Skip to content

Merge pull request #805 from fermyon/karenhchu-patch-5 #322

Merge pull request #805 from fermyon/karenhchu-patch-5

Merge pull request #805 from fermyon/karenhchu-patch-5 #322

Workflow file for this run

name: Deploy Developer Docs
on:
push:
branches:
- 'main'
workflow_dispatch:
inputs:
ref:
description: 'Git ref to deploy from (refs/tags/v* for tag)'
default: 'refs/heads/main'
commit:
description: 'Commit SHA to deploy from (optional)'
environment:
type: choice
description: 'Environment to deploy to (Default: canary)'
options:
- canary
- prod
# Construct a concurrency group to be shared across workflow runs.
# The default behavior ensures that only one is running at a time, with
# all others queuing and thus not interrupting runs that are in-flight.
concurrency: ${{ github.workflow }}
permissions:
contents: read
id-token: write # Allow the workflow to create a JWT for AWS auth
env:
OCI_REGISTRY: index.docker.io
OCI_IMAGE_NAME: fermyon/developer
jobs:
echo-inputs:
runs-on: ubuntu-latest
if: ${{ github.event_name == 'workflow_dispatch' }}
steps:
- name: Echo Inputs
run: |
echo ref: ${{ inputs.ref }}
echo commit: ${{ inputs.commit }}
echo environment: ${{ inputs.environment }}
publish:
runs-on: ubuntu-latest
if: ${{ github.repository_owner == 'fermyon' }}
outputs:
oci_ref: ${{ env.OCI_REGISTRY }}/${{ env.OCI_IMAGE_NAME }}@${{ steps.push.outputs.digest }}
steps:
- uses: actions/checkout@v3
- name: Check out specific ref
if: ${{ github.event_name == 'workflow_dispatch' }} && ${{ inputs.ref != ''}}
run: git checkout ${{ inputs.ref }}
- name: Check out specific commit
if: ${{ github.event_name == 'workflow_dispatch' }} && ${{ inputs.commit != ''}}
run: git checkout ${{ inputs.commit }}
- name: Setup Node
uses: actions/setup-node@v3
with:
node-version: 16
- name: Setup Spin
uses: fermyon/actions/spin/setup@v1
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
version: v1.2.1
- name: Install npm packages
run: |
npm ci
- name: Build app
run: |
spin build
- name: Construct OCI image tag
shell: bash
run: |
[[ "${{ github.event_name }}" == "push" ]] && \
echo "IMAGE_TAG=latest" >> $GITHUB_ENV || \
echo "IMAGE_TAG=canary" >> $GITHUB_ENV
- name: Login and Publish Spin app
id: push
uses: fermyon/actions/spin/push@v1
with:
registry: ${{ env.OCI_REGISTRY }}
registry_username: fermyon
registry_password: ${{ secrets.DOCKERHUB_PAT }}
registry_reference: ${{ env.OCI_REGISTRY }}/${{ env.OCI_IMAGE_NAME }}:${{ env.IMAGE_TAG }}
- name: Cleanup login
if: ${{ always() }}
run: |
rm -rf /home/runner/fermyon
deploy:
runs-on: ubuntu-latest
needs: publish
if: ${{ github.repository_owner == 'fermyon' }}
steps:
- uses: actions/checkout@v3
- name: Install Nomad
env:
NOMAD_VERSION: "1.4.3"
run: |
curl -Os https://releases.hashicorp.com/nomad/${NOMAD_VERSION}/nomad_${NOMAD_VERSION}_linux_$(dpkg --print-architecture).zip
unzip nomad_${NOMAD_VERSION}_linux_$(dpkg --print-architecture).zip -d /usr/local/bin
chmod +x /usr/local/bin/nomad
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v2
with:
role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ secrets.INFRA_NAMESPACE }}-${{ secrets.AWS_REGION }}-gha-certs
role-session-name: fermyon-developer-deploy
aws-region: ${{ secrets.AWS_REGION }}
- name: Fetch Nomad Certs from S3
shell: bash
run: |
set -euo pipefail
for cert in infra_ca \
api_client_cert_private_key \
api_client_cert_public_key; do
aws s3api get-object \
--bucket "infra-certs-${{ secrets.INFRA_NAMESPACE }}-${{ secrets.AWS_REGION }}" \
--key "${cert}" \
"/tmp/${cert}"
done
- name: Configure Nomad
shell: bash
run: |
echo "NOMAD_CACERT=/tmp/infra_ca" >> $GITHUB_ENV
echo "NOMAD_CLIENT_CERT=/tmp/api_client_cert_public_key" >> $GITHUB_ENV
echo "NOMAD_CLIENT_KEY=/tmp/api_client_cert_private_key" >> $GITHUB_ENV
echo "NOMAD_ADDR=https://nomad.${{ secrets.INFRA_NAMESPACE }}.${{ secrets.AWS_REGION }}.fermyon.link:4646" >> $GITHUB_ENV
- name: Configure manual deploy
if: ${{ github.event_name == 'workflow_dispatch' }}
shell: bash
run: |
if [[ "${{ inputs.environment }}" == "prod" ]]; then
echo "PRODUCTION=true" >> $GITHUB_ENV
echo "NOMAD_NAMESPACE=prod" >> $GITHUB_ENV
else
echo "PRODUCTION=false" >> $GITHUB_ENV
echo "NOMAD_NAMESPACE=staging" >> $GITHUB_ENV
fi
- name: Configure auto-deploy
if: ${{ github.event_name == 'push' }}
shell: bash
run: |
echo "PRODUCTION=true" >> $GITHUB_ENV
echo "NOMAD_NAMESPACE=prod" >> $GITHUB_ENV
- name: Deploy
shell: bash
run: |
nomad run \
-var "region=${{ secrets.AWS_REGION }}" \
-var "production=${{ env.PRODUCTION }}" \
-var "commit_sha=$(git rev-parse HEAD)" \
-var "oci_ref=${{ needs.publish.outputs.oci_ref }}" \
deploy/fermyon-developer.nomad