Skip to content

Test, build and deploy #114

Test, build and deploy

Test, build and deploy #114

Workflow file for this run

name: Test, build and deploy
on: workflow_dispatch
permissions:
id-token: write
contents: read
jobs:
# test:
# name: "Test dev"
# runs-on: ubuntu-latest
# defaults:
# run:
# shell: bash
# steps:
# - name: Checkout repo
# uses: actions/checkout@v3
# - name: Configure AWS credentials
# uses: aws-actions/configure-aws-credentials@v2
# with:
# role-to-assume: arn:aws:iam::233044492909:role/SkillsTracker-GitHubActions
# aws-region: eu-west-2
# - name: Configure DVC
# run: bash scripts/configure_dvc.sh
# - name: Test dev
# run: bash scripts/test-dev.sh
# lint:
# name: "Lint"
# needs: test
# runs-on: ubuntu-latest
# steps:
# - uses: actions/checkout@v3
# - uses: actions/setup-python@v3
# with:
# python-version: "3.10"
# - name: Install dev poetry env
# run: |
# python -m pip install --upgrade pip
# pip install poetry
# poetry install
# - name: Run pre-commit
# run: |
# poetry run pre-commit run --all-files
# build-push:
# name: "Build, test and push prod"
# needs: lint
# runs-on: ubuntu-latest
# environment: qa
# defaults:
# run:
# shell: bash
# steps:
# - name: Checkout repo
# uses: actions/checkout@v3
# - name: Configure AWS credentials
# uses: aws-actions/configure-aws-credentials@v2
# with:
# role-to-assume: arn:aws:iam::233044492909:role/SkillsTracker-GitHubActions
# aws-region: eu-west-2
# - name: Build compose
# run: |
# AWS_ACCESS_KEY_ID=${{ env.AWS_ACCESS_KEY_ID }} \
# AWS_SECRET_ACCESS_KEY=${{ env.AWS_SECRET_ACCESS_KEY }} \
# AWS_SESSION_TOKEN=${{ env.AWS_SESSION_TOKEN }} \
# AWS_SECRET_NAME_NEO4J=${{ secrets.AWS_SECRET_NAME_NEO4J }} \
# AWS_SECRET_NAME_AZURE=${{ secrets.AWS_SECRET_NAME_AZURE }} \
# AWS_SECRET_NAME_API=${{ secrets.AWS_SECRET_NAME_API }} \
# AWS_REGION=${{ vars.AWS_REGION }} \
# MONGODB_HOST=${{ vars.MONGODB_HOST }} \
# FRONTEND_URL=${{ vars.FRONTEND_URL }} \
# REACT_APP_API_URL=${{ vars.REACT_APP_API_URL }} \
# docker compose -f docker/docker-compose.qa.yml up -d --build
# - name: Test mongo
# run: |
# timeout=120 # 2 minutes timeout
# while ! curl --fail http://localhost:27017/test; do
# sleep 10
# timeout=$((timeout - 10))
# if [ "$timeout" -le 0 ]; then
# echo "MongoDB failed to start within the expected time."
# exit 1
# fi
# done
# echo "MongoDB is up and running."
# - name: Test API
# run: |
# timeout=120 # 2 minutes timeout
# while ! curl --fail http://localhost:8080/health; do
# sleep 10
# timeout=$((timeout - 10))
# if [ "$timeout" -le 0 ]; then
# echo "API failed to start within the expected time."
# exit 1
# fi
# done
# echo "API is up and running."
# - name: Test frontend
# run: |
# timeout=120 # 2 minutes timeout
# while ! curl --fail http://localhost:3000; do
# sleep 10
# timeout=$((timeout - 10))
# if [ "$timeout" -le 0 ]; then
# echo "Frontend failed to start within the expected time."
# exit 1
# fi
# done
# echo "Frontend is up and running."
# - name: Build and push ECR containers
# run: bash scripts/build-push-prod.sh
terraform:
