generated from CS3219-AY2324S1/course-assessment-template
-
Notifications
You must be signed in to change notification settings - Fork 3
133 lines (117 loc) · 5.45 KB
/
production.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
# Adapted from: https://github.com/actions/starter-workflows/blob/main/deployments/google.yml
name: Build and Deploy Production App
on:
workflow_run:
workflows: ["Continuous Integration"] # Run only after CI passes
types: [completed]
branches:
- prod
env:
PROJECT_ID: peerprep-group11-prod
ARTIFACT_REPOSITORY_NAME: codeparty-prod-images
GKE_CLUSTER: codeparty-g11-prod # Add your cluster name here.
GKE_REGION: asia-southeast1 # Add your cluster zone here.
FIREBASE_SERVICE_ACCOUNT: ${{ secrets.FIREBASE_SERVICE_ACCOUNT_PROD }}
PRISMA_DATABASE_URL: ${{ secrets.PRISMA_DATABASE_URL_PROD }}
MONGO_ATLAS_URL: ${{ secrets.MONGO_ATLAS_URL_PROD }}
NEXT_PUBLIC_FRONTEND_FIREBASE_CONFIG: ${{ secrets.FRONTEND_FIREBASE_CONFIG_PROD }}
NEXT_PUBLIC_HTTP_PROXY_GATEWAY_ADDRESS: https://api.codeparty.org/
NEXT_PUBLIC_WS_MATCH_PROXY_GATEWAY_ADDRESS: https://wsmatch.codeparty.org
NEXT_PUBLIC_WS_COLLABORATION_PROXY_GATEWAY_ADDRESS: https://wscollab.codeparty.org
TWILIO_ACCOUNT_SID: ${{ secrets.TWILIO_ACCOUNT_SID }}
TWILIO_API_KEY: ${{ secrets.TWILIO_API_KEY }}
TWILIO_API_SECRET: ${{ secrets.TWILIO_API_SECRET }}
jobs:
setup-build-publish-deploy:
name: Setup, Build, Publish, and Deploy
runs-on: ubuntu-latest
environment: production
if: ${{ github.event.workflow_run.conclusion == 'success' }}
permissions:
contents: 'read'
id-token: 'write'
steps:
- name: Checkout
uses: actions/checkout@v4
- id: 'auth'
name: Authenticate to Google Cloud
uses: 'google-github-actions/auth@v1'
with:
token_format: 'access_token'
workload_identity_provider: projects/345207492413/locations/global/workloadIdentityPools/github-actions-pool/providers/github-actions-oidc
service_account: 'github-actions-service@peerprep-group11-prod.iam.gserviceaccount.com'
# Setup gcloud CLI
- name: Setup Google Cloud SDK
uses: google-github-actions/setup-gcloud@v1
# Configure Docker to login to google cloud
- name: Configure Docker
run: |-
echo ${{steps.auth.outputs.access_token}} | docker login -u oauth2accesstoken --password-stdin https://$GKE_REGION-docker.pkg.dev
# Get the GKE credentials so that we can deploy to the cluster
- name: Get Google Kubernetes Engine credentials for production
uses: google-github-actions/get-gke-credentials@v1
with:
cluster_name: ${{ env.GKE_CLUSTER }}
location: ${{ env.GKE_REGION }}
# Copy the JSON secrets (Firebase configs) into JSON files
- name: Copy JSON secrets into JSON files
run: |-
echo -n "$FIREBASE_SERVICE_ACCOUNT" > ./firebase_service_account.json
echo -n "$NEXT_PUBLIC_FRONTEND_FIREBASE_CONFIG" > ./next_public_frontend_firebase_config.json
# Set the secrets that are used as env variables in the manifest files
- name: Set kubectl secrets
run: |-
kubectl delete secret firebase-service-account \
--ignore-not-found
kubectl create secret generic firebase-service-account \
--from-file=firebase-service-account=./firebase_service_account.json
kubectl delete secret prisma-database-url \
--ignore-not-found
kubectl create secret generic prisma-database-url \
--from-literal=prisma-database-url=$PRISMA_DATABASE_URL
kubectl delete secret mongo-atlas-url \
--ignore-not-found
kubectl create secret generic mongo-atlas-url \
--from-literal=mongo-atlas-url=$MONGO_ATLAS_URL
kubectl delete secret frontend-firebase-config \
--ignore-not-found
kubectl create secret generic frontend-firebase-config \
--from-file=frontend-firebase-config=./next_public_frontend_firebase_config.json
kubectl delete secret twilio-account-sid \
--ignore-not-found
kubectl create secret generic twilio-account-sid \
--from-literal=twilio-account-sid=$TWILIO_ACCOUNT_SID
kubectl delete secret twilio-api-key \
--ignore-not-found
kubectl create secret generic twilio-api-key \
--from-literal=twilio-api-key=$TWILIO_API_KEY
kubectl delete secret twilio-api-secret \
--ignore-not-found
kubectl create secret generic twilio-api-secret \
--from-literal=twilio-api-secret=$TWILIO_API_SECRET
# Remove the JSON files
- name: Delete JSON files
if: ${{ always() }}
run: |-
rm ./firebase_service_account.json
rm ./next_public_frontend_firebase_config.json
# Install the dependencies such as prisma
- name: Install dependencies with immutable lockfile
run: yarn install --frozen-lockfile
# Apply prisma migrations to production prisma database
- name: Apply prisma database migrations
run: |-
yarn prisma migrate deploy
# Build the Docker images and push to Google Artifact Repository
- name: Build and push Docker images
run: |-
chmod u+x ./build-export-prod-images.sh
./build-export-prod-images.sh
working-directory: ./deployment
# Deploy the Docker images to the GKE cluster
- name: Deploy production application
run: |-
kubectl apply -f ./gke-prod-manifests
kubectl rollout status deployment
kubectl get services -o wide
working-directory: ./deployment