-
Notifications
You must be signed in to change notification settings - Fork 0
158 lines (137 loc) · 5.73 KB
/
deploy-apprunner.yml
File metadata and controls
158 lines (137 loc) · 5.73 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
name: Deploy to AWS App Runner
on:
workflow_dispatch: # Enable manual trigger
inputs:
environment:
description: 'Deployment environment'
required: true
default: 'Production'
type: choice
options:
- Production
- staging
push:
branches: [ main ]
paths-ignore:
- 'README.md'
- 'docs/**'
- '*.md'
env:
AWS_REGION: ap-southeast-2
ECR_REPOSITORY: permit-api
APP_RUNNER_SERVICE_NAME: permit-api-service
IMAGE_TAG: ${{ github.sha }}
PYTHON_VERSION: '3.11' # Menentukan versi Python
jobs:
build-test-deploy: # Mengubah nama job agar lebih deskriptif
name: Build, Test, and Deploy to App Runner
runs-on: ubuntu-latest
# Menentukan environment yang akan digunakan, ini memungkinkan akses ke environment secrets
environment: ${{ github.event.inputs.environment || 'Production' }}
steps:
- name: Checkout code
uses: actions/checkout@v4
# --- Testing & Caching ---
- name: Set up Python ${{ env.PYTHON_VERSION }}
uses: actions/setup-python@v4
with:
python-version: ${{ env.PYTHON_VERSION }}
- name: Cache pip dependencies
uses: actions/cache@v3
with:
path: ~/.cache/pip
key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements.txt') }}
restore-keys: |
${{ runner.os }}-pip-
- name: Install Python dependencies
run: |
python -m pip install --upgrade pip
pip install -r requirements.txt
pip install pytest
- name: Debug API Key
run: |
KEY_VALUE="${{ secrets.TEST_API_KEY }}"
echo "API Key Length: ${#KEY_VALUE}"
echo "API Key First 5 Chars: ${KEY_VALUE:0:5}"
echo "API Key Last 5 Chars: ${KEY_VALUE: -5}"
- name: Run tests with pytest
# PERBAIKAN: Menambahkan secret API_KEYS agar server Flask bisa memvalidasi kunci
env:
TEST_API_KEY: ${{ secrets.TEST_API_KEY }} # Untuk dikirim oleh skrip tes
API_KEYS: ${{ secrets.API_KEYS }} # Untuk divalidasi oleh server
run: pytest
# --- Langkah Deployment ---
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ env.AWS_REGION }}
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
- name: Create ECR repository if not exists
run: |
aws ecr describe-repositories --repository-names $ECR_REPOSITORY --region $AWS_REGION || \
aws ecr create-repository --repository-name $ECR_REPOSITORY --region $AWS_REGION
- name: Build, tag, and push image to Amazon ECR
id: build-image
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
run: |
docker build -f Dockerfile.apprunner -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
docker build -f Dockerfile.apprunner -t $ECR_REGISTRY/$ECR_REPOSITORY:latest .
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
docker push $ECR_REGISTRY/$ECR_REPOSITORY:latest
echo "image_uri=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT
- name: Deploy to App Runner and wait
run: |
SERVICE_ARN=$(aws apprunner list-services --query "ServiceSummaryList[?ServiceName=='${{ env.APP_RUNNER_SERVICE_NAME }}'].ServiceArn | [0]" --output text)
if [ -n "$SERVICE_ARN" ] && [ "$SERVICE_ARN" != "None" ]; then
echo "Updating existing App Runner service: $SERVICE_ARN"
aws apprunner start-deployment --service-arn $SERVICE_ARN
echo "Waiting for deployment to complete..."
while true; do
STATUS=$(aws apprunner list-operations --service-arn $SERVICE_ARN --max-results 1 --query "OperationSummaryList[0].Status" --output text)
if [ "$STATUS" == "SUCCEEDED" ]; then
echo "✅ Deployment Succeeded!"
break
elif [ "$STATUS" == "FAILED" ]; then
echo "❌ Deployment Failed!"
exit 1
elif [ "$STATUS" == "IN_PROGRESS" ]; then
echo "Deployment is in progress... waiting 30 seconds."
sleep 30
else
echo "Current operation status: $STATUS. Waiting..."
sleep 30
fi
done
else
echo "Service '${{ env.APP_RUNNER_SERVICE_NAME }}' not found. Please create it manually."
echo "Use Image URI: ${{ steps.build-image.outputs.image_uri }}"
exit 1
fi
# --- Notifikasi Telegram ---
notify:
name: Send Telegram Notification
runs-on: ubuntu-latest
if: always() # Selalu berjalan, baik job sebelumnya sukses maupun gagal
needs: [build-test-deploy] # Bergantung pada job sebelumnya
# Menggunakan environment yang sama untuk mengakses secrets Telegram
environment: ${{ github.event.inputs.environment || 'Production' }}
steps:
- name: Send Telegram message on success or failure
uses: appleboy/telegram-action@master
with:
# Pastikan Anda mengatur secrets ini di Settings > Environments
to: ${{ secrets.TELEGRAM_CHAT_ID }}
token: ${{ secrets.TELEGRAM_TOKEN }}
message: |
*Deployment Status: ${{ needs.build-test-deploy.result == 'success' && '✅ Success' || '❌ Failure' }}*
Repository: `${{ github.repository }}`
Branch: `${{ github.ref_name }}`
Commit: `${{ github.sha }}`
Triggered by: `${{ github.actor }}`
See details here: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
format: markdown