name: "Terraform"
# needs: build-push
runs-on: ubuntu-latest
defaults:
run:
shell: bash
steps:
- name: Checkout repo
uses: actions/checkout@v3
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v2
with:
role-to-assume: arn:aws:iam::233044492909:role/SkillsTracker-Terraform
aws-region: eu-west-2
- name: Setup Terraform
uses: hashicorp/setup-terraform@v2
with:
terraform_wrapper: false
- name: Initialize Terraform
run: terraform -chdir=terraform init
- name: Format Terraform
run: terraform -chdir=terraform fmt -check
- name: Plan Terraform
run: terraform -chdir=terraform plan -input=false
- name: Destroy previous resources
run: terraform -chdir=terraform destroy -auto-approve
- name: Apply Terraform
run: terraform -chdir=terraform apply -auto-approve -input=false
- name: Fetch SSH Key and EIP from Terraform Outputs
id: fetch-outputs
run: |
echo "API_PRIVATE_KEY_ENCODED=$(terraform -chdir=terraform output -raw private_key | base64 -w0)" >> $GITHUB_ENV
echo "API_PUBLIC_IP=$(terraform -chdir=terraform output -raw api_ip)" >> $GITHUB_ENV
- name: Configure DVC
run: bash scripts/configure_dvc.sh
- name: Test SSH connection
run: |
echo "${{ env.API_PRIVATE_KEY_ENCODED }}" | base64 -d > private_key.pem
chmod 600 private_key.pem
attempts=0
max_attempts=24 # 10-second sleep x 24 = 2 minutes
while true; do
if ssh -o StrictHostKeyChecking=no -i private_key.pem ubuntu@${{ env.API_PUBLIC_IP }} "grep -q 'User data script completed' /var/log/userdata.log"; then
break # Exit the loop once SSH succeeds
fi
echo "Waiting for EC2 SSH..."
sleep 5
attempts=$((attempts+1))
if [[ "$attempts" -ge "$max_attempts" ]]; then
echo "Failed to connect to EC2 via SSH after 2 minutes."
exit 1
fi
done
ssh -o StrictHostKeyChecking=no -i private_key.pem ubuntu@${{ env.API_PUBLIC_IP }} "docker ps"
- name: Copy deployment files
run: |
echo "${{ env.API_PRIVATE_KEY_ENCODED }}" | base64 -d > private_key.pem
chmod 600 private_key.pem
scp -o StrictHostKeyChecking=no -i private_key.pem data/admin_users.txt ubuntu@${{ env.API_PUBLIC_IP }}:~/data
scp -o StrictHostKeyChecking=no -i private_key.pem docker/docker-compose.prod.yml ubuntu@${{ env.API_PUBLIC_IP }}:~/docker
scp -o StrictHostKeyChecking=no -i private_key.pem -r docker/data ubuntu@${{ env.API_PUBLIC_IP }}:~/docker/data
scp -o StrictHostKeyChecking=no -i private_key.pem scripts/initialise_ec2.sh ubuntu@${{ env.API_PUBLIC_IP }}:~/scripts
- name: Launch application
run: |
echo "${{ env.API_PRIVATE_KEY_ENCODED }}" | base64 -d > private_key.pem
chmod 600 private_key.pem
ssh -o StrictHostKeyChecking=no -i private_key.pem ubuntu@${{ env.API_PUBLIC_IP }} "bash scripts/initialise_ec2.sh"
ssh -o StrictHostKeyChecking=no -i private_key.pem ubuntu@${{ env.API_PUBLIC_IP }} "aws ecr get-login-password --region eu-west-2 | docker login --username AWS --password-stdin 233044492909.dkr.ecr.eu-west-2.amazonaws.com"
ssh -o StrictHostKeyChecking=no -i private_key.pem ubuntu@${{ env.API_PUBLIC_IP }} "docker compose -f docker/docker-compose.prod.yml up -d --build"