Merge pull request #4851 from freelawproject/block-users #1330
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Automate build and deploy | |
on: | |
push: | |
branches: ["main"] | |
env: | |
AWS_REGION: us-west-2 | |
EKS_CLUSTER_NAME: courtlistener | |
EKS_NAMESPACE: court-listener | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Login to Docker Hub | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
- name: Build and Push | |
run: | | |
make push-image --file docker/django/Makefile -e VERSION=$(git rev-parse --short HEAD) | |
deploy: | |
needs: build | |
runs-on: ubuntu-latest | |
concurrency: production | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set shortcode | |
id: vars | |
run: echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: ${{ env.AWS_REGION }} | |
- name: Create Kubeconfig with AWS CLI | |
run: aws eks update-kubeconfig --region ${{ env.AWS_REGION }} --name ${{ env.EKS_CLUSTER_NAME }} | |
- name: Update Environment Variables | |
env: | |
CL_ENV: cl-env | |
run: kubectl annotate es $CL_ENV force-sync=$(date +%s) --overwrite -n ${{ env.EKS_NAMESPACE }} && kubectl wait es -n ${{ env.EKS_NAMESPACE }} --for=jsonpath="{.status.conditions[?(@.reason=='SecretSynced')].status}"=True --timeout=30s $CL_ENV | |
- name: Launch Temporary Pod | |
id: tempPod | |
run: | | |
kubectl run temp-pod-${{ steps.vars.outputs.sha_short }} -n ${{ env.EKS_NAMESPACE }} --image=freelawproject/courtlistener:${{ steps.vars.outputs.sha_short }}-prod --restart Never --pod-running-timeout=120s --overrides=' | |
{ | |
"spec": { | |
"containers": [{ | |
"name": "temp-pod", | |
"image": "freelawproject/courtlistener:${{ steps.vars.outputs.sha_short }}-prod", | |
"command": ["/bin/sh", "-c", "trap : TERM INT; sleep 259200 & wait"], | |
"envFrom": [{ | |
"secretRef": { | |
"name": "cl-env" | |
} | |
}] | |
}] | |
} | |
}' | |
- name: Wait for Temporary Pod to Start | |
run: kubectl wait pods -n ${{ env.EKS_NAMESPACE }} --for condition=Ready --timeout=90s temp-pod-${{ steps.vars.outputs.sha_short }} | |
- name: Collect Static Assets | |
id: collectStatic | |
run: | | |
kubectl exec -n ${{ env.EKS_NAMESPACE }} temp-pod-${{ steps.vars.outputs.sha_short }} -- python manage.py collectstatic --noinput | |
- name: Handle Collectstatic Error | |
if: failure() | |
run: | # Error-handling logic for collectstatic | |
echo "collectstatic failed--aborting build" | |
exit 1 | |
- name: Check Migrations | |
id: checkMigration | |
run: | | |
kubectl exec -n ${{ env.EKS_NAMESPACE }} temp-pod-${{ steps.vars.outputs.sha_short }} -- python manage.py migrate --check | |
- name: Handle Check Migrations Error | |
if: failure() | |
run: | | |
echo "Found unapplied migrations. Open shell into pod temp-pod-${{ steps.vars.outputs.sha_short }}" | |
echo "Manually run migrations. That pod will delete itself after an hour." | |
exit 1 | |
- name: Delete Temporary Pod | |
run: kubectl delete pod -n ${{ env.EKS_NAMESPACE }} temp-pod-${{ steps.vars.outputs.sha_short }} | |
# Rollout new versions one by one (watch "deployments" in k9s) | |
- name: Rollout cl-python | |
run: kubectl set image -n ${{ env.EKS_NAMESPACE }} deployment/cl-python web=freelawproject/courtlistener:${{ steps.vars.outputs.sha_short }}-prod | |
- name: Watch cl-python rollout status | |
