added ci artifact making with cd (#3)

* added ci artifact making with cd (not finished) * added explicit environment annotation * fixed some dumbass env* variables in github action not registering * fixed missing aws auth region parameter to aws-action/configure-aws-credentials * fixed misstyped aws-secret-access-key-id -> aws-secret-access-key * fixed artifact path hiding secret, which led to invalid formatted s3 path of artifact * moved artifacts to more inner scope * fixed env not being able to read itself (github actions bug) * fixed (once again) github actions inability to read env within env * fixed yaml multiline string indentation * ok... on more try on this env thing... * revert commit 81de22b * added cd dependency on ci * made cd yaml callable * removed deps from cd callable workflow * secrets are passed through args now * fixed inputs with secrets mixing * secrets changed to inherit, since it seems like regular passing wont do shit * definition of secrets is applied * added explicit branch annotation * pre-merge removed call to cd the artifact
42kbit · Dec 30, 2023 · ad5040e · ad5040e
1 parent ae61b67
commit ad5040e
Show file tree

Hide file tree

Showing 2 changed files with 68 additions and 0 deletions.
diff --git a/.github/workflows/3_webserver_ci.yaml b/.github/workflows/3_webserver_ci.yaml
@@ -30,6 +30,8 @@ jobs:
   test_code:
     runs-on: ubuntu-latest
     name: Run python tests
+    environment: prod
+
     steps:
       - uses: actions/checkout@v4 # does git clone into runner
 
@@ -47,3 +49,38 @@ jobs:
 
   # you can also run lint tests, to ensure that the project matches
   # your desired codestyle, but well pass it for now.
+
+  make_artifact:
+    runs-on: ubuntu-latest
+    needs: [test_code] # may not be required i belive, if we want this
+                       # to run in paralel, but i'll do it anyway to make less jobs
+    environment: prod
+    env:
+      ARTIFACT_EXCLUDE: ./.git*
+      ARTIFACT_NAME: webserver-artifact-${{ github.sha }}.zip
+      # github doesn't resolve env inside env sadly (or im dumb idk)
+      ARTIFACT_S3_PATH: >-
+        ${{ secrets.ARTIFACT_S3_BUCKET_NAME }}/webserver-artifact-${{ github.sha }}.zip
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Zip archive
+        run: zip -r ${{ env.ARTIFACT_NAME }} ./ -x ${{ env.ARTIFACT_EXCLUDE }}
+
+      - name: Authenticate to aws account
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: ${{ secrets.AWS_REGION }}
+
+      - name: Copy artifact to S3 bucket
+        run: aws s3 cp "$ARTIFACT_NAME" "s3://$ARTIFACT_S3_PATH"
+
+    # artifact is made, job here is done, next - CD pipeline will deploy it.
+
+  # use_webserver_cd:
+  #   needs: [make_artifact]
+  #   uses: ./.github/workflows/webserver_cd_aws_ebs.yaml
+  #   secrets: inherit
diff --git a/.github/workflows/webserver_cd_aws_ebs.yaml b/.github/workflows/webserver_cd_aws_ebs.yaml
@@ -0,0 +1,31 @@
+name: Deploy webserver to AWS elastic beanstalk (callable) 
+
+on:
+  workflow_call:
+    secrets:
+      AWS_ACCESS_KEY:
+        required: true
+      AWS_SECRET_ACCESS_KEY:
+        required: true
+      AWS_REGION:
+        required: true
+
+jobs:
+  deploy:
+    name: Deploy to elastic beanstalk
+
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Authenticate to aws account
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: ${{ secrets.AWS_REGION }}
+
+      - name: Deploying to AWS EBA
+        run: echo "Deploying..."
+
+