avniproject/avni-webapp#1120 - rwb from master

avniproject · Jan 31, 2024 · 47d5576 · 47d5576
1 parent 0c86783
commit 47d5576
Showing 1 changed file with 134 additions and 72 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -1,5 +1,8 @@
 version: 2.1
 
+orbs:
+  aws-cli: circleci/[email protected]
+
 commands:
   deploy:
     description: Deployment of ETL
@@ -11,36 +14,47 @@ commands:
         type: string
         default: "staging"
     steps:
-    - attach_workspace:
-        at: ~/artifacts
+      - attach_workspace:
+          at: ~/artifacts
 
-    - run: sudo apt-get install make openssl
+      - run: sudo apt-get install make openssl
 
-    - run:
-        name: Install dependencies
-        command: |
-          sudo apt-get -y -qq update
-          sudo apt-get -y -qq install python3-pip
-          sudo pip3 install awscli --upgrade
-          sudo pip3 install ansible
+      - run: curl -L https://github.com/avniproject/avni-infra/archive/master.zip >> ~/infra.zip
 
-    - run: curl -L https://github.com/avniproject/avni-infra/archive/master.zip >> ~/infra.zip
+      - run: |
+          cd ~/
+          unzip infra.zip
+          mv avni-infra-master avni-infra
+          rm -rf infra.zip
 
-    - run: |
-        cd ~/
-        unzip infra.zip
-        mv avni-infra-master avni-infra
-        rm -rf infra.zip
+      - run: echo $ANSIBLE_VAULT_PASS > ~/.vault-pass.txt
 
-    - run: echo $ANSIBLE_VAULT_PASS > ~/.vault-pass.txt
+      - run: |
+          pwd
+          cd ~/avni-infra/configure
+          mv ~/artifacts/avni-etl.jar ~/artifacts/etl-1.0.0-SNAPSHOT.jar
+          VAULT_PASSWORD_FILE=~/.vault-pass.txt app_zip_path=~/artifacts/ make deploy-etl-<< parameters.env >>
 
-    - run: |
-        pwd
-        cd ~/avni-infra/configure
-        mv ~/artifacts/avni-etl.jar ~/artifacts/etl-1.0.0-SNAPSHOT.jar
-        VAULT_PASSWORD_FILE=~/.vault-pass.txt app_zip_path=~/artifacts/ make deploy-etl-<< parameters.env >>
+      - run: rm ~/.vault-pass.txt
 
-    - run: rm ~/.vault-pass.txt
+  setup_server_access:
+    description: Generate and copy temporary keys to server
+    parameters:
+      instance-id:
+        type: string
+      os-user:
+        type: string
+        default: ubuntu
+      availability-zone:
+        type: string
+        default: ap-south-1a
+    steps:
+      - run: rm -rf /tmp/temp_rsa_key*
+      - run: ssh-keygen -b 2048 -t rsa -f /tmp/temp_rsa_key -q -N ""
+      - run: eval `ssh-agent -s`
+      - run: ssh-add /tmp/temp_rsa_key
+      - run: |
+          aws ec2-instance-connect send-ssh-public-key --instance-id << parameters.instance-id >> --availability-zone << parameters.availability-zone >> --instance-os-user << parameters.os-user >> --no-paginate --ssh-public-key file:///tmp/temp_rsa_key.pub --output text | head -1
 
 jobs:
   test:
@@ -89,7 +103,7 @@ jobs:
 
   build:
     docker:
-    - image: cimg/openjdk:17.0.5
+      - image: cimg/openjdk:17.0.5
 
     working_directory: ~/avni-etl
 
@@ -100,34 +114,34 @@ jobs:
       - MAVEN_OPTS: -Xmx3200m
 
     steps:
-    - checkout
+      - checkout
 
-    - run: sudo apt-get install make openssl
+      - run: sudo apt-get install make openssl
 
-    - run: make build_jar
+      - run: make build_jar
 
-    - run: mkdir -p ~/artifacts;
+      - run: mkdir -p ~/artifacts;
 
-    - run: cp ~/avni-etl/build/libs/etl-1.0.0-SNAPSHOT.jar ~/artifacts/avni-etl.jar;
+      - run: cp ~/avni-etl/build/libs/etl-1.0.0-SNAPSHOT.jar ~/artifacts/avni-etl.jar;
 
