Skip to content

Commit fae9fd6

Browse files
FyreByrdFyreByrd
committed
Initial draft of GHA (#78)
* Initial draft of GHA * Move DB Url back to schema * Fix circular import in artifacts * Fix source maps * Add empty versions of needed env vars * Relocate empty env vars * Fix build output * DRY deploy * Add OTEL to deploy script * CR Feedback * Refactor Docker build * Remove unneeded if These jobs should be skipped due to needs property
1 parent 4ed2269 commit fae9fd6

13 files changed

Lines changed: 389 additions & 249 deletions

File tree

.github/workflows/deploy.yml

Lines changed: 82 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,82 @@
1+
name: BuildEngine v2 Deploy to AWS
2+
3+
on:
4+
workflow_call:
5+
inputs:
6+
BUILD_NUMBER:
7+
type: 'string'
8+
required: true
9+
ECS_CLUSTER:
10+
type: 'string'
11+
required: true
12+
DOCKER_TAG:
13+
type: 'string'
14+
required: true
15+
BUILD_ENGINE_BUILD_TAG:
16+
type: 'string'
17+
required: true
18+
OTEL_BUILD_TAG:
19+
type: 'string'
20+
required: true
21+
secrets:
22+
AWS_ACCESS_KEY_ID:
23+
required: true
24+
AWS_SECRET_ACCESS_KEY:
25+
required: true
26+
AWS_DEFAULT_REGION:
27+
required: true
28+
AWS_ECR_ACCOUNT:
29+
required: true
30+
31+
jobs:
32+
deploy-to-ecr:
33+
runs-on: ubuntu-latest
34+
steps:
35+
- name: Pull from GHCR
36+
run: |
37+
docker pull ghcr.io/sillsdev/appbuilder-buildengine-api:${{ inputs.DOCKER_TAG }}
38+
docker pull ghcr.io/sillsdev/appbuilder-buildengine-otel:${{ inputs.