Skip to content
Ansible deploy production

Deploy version 3.2.6 on production by @ggrossetie #231

Sign in to view logs

Deploy version 3.2.6 on production by @ggrossetie

Deploy version 3.2.6 on production by @ggrossetie #231

Workflow file for this run

.github/workflows/deploy-tag.yml at b92e3d8
name: Ansible deploy production
run-name: Deploy version ${{ inputs.release-version }} on production by @${{ github.actor }}
on:
# workflow_run:
# workflows:
# - "Build and deploy Docker images"
# types:
# - completed
workflow_dispatch:
inputs:
release-version:
description: Release version to deploy
required: true
env:
SNOWPACK_PUBLIC_BACKEND_ENDPOINT: https://stylo.huma-num.fr
SNOWPACK_PUBLIC_GRAPHQL_ENDPOINT: https://stylo.huma-num.fr/graphql
SNOWPACK_PUBLIC_PANDOC_EXPORT_ENDPOINT: https://export.stylo.huma-num.fr
SNOWPACK_PUBLIC_HUMAN_ID_REGISTER_ENDPOINT: https://humanid.huma-num.fr/register?service=https://stylo.huma-num.fr/authorization-code/callback
SNOWPACK_MATOMO_URL: https://analyseweb.huma-num.fr/
SNOWPACK_MATOMO_SITE_ID: 286
SNOWPACK_PUBLIC_ANNOTATIONS_CANONICAL_BASE_URL: https://stylo.ecrituresnumeriques.ca
SENTRY_DSN: https://276d5080680a70a3edf98783a2b264d0@o4507130700496896.ingest.de.sentry.io/4507130704560208
SENTRY_ENVIRONMENT: prod
jobs:
build-assets:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version-file: .nvmrc
cache: npm
- name: Build front assets
run: |
npm clean-install --prefix=front
npm run build --prefix=front
env:
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
SNOWPACK_SOURCEMAPS: 'hidden'
- name: Store build artifacts for the deploy stage
uses: actions/upload-artifact@v4
with:
name: front-assets
path: ./front/build
if-no-files-found: error
include-hidden-files: true
- name: Sentry Release (front)
uses: getsentry/action-release@v1
env:
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
SENTRY_ORG: ${{ secrets.SENTRY_ORG }}
SENTRY_PROJECT: stylo-front
with:
environment: prod
version: '${{ inputs.release-version }}'
inject: true
sourcemaps: ./front/build
strip_common_prefix: true
- name: Sentry Release (graphql)
uses: getsentry/action-release@v1
env:
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
SENTRY_ORG: ${{ secrets.SENTRY_ORG }}
SENTRY_PROJECT: stylo-graphql
with:
environment: prod
version: '${{ inputs.release-version }}'
strip_common_prefix: true
deployment:
runs-on: ubuntu-latest
needs: [build-assets]
environment:
name: production
url: https://stylo.huma-num.fr
steps:
- uses: actions/checkout@v4
with:
ref: ${{ format('v{0}', inputs.release-version) }}
- uses: actions/download-artifact@v4
id: assets
with:
name: front-assets
path: /tmp/front-assets
- name: Set up Python 3.10 (w/ cache)
uses: actions/setup-python@v5
with:
python-version: '3.10'
cache: 'pip'
cache-dependency-path: '**/deploy-requirements.txt'
- name: Install dependencies
run: |
python -m pip install -r .github/workflows/deploy-requirements.txt
- name: Set Ansible config secrets
run: |
echo "${{ secrets.ANSIBLE_VAULT_PASSWORD_PROD }}" > infrastructure/.ansible-vault-password
- name: Setup SSH
run: |
mkdir -p ~/.ssh
echo "${{ secrets.SSH_PRIVATE_KEY_PROD }}" > ~/.ssh/id_ed25519
chmod 600 ~/.ssh/id_ed25519
- name: Run playbook
working-directory: ./infrastructure
run: |
ansible-playbook -v -i inventories/prod \
--extra-vars "@vault-prod.yml" \
--extra-vars "app_version=${{ inputs.release-version }}" \
--extra-vars "assets_path=/tmp/front-assets/" \
--private-key ~/.ssh/id_ed25519 \
--vault-password-file ./.ansible-vault-password \
playbook.yml