Deploy to production core=1857b51 country config=25085d8 #33
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy (production) | |
| run-name: Deploy to ${{ github.event.inputs.environment }} core=${{ github.event.inputs.core-image-tag }} country config=${{ github.event.inputs.countryconfig-image-tag }} | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| environment: | |
| type: choice | |
| description: Environment to deploy to | |
| required: true | |
| default: 'staging' | |
| options: | |
| - production | |
| - staging | |
| core-image-tag: | |
| description: Core DockerHub image tag | |
| required: true | |
| default: 'v1.3.2' | |
| countryconfig-image-tag: | |
| description: Your Country Config DockerHub image tag | |
| required: true | |
| jobs: | |
| deploy: | |
| environment: ${{ github.event.inputs.environment }} | |
| runs-on: ubuntu-20.04 | |
| timeout-minutes: 60 | |
| steps: | |
| - uses: trstringer/manual-approval@v1 | |
| with: | |
| secret: ${{ github.TOKEN }} | |
| approvers: euanmillar,rikukissa | |
| minimum-approvals: 1 | |
| issue-title: "Deploy (Prod): core: ${{ github.event.inputs.core-image-tag }} country config: ${{ github.event.inputs.countryconfig-image-tag }}" | |
| issue-body: "Please approve or deny the deployment of core: ${{ github.event.inputs.core-image-tag }} country config: ${{ github.event.inputs.countryconfig-image-tag }} to production" | |
| exclude-workflow-initiator-as-approver: false | |
| - name: Clone core | |
| uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 | |
| repository: 'opencrvs/opencrvs-core' | |
| path: './opencrvs-core' | |
| - name: Clone country config resource package | |
| uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 | |
| path: './${{ github.event.repository.name }}' | |
| - name: Checkout country branch | |
| run: | | |
| cd ${{ github.event.repository.name }} | |
| git checkout ${{ github.event.inputs.countryconfig-image-tag }} | |
| cd ../ | |
| - name: Checkout core branch | |
| run: | | |
| cd opencrvs-core | |
| git checkout ${{ github.event.inputs.core-image-tag }} | |
| - name: Read known hosts | |
| run: | | |
| cd ${{ github.event.repository.name }} | |
| echo "KNOWN_HOSTS<<EOF" >> $GITHUB_ENV | |
| sed -i -e '$a\' ./infrastructure/.known-hosts | |
| cat ./infrastructure/.known-hosts >> $GITHUB_ENV | |
| echo "EOF" >> $GITHUB_ENV | |
| - name: Install SSH Key | |
| uses: shimataro/ssh-key-action@v2 | |
| with: | |
| key: ${{ secrets.SSH_KEY }} | |
| known_hosts: ${{ env.KNOWN_HOSTS }} | |
| - name: Unset KNOWN_HOSTS variable | |
| run: | | |
| echo "KNOWN_HOSTS=" >> $GITHUB_ENV | |
| - name: Login to DockerHub | |
| uses: docker/login-action@v1 | |
| with: | |
| username: ${{ secrets.DOCKER_USERNAME }} | |
| password: ${{ secrets.DOCKER_TOKEN }} | |
| - name: Wait for images to be available | |
| run: | | |
| while true; do | |
| if docker manifest inspect opencrvs/ocrvs-auth:${{ github.event.inputs.core-image-tag }}; then | |
| break | |
| fi | |
| sleep 10 | |
| done | |
| while true; do | |
| if docker manifest inspect ${{ secrets.DOCKERHUB_ACCOUNT }}/${{ secrets.DOCKERHUB_REPO }}:${{ github.event.inputs.countryconfig-image-tag }}; then | |
| break | |
| fi | |
| sleep 10 | |
| done | |
| - name: Deploy to ${{ github.event.inputs.environment }} | |
| env: | |
| DOMAIN: ${{ vars.DOMAIN }} | |
| REPLICAS: ${{ vars.REPLICAS }} | |
| SMTP_PORT: ${{ secrets.SMTP_PORT }} | |
| SMTP_HOST: ${{ secrets.SMTP_HOST }} | |
| SMTP_USERNAME: ${{ secrets.SMTP_USERNAME }} | |
| SMTP_PASSWORD: ${{ secrets.SMTP_PASSWORD }} | |
| ALERT_EMAIL: ${{ secrets.ALERT_EMAIL }} | |
| DOCKERHUB_ACCOUNT: ${{ secrets.DOCKERHUB_ACCOUNT }} | |
| DOCKERHUB_REPO: ${{ secrets.DOCKERHUB_REPO }} | |
| DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} | |
| DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }} | |
| KIBANA_USERNAME: ${{ secrets.KIBANA_USERNAME }} | |
| KIBANA_PASSWORD: ${{ secrets.KIBANA_PASSWORD }} | |
| MONGODB_ADMIN_USER: ${{ secrets.MONGODB_ADMIN_USER }} | |
| MONGODB_ADMIN_PASSWORD: ${{ secrets.MONGODB_ADMIN_PASSWORD }} | |
| ELASTICSEARCH_SUPERUSER_PASSWORD: ${{ secrets.ELASTICSEARCH_SUPERUSER_PASSWORD }} | |
| MINIO_ROOT_USER: ${{ secrets.MINIO_ROOT_USER }} | |
| MINIO_ROOT_PASSWORD: ${{ secrets.MINIO_ROOT_PASSWORD }} | |
| EMAIL_API_KEY: ${{ secrets.EMAIL_API_KEY }} | |
| INFOBIP_SENDER_ID: ${{ secrets.INFOBIP_SENDER_ID }} | |
| SENTRY_DSN: ${{ secrets.SENTRY_DSN }} | |
| INFOBIP_GATEWAY_ENDPOINT: ${{ secrets.INFOBIP_GATEWAY_ENDPOINT }} | |
| INFOBIP_API_KEY: ${{ secrets.INFOBIP_API_KEY }} | |
| WIREGUARD_ADMIN_PASSWORD: ${{ secrets.WIREGUARD_ADMIN_PASSWORD }} | |
| SENDER_EMAIL_ADDRESS: ${{ secrets.SENDER_EMAIL_ADDRESS }} | |
| SUPER_USER_PASSWORD: ${{ secrets.SUPER_USER_PASSWORD }} | |
| CONTENT_SECURITY_POLICY_WILDCARD: ${{ vars.CONTENT_SECURITY_POLICY_WILDCARD }} | |
| SSH_ARGS: ${{ vars.SSH_ARGS }} | |
| run: | | |
| cd ./${{ github.event.repository.name }} | |
| yarn deploy \ | |
| --clear_data=no \ | |
| --environment=${{ github.event.inputs.environment }} \ | |
| --host=${{ env.DOMAIN }} \ | |
| --ssh_host=${{ secrets.SSH_HOST }} \ | |
| --ssh_user=${{ secrets.SSH_USER }} \ | |
| --version=${{ github.event.inputs.core-image-tag }} \ | |
| --country_config_version=${{ github.event.inputs.countryconfig-image-tag }} \ | |
| --replicas=${{ env.REPLICAS }} |