avniproject/avni-product#1445 | CircleCI config for RWB deploy

.circleci/config.yml

@@ -1,4 +1,7 @@
 version: 2.1
+orbs:
+  aws-cli: circleci/[email protected]
+
 commands:
   deploy:
     description: "Deployment of rules server"
@@ -62,6 +65,24 @@ commands:
           VAULT_PASSWORD_FILE=~/.vault-pass.txt app_zip_path=~/artifacts/ make rules-server-<< parameters.env >>
 
       - run: rm ~/.vault-pass.txt
+  setup_server_access:
+    description: Generate and copy temporary keys to server
+    parameters:
+      instance-id:
+        type: string
+      os-user:
+        type: string
+        default: ubuntu
+      availability-zone:
+        type: string
+        default: ap-south-1a
+    steps:
+      - run: rm -rf /tmp/temp_rsa_key*
+      - run: ssh-keygen -b 2048 -t rsa -f /tmp/temp_rsa_key -q -N ""
+      - run: eval `ssh-agent -s`
+      - run: ssh-add /tmp/temp_rsa_key
+      - run: |
+          aws ec2-instance-connect send-ssh-public-key --instance-id << parameters.instance-id >> --availability-zone << parameters.availability-zone >> --instance-os-user << parameters.os-user >> --no-paginate --ssh-public-key file:///tmp/temp_rsa_key.pub --output text | head -1
 
 jobs:
   app_test:
@@ -205,7 +226,32 @@ jobs:
     steps:
       - deploy_ansible:
           env: "prod"
-
+  RWB_STAGING_deploy:
+    docker:
+      - image: cimg/deploy:2023.09-node
+    working_directory: ~/
+    steps:
+      - aws-cli/setup:
+          role_arn: "arn:aws:iam::730335671779:role/avni_circleci_instance_connect"
+      - setup_server_access:
+          instance-id: "i-00b50ac6e8413fdca"
+          availability-zone: "ap-south-1b"
+      - deploy_ansible:
+          env: "rwb-staging"
+
+  RWB_PRODUCTION_deploy:
+    docker:
+      - image: cimg/deploy:2023.09-node
+    working_directory: ~/
+    steps:
+      - aws-cli/setup:
+          role_arn: "arn:aws:iam::730335671779:role/avni_circleci_instance_connect"
+      - setup_server_access:
+          instance-id: "i-015a3839bfe137346"
+          availability-zone: "ap-south-1a"
+      - deploy_ansible:
+          env: "rwb-prod"
+
 tags_filter: &tags_filter
   filters:
     tags:
@@ -267,6 +313,27 @@ workflows:
           context: non-prod-deploy
           requires:
             - PERF_approve
+      - RWB_STAGING_approve:
+          type: approval
+          requires:
+            - app_build
+      - RWB_STAGING_deploy:
+          context:
+            - RWB_AWS_OIDC
+            - non-prod-deploy
+          requires:
+            - RWB_STAGING_approve
+      - RWB_PRODUCTION_approve:
+          type: approval
+          requires:
+            - app_build
+      - RWB_PRODUCTION_deploy:
+          context:
+            - RWB_AWS_OIDC
+            - prod-deploy
+          requires:
+            - RWB_PRODUCTION_approve
+
 notify:
   webhooks:
     - url: https://webhooks.gitter.im/e/0fdffde721194986f2a0