-
Notifications
You must be signed in to change notification settings - Fork 9
148 lines (121 loc) · 4.08 KB
/
cd-prod.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
name: CD - Production
on:
workflow_dispatch:
env:
AWS_REGION: ap-northeast-2
ECS_CLUSTER: Codedang-Api
permissions: # permissions to the job (for the OpenID Connection)
id-token: write
contents: read
jobs:
build-frontend:
name: Build frontend bundle
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/setup-pnpm
- name: Build static bundle
run: pnpm --filter frontend build
- uses: actions/upload-artifact@v4
with:
name: frontend-bundle
path: ./frontend/dist
build-client-api:
name: Build client-api image
runs-on: ubuntu-latest
steps:
- name: Setup Docker Buildx
uses: docker/setup-buildx-action@v3
- uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME_FOR_ECR }}
aws-region: ${{ env.AWS_REGION }}
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
- name: Build and push image
uses: docker/build-push-action@v5
with:
file: ./backend/Dockerfile
push: true
build-args: 'target=client'
tags: ${{ steps.login-ecr.outputs.registry }}/codedang-admin-api:latest
build-admin-api:
name: Build admin-api image
runs-on: ubuntu-latest
steps:
- name: Setup Docker Buildx
uses: docker/setup-buildx-action@v3
- uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME_FOR_ECR }}
aws-region: ${{ env.AWS_REGION }}
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
- name: Build and push image
uses: docker/build-push-action@v5
with:
file: ./backend/Dockerfile
push: true
build-args: 'target=admin'
tags: ${{ steps.login-ecr.outputs.registry }}/codedang-admin-api:latest
build-iris:
name: Build iris Docker image
runs-on: ubuntu-latest
steps:
- name: Setup Docker Buildx
uses: docker/setup-buildx-action@v3
- uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME_FOR_ECR }}
aws-region: ${{ env.AWS_REGION }}
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
- name: Build and push image (iris)
uses: docker/build-push-action@v5
with:
push: true
context: '{{defaultContext}}:iris'
tags: ${{ steps.login-ecr.outputs.registry }}/codedang-iris:latest
deploy:
name: Deploy
runs-on: ubuntu-latest
needs: [build-frontend, build-client-api, build-admin-api, build-iris]
environment: production
defaults:
run:
shell: bash
steps:
- uses: actions/checkout@v4
- uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME_FOR_DEPLOY }}
aws-region: ${{ env.AWS_REGION }}
- uses: hashicorp/setup-terraform@v3
with:
terraform_version: 1.5.2
- name: Load frontend static bundle
uses: actions/download-artifact@v4
with:
name: frontend-bundle
path: ./frontend/dist
- name: Create Terraform variable file
working-directory: ./infra/deploy
run: |
echo "$TFVARS" >> terraform.tfvars
echo "$OAUTH_GITHUB" >> terraform.tfvars
env:
TFVARS: ${{ secrets.TF_TFVARS }}
OAUTH_GITHUB: ${{ secrets.OAUTH_GITHUB }}
- name: Terraform Init
working-directory: ./infra/deploy
run: terraform init
# TODO: plan in the other job, and reuse the plan file
- name: Terraform Plan
working-directory: ./infra/deploy
run: terraform plan -target=module.codedang-infra -input=false
- name: Terraform Apply
working-directory: ./infra/deploy
run: terraform apply -target=module.codedang-infra -auto-approve -input=false