From ad5040e5adda88a83236a1f69156580221882bb4 Mon Sep 17 00:00:00 2001 From: Ostrikov Serhii <68506580+42kbit@users.noreply.github.com> Date: Sat, 30 Dec 2023 12:13:47 +0200 Subject: [PATCH] added ci artifact making with cd (#3) * added ci artifact making with cd (not finished) * added explicit environment annotation * fixed some dumbass env* variables in github action not registering * fixed missing aws auth region parameter to aws-action/configure-aws-credentials * fixed misstyped aws-secret-access-key-id -> aws-secret-access-key * fixed artifact path hiding secret, which led to invalid formatted s3 path of artifact * moved artifacts to more inner scope * fixed env not being able to read itself (github actions bug) * fixed (once again) github actions inability to read env within env * fixed yaml multiline string indentation * ok... on more try on this env thing... * revert commit 81de22b * added cd dependency on ci * made cd yaml callable * removed deps from cd callable workflow * secrets are passed through args now * fixed inputs with secrets mixing * secrets changed to inherit, since it seems like regular passing wont do shit * definition of secrets is applied * added explicit branch annotation * pre-merge removed call to cd the artifact --- .github/workflows/3_webserver_ci.yaml | 37 +++++++++++++++++++++ .github/workflows/webserver_cd_aws_ebs.yaml | 31 +++++++++++++++++ 2 files changed, 68 insertions(+) create mode 100644 .github/workflows/webserver_cd_aws_ebs.yaml diff --git a/.github/workflows/3_webserver_ci.yaml b/.github/workflows/3_webserver_ci.yaml index 1d2efcb..aac269c 100644 --- a/.github/workflows/3_webserver_ci.yaml +++ b/.github/workflows/3_webserver_ci.yaml @@ -30,6 +30,8 @@ jobs: test_code: runs-on: ubuntu-latest name: Run python tests + environment: prod + steps: - uses: actions/checkout@v4 # does git clone into runner @@ -47,3 +49,38 @@ jobs: # you can also run lint tests, to ensure that the project matches # your desired codestyle, but well pass it for now. + + make_artifact: + runs-on: ubuntu-latest + needs: [test_code] # may not be required i belive, if we want this + # to run in paralel, but i'll do it anyway to make less jobs + environment: prod + env: + ARTIFACT_EXCLUDE: ./.git* + ARTIFACT_NAME: webserver-artifact-${{ github.sha }}.zip + # github doesn't resolve env inside env sadly (or im dumb idk) + ARTIFACT_S3_PATH: >- + ${{ secrets.ARTIFACT_S3_BUCKET_NAME }}/webserver-artifact-${{ github.sha }}.zip + + steps: + - uses: actions/checkout@v4 + + - name: Zip archive + run: zip -r ${{ env.ARTIFACT_NAME }} ./ -x ${{ env.ARTIFACT_EXCLUDE }} + + - name: Authenticate to aws account + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: ${{ secrets.AWS_REGION }} + + - name: Copy artifact to S3 bucket + run: aws s3 cp "$ARTIFACT_NAME" "s3://$ARTIFACT_S3_PATH" + + # artifact is made, job here is done, next - CD pipeline will deploy it. + + # use_webserver_cd: + # needs: [make_artifact] + # uses: ./.github/workflows/webserver_cd_aws_ebs.yaml + # secrets: inherit diff --git a/.github/workflows/webserver_cd_aws_ebs.yaml b/.github/workflows/webserver_cd_aws_ebs.yaml new file mode 100644 index 0000000..73dc8cd --- /dev/null +++ b/.github/workflows/webserver_cd_aws_ebs.yaml @@ -0,0 +1,31 @@ +name: Deploy webserver to AWS elastic beanstalk (callable) + +on: + workflow_call: + secrets: + AWS_ACCESS_KEY: + required: true + AWS_SECRET_ACCESS_KEY: + required: true + AWS_REGION: + required: true + +jobs: + deploy: + name: Deploy to elastic beanstalk + + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + + - name: Authenticate to aws account + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: ${{ secrets.AWS_REGION }} + + - name: Deploying to AWS EBA + run: echo "Deploying..." + + \ No newline at end of file