-    - persist_to_workspace:
-        root: ~/artifacts
-        paths:
-        - avni-etl.jar
+      - persist_to_workspace:
+          root: ~/artifacts
+          paths:
+            - avni-etl.jar
 
-    - store_artifacts:
-        path: ~/artifacts
+      - store_artifacts:
+          path: ~/artifacts
 
   STAGING_deploy:
     docker:
-    - image: cimg/deploy:2023.09
-      environment:
-        ANSIBLE_HOST_KEY_CHECKING: no
+      - image: cimg/deploy:2023.09
+        environment:
+          ANSIBLE_HOST_KEY_CHECKING: no
     working_directory: ~/
     steps:
-    - deploy:
-        hostname: "int-staging.avniproject.org"
-        env: "staging"
+      - deploy:
+          hostname: "int-staging.avniproject.org"
+          env: "staging"
 
   PRERELEASE_deploy:
     docker:
@@ -149,38 +163,86 @@ jobs:
           hostname: "int-prod.avniproject.org"
           env: "prod"
 
+  RWB_STAGING_deploy:
+    docker:
+      - image: cimg/deploy:2023.09
+    working_directory: ~/
+    steps:
+      - aws-cli/setup:
+          role_arn: "arn:aws:iam::730335671779:role/avni_circleci_instance_connect"
+          region: "ap-south-1"
+      - setup_server_access:
+          instance-id: "i-0b9dc7b3e65a44aec"
+          availability-zone: "ap-south-1b"
+      - deploy:
+          env: "rwb-staging"
+
+  RWB_PRODUCTION_deploy:
+    docker:
+      - image: cimg/deploy:2023.09
+    working_directory: ~/
+    steps:
+      - aws-cli/setup:
+          role_arn: "arn:aws:iam::730335671779:role/avni_circleci_instance_connect"
+          region: "ap-south-1"
+      - setup_server_access:
+          instance-id: "i-067dc4ef8c36f8053"
+          availability-zone: "ap-south-1a"
+      - deploy:
+          env: "rwb-prod"
+
 workflows:
   version: 2
   test_and_build_and_deploy:
     jobs:
-    - test
-    - build:
-        requires:
-          - test
-    - STAGING_approve:
-        type: approval
-        requires:
-          - build
-    - STAGING_deploy:
-        context: non-prod-deploy
-        filters:
-          branches:
-            only: main
-        requires:
-          - STAGING_approve
-    - PRERELEASE_approve:
-        type: approval
-        requires:
-          - build
-    - PRERELEASE_deploy:
-        context: non-prod-deploy
-        requires:
-          - PRERELEASE_approve
-    - PRODUCTION_approve:
-        type: approval
-        requires:
-          - build
-    - PRODUCTION_deploy:
-        context: prod-deploy
-        requires:
-          - PRODUCTION_approve
+      - test
+      - build:
+          requires:
+            - test
+      - STAGING_approve:
+          type: approval
+          requires:
+            - build
+      - STAGING_deploy:
+          context: non-prod-deploy
+          filters:
+            branches:
+              only: main
+          requires:
+            - STAGING_approve
+      - PRERELEASE_approve:
+          type: approval
+          requires:
+            - build
+      - PRERELEASE_deploy:
+          context: non-prod-deploy
+          requires:
+            - PRERELEASE_approve
+      - PRODUCTION_approve:
+          type: approval
+          requires:
+            - build
+      - PRODUCTION_deploy:
+          context: prod-deploy
+          requires:
+            - PRODUCTION_approve
+      - RWB_STAGING_approve:
+          type: approval
+          requires:
+            - build
+      - RWB_STAGING_deploy:
+          context:
+            - RWB_AWS_OIDC
+            - non-prod-deploy
+          requires:
+            - RWB_STAGING_approve
+      - RWB_PRODUCTION_approve:
+          type: approval
+          requires:
+            - build
+      - RWB_PRODUCTION_deploy:
+          context:
+            - RWB_AWS_OIDC
+            - prod-deploy
+          requires:
+            - RWB_PRODUCTION_approve