunk.ts
echo REACT_APP_VERSION=${{env.APP_VERSION}} > frontend/.env
echo REACT_APP_URL=$REACT_APP_URL > frontend/.env
echo REACT_APP_GA_TRACKING_ID=$REACT_APP_GA_TRACKING_ID >> frontend/.env
echo REACT_APP_FORMSG_SDK_MODE=$REACT_APP_FORMSG_SDK_MODE >> frontend/.env
echo REACT_APP_DD_RUM_CLIENT_TOKEN=$REACT_APP_DD_RUM_CLIENT_TOKEN >> frontend/.env
echo REACT_APP_DD_RUM_ENV=$REACT_APP_DD_RUM_ENV >> frontend/.env
- name: Configure AWS credentials
uses: aws-actions/[email protected]
with:
role-to-assume: ${{ secrets.AWS_CI_ROLE_TO_ASSUME }}
aws-region: ${{ secrets.AWS_DEFAULT_REGION }}
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Build docker image
uses: docker/build-push-action@v3
env:
ECR_REPO: ${{ secrets.ECR_REPO }}
DD_API_KEY: ${{ secrets.DD_API_KEY }}
DD_ENV: ${{ secrets.DD_ENV }}
with:
context: .
file: ./Dockerfile.production
push: false
load: true # Load image into local docker daemon so we can tag and push in later steps
tags: ${{env.ECR_REPO}}:${{env.IMAGE_TAG}}
build-args: |
APP_VERSION=${{env.APP_VERSION}}
APP_URL=${{secrets.APP_URL}}
REPO_URL=${{github.server_url}}/${{github.repository}}
secrets: |
"dd_api_key=${{ secrets.DD_API_KEY }}"
- name: Push image to Amazon ECR
env:
ECR_REPOSITORY: ${{ secrets.ECR_REPO }}
DD_API_KEY: ${{ secrets.DD_API_KEY }}
DD_ENV: ${{ secrets.DD_ENV }}
run: |
docker tag $ECR_REPOSITORY:$IMAGE_TAG $ECR_REPOSITORY:$BRANCH
docker push -a $ECR_REPOSITORY
sed -i -e "s/@TAG/$IMAGE_TAG/g" Dockerrun.aws.json
sed -i -e "s/@DD_API_KEY/$DD_API_KEY/g" -e "s/@DD_ENV/$DD_ENV/g" .ebextensions/99datadog-amazon-linux-2.config
zip -r "$IMAGE_TAG.zip" .ebextensions Dockerrun.aws.json
- name: Copy Image to S3
env:
BUCKET_NAME: ${{ secrets.BUCKET_NAME }}
run: |
aws s3 cp $IMAGE_TAG.zip s3://$BUCKET_NAME/$IMAGE_TAG.zip
- name: Copy Static Assets from Docker Image and Push to S3
env:
S3_STATIC_ASSETS_BUCKET_NAME: ${{ secrets.S3_STATIC_ASSETS_BUCKET_NAME }}
ECR_REPOSITORY: ${{ secrets.ECR_REPO }}
run: |
mkdir -p /tmp/s3static
chmod 777 /tmp/s3static
docker run --rm -v /tmp/s3static:/tmp/s3static $ECR_REPOSITORY:$IMAGE_TAG cp -r ./dist/frontend/. /tmp/s3static
aws s3 sync /tmp/s3static s3://$S3_STATIC_ASSETS_BUCKET_NAME
- name: Create application version
env:
BUCKET_NAME: ${{ secrets.BUCKET_NAME }}
APP_NAME: ${{ secrets.APP_NAME }}
run: |
TRUNCATED_DESC=$(echo "${{github.event.head_commit.message}}" | head -c 180)
aws elasticbeanstalk create-application-version --application-name $APP_NAME \
--version-label $IMAGE_TAG \
--source-bundle S3Bucket=$BUCKET_NAME,S3Key=$IMAGE_TAG.zip \
--description "$TRUNCATED_DESC"
- name: Update EB environment
id: update-eb-1
env:
APP_NAME: ${{ secrets.APP_NAME }}
DEPLOY_ENV: ${{ secrets.DEPLOY_ENV }}
run: |
aws elasticbeanstalk update-environment --application-name $APP_NAME \
--environment-name $DEPLOY_ENV \
--version-label $IMAGE_TAG