-
Notifications
You must be signed in to change notification settings - Fork 0
95 lines (83 loc) · 3.44 KB
/
deploy.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
name: Deploy Fideslog
on:
push:
tags:
- "*"
jobs:
PyPI:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Install Twine
run: pip install twine
- name: Twine Upload
run: |
python setup.py sdist
twine upload dist/*
env:
TWINE_USERNAME: __token__
TWINE_PASSWORD: ${{ secrets.PYPI_TOKEN }}
Docker:
runs-on: ubuntu-latest
env:
DOCKER_USER: ethycaci
DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
steps:
- name: Checkout
uses: actions/checkout@v2
with:
fetch-depth: 0 # This is required to properly tag images
- name: Log in to DockerHub
uses: docker/login-action@v1
with:
username: ${{ env.DOCKER_USER }}
password: ${{ env.DOCKER_TOKEN }}
- name: Build Fideslog Image
run: make build
- name: Push Fideslog Image
run: make push
Deploy:
needs:
- PyPI
- Docker
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Add Secrets to Task Definition
run: |
sed -i "s%<snowflake_account>%$SNOWFLAKE_ACCOUNT%g" task-definition.json
sed -i "s%<snowflake_db_user>%$SNOWFLAKE_DB_USER%g" task-definition.json
sed -i "s%<snowflake_db_password>%$SNOWFLAKE_DB_PASSWORD%g" task-definition.json
sed -i "s%<fideslog_security_access_token>%$FIDESLOG__SECURITY__ACCESS_TOKEN%g" task-definition.json
sed -i "s%<fideslog_storage_bucket_name>%$FIDESLOG__STORAGE_BUCKET_NAME%g" task-definition.json
sed -i "s%<fideslog_storage_region_name>%$FIDESLOG__STORAGE_REGION_NAME%g" task-definition.json
sed -i "s%<fideslog_storage_aws_access_key_id>%$FIDESLOG__STORAGE_AWS_ACCESS_KEY_ID%g" task-definition.json
sed -i "s%<fideslog_storage_aws_secret_access_key>%$FIDESLOG__STORAGE_AWS_SECRET_ACCESS_KEY%g" task-definition.json
sed -i "s%<cluster_name>%$ECS_CLUSTER_NAME%g" task-definition.json
sed -i "s%<role_arn>%$ROLE_ARN%g" task-definition.json
env:
ECS_CLUSTER_NAME: ${{ secrets.ECS_CLUSTER_NAME }}
FIDESLOG__SECURITY__ACCESS_TOKEN: ${{secrets.FIDESLOG__SECURITY__ACCESS_TOKEN}}
ROLE_ARN: ${{ secrets.ROLE_ARN }}
SNOWFLAKE_ACCOUNT: ${{secrets.SNOWFLAKE_ACCOUNT}}
SNOWFLAKE_DB_PASSWORD: ${{secrets.SNOWFLAKE_DB_PASSWORD}}
SNOWFLAKE_DB_USER: ${{secrets.SNOWFLAKE_DB_USER}}
FIDESLOG__STORAGE_BUCKET_NAME: ${{secrets.FIDESLOG__STORAGE_BUCKET_NAME}}
FIDESLOG__STORAGE_REGION_NAME: ${{secrets.FIDESLOG__STORAGE_REGION_NAME}}
FIDESLOG__STORAGE_AWS_ACCESS_KEY_ID: ${{secrets.FIDESLOG__STORAGE_AWS_ACCESS_KEY_ID}}
FIDESLOG__STORAGE_AWS_SECRET_ACCESS_KEY: ${{secrets.FIDESLOG__STORAGE_AWS_SECRET_ACCESS_KEY}}
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-1
- name: Deploy Amazon ECS Task Definition
uses: aws-actions/amazon-ecs-deploy-task-definition@v1
with:
task-definition: task-definition.json
service: ${{ secrets.ECS_SERVICE_NAME }}
cluster: ${{ secrets.ECS_CLUSTER_NAME }}
wait-for-service-stability: true