-
Notifications
You must be signed in to change notification settings - Fork 13
137 lines (119 loc) · 4.38 KB
/
deploy-tag.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
name: Ansible deploy production
run-name: Deploy version ${{ inputs.release-version }} on production by @${{ github.actor }}
on:
# workflow_run:
# workflows:
# - "Build and deploy Docker images"
# types:
# - completed
workflow_dispatch:
inputs:
release-version:
description: Release version to deploy
required: true
env:
SNOWPACK_PUBLIC_BACKEND_ENDPOINT: https://stylo.huma-num.fr
SNOWPACK_PUBLIC_GRAPHQL_ENDPOINT: https://stylo.huma-num.fr/graphql
SNOWPACK_PUBLIC_PANDOC_EXPORT_ENDPOINT: https://export.stylo.huma-num.fr
SNOWPACK_PUBLIC_HUMAN_ID_REGISTER_ENDPOINT: https://humanid.huma-num.fr/register?service=https://stylo.huma-num.fr/authorization-code/callback
SNOWPACK_MATOMO_URL: https://analyseweb.huma-num.fr/
SNOWPACK_MATOMO_SITE_ID: 286
SNOWPACK_PUBLIC_ANNOTATIONS_CANONICAL_BASE_URL: https://stylo.ecrituresnumeriques.ca
SENTRY_DSN: https://276d5080680a70a3edf98783a2b264d0@o4507130700496896.ingest.de.sentry.io/4507130704560208
SENTRY_ENVIRONMENT: prod
jobs:
build-assets:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version-file: .nvmrc
cache: npm
- name: Build front assets
run: |
npm clean-install --prefix=front
npm run build --prefix=front
env:
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
SNOWPACK_SOURCEMAPS: 'hidden'
- name: Store build artifacts for the deploy stage
uses: actions/upload-artifact@v4
with:
name: front-assets
path: ./front/build
if-no-files-found: error
include-hidden-files: true
- name: Sentry Release (front)
uses: getsentry/action-release@v1
env:
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
SENTRY_ORG: ${{ secrets.SENTRY_ORG }}
SENTRY_PROJECT: stylo-front
with:
environment: prod
version: '${{ inputs.release-version }}'
inject: true
sourcemaps: ./front/build
strip_common_prefix: true
- name: Sentry Release (graphql)
uses: getsentry/action-release@v1
env:
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
SENTRY_ORG: ${{ secrets.SENTRY_ORG }}
SENTRY_PROJECT: stylo-graphql
with:
environment: prod
version: '${{ inputs.release-version }}'
strip_common_prefix: true
deployment:
runs-on: ubuntu-latest
needs: [build-assets]
environment:
name: production
url: https://stylo.huma-num.fr
steps:
- uses: actions/checkout@v4
with:
ref: ${{ format('v{0}', inputs.release-version) }}
- uses: actions/download-artifact@v4
id: assets
with:
name: front-assets
path: /tmp/front-assets
- name: Set up Python 3.10 (w/ cache)
uses: actions/setup-python@v5
with:
python-version: '3.10'
cache: 'pip'
cache-dependency-path: '**/deploy-requirements.txt'
- name: Install dependencies
run: |
python -m pip install -r .github/workflows/deploy-requirements.txt
- name: Set Ansible config secrets
run: |
echo "${{ secrets.ANSIBLE_VAULT_PASSWORD_PROD }}" > infrastructure/.ansible-vault-password
- name: Setup SSH
run: |
mkdir -p ~/.ssh
echo "${{ secrets.SSH_PRIVATE_KEY_PROD }}" > ~/.ssh/id_ed25519
chmod 600 ~/.ssh/id_ed25519
- name: Run backup playbook
working-directory: ./infrastructure
run: |
ansible-playbook -v -i inventories/prod \
--extra-vars "@vault-prod.yml" \
--extra-vars "app_version=${{ inputs.release-version }}" \
--private-key ~/.ssh/id_ed25519 \
--vault-password-file ./.ansible-vault-password \
backup-playbook.yml
- name: Run deployment playbook
working-directory: ./infrastructure
run: |
ansible-playbook -v -i inventories/prod \
--extra-vars "@vault-prod.yml" \
--extra-vars "app_version=${{ inputs.release-version }}" \
--extra-vars "assets_path=/tmp/front-assets/" \
--private-key ~/.ssh/id_ed25519 \
--vault-password-file ./.ansible-vault-password \
playbook.yml