run: kubectl rollout status -n ${{ env.EKS_NAMESPACE }} deployment/cl-python | |
- name: Rollout cl-celery-prefork | |
run: kubectl set image -n ${{ env.EKS_NAMESPACE }} deployment/cl-celery-prefork cl-celery-prefork=freelawproject/courtlistener:${{ steps.vars.outputs.sha_short }}-prod | |
- name: Watch cl-celery-prefork rollout status | |
run: kubectl rollout status -n ${{ env.EKS_NAMESPACE }} deployment/cl-celery-prefork | |
- name: Rollout cl-celery-prefork-bulk | |
run: kubectl set image -n ${{ env.EKS_NAMESPACE }} deployment/cl-celery-prefork-bulk cl-celery-prefork-bulk=freelawproject/courtlistener:${{ steps.vars.outputs.sha_short }}-prod | |
- name: Watch cl-celery-prefork-bulk rollout status | |
run: kubectl rollout status -n ${{ env.EKS_NAMESPACE }} deployment/cl-celery-prefork-bulk | |
- name: Rollout cl-celery-prefork-es-sweep | |
run: kubectl set image -n ${{ env.EKS_NAMESPACE }} deployment/cl-celery-prefork-es-sweep cl-celery-prefork-es-sweep=freelawproject/courtlistener:${{ steps.vars.outputs.sha_short }}-prod | |
- name: Watch cl-celery-prefork-es-sweep rollout status | |
run: kubectl rollout status -n ${{ env.EKS_NAMESPACE }} deployment/cl-celery-prefork-es-sweep | |
- name: Rollout cl-scrape-rss | |
run: kubectl set image -n ${{ env.EKS_NAMESPACE }} deployment/cl-scrape-rss scrape-rss=freelawproject/courtlistener:${{ steps.vars.outputs.sha_short }}-prod | |
- name: Watch cl-scrape-rss rollout status | |
run: kubectl rollout status -n ${{ env.EKS_NAMESPACE }} deployment/cl-scrape-rss | |
- name: Rollout cl-retry-webhooks | |
run: kubectl set image -n ${{ env.EKS_NAMESPACE }} deployment/cl-retry-webhooks retry-webhooks=freelawproject/courtlistener:${{ steps.vars.outputs.sha_short }}-prod | |
- name: Watch cl-retry-webhooks rollout status | |
run: kubectl rollout status -n ${{ env.EKS_NAMESPACE }} deployment/cl-retry-webhooks | |
- name: Rollout cl-send-rt-percolator-alerts | |
run: kubectl set image -n ${{ env.EKS_NAMESPACE }} deployment/cl-send-rt-percolator-alerts cl-send-rt-percolator-alerts=freelawproject/courtlistener:${{ steps.vars.outputs.sha_short }}-prod | |
- name: Watch cl-send-rt-percolator-alerts rollout status | |
run: kubectl rollout status -n ${{ env.EKS_NAMESPACE }} deployment/cl-send-rt-percolator-alerts | |
- name: Rollout cl-es-sweep-indexer | |
run: kubectl set image -n ${{ env.EKS_NAMESPACE }} deployment/cl-es-sweep-indexer sweep-indexer=freelawproject/courtlistener:${{ steps.vars.outputs.sha_short }}-prod | |
- name: Watch cl-es-sweep-indexer rollout status | |
run: kubectl rollout status -n ${{ env.EKS_NAMESPACE }} deployment/cl-es-sweep-indexer | |
- name: Rollout cl-iquery-probe | |
run: kubectl set image -n ${{ env.EKS_NAMESPACE }} deployment/cl-iquery-probe cl-iquery-probe=freelawproject/courtlistener:${{ steps.vars.outputs.sha_short }}-prod | |
- name: Watch cl-iquery-probe rollout status | |
run: kubectl rollout status -n ${{ env.EKS_NAMESPACE }} deployment/cl-iquery-probe | |
# Watch "cronjobs" in k9s | |
- name: Update cronjobs | |
run: | | |
CRONJOB_NAMES=$(kubectl get cronjobs -n court-listener -o jsonpath='{.items.*.metadata.name}' -l image_type=web-prod); | |
for name in $CRONJOB_NAMES; do | |
kubectl set image -n ${{ env.EKS_NAMESPACE }} CronJob/$name job=freelawproject/courtlistener:${{ steps.vars.outputs.sha_short }}-prod; | |
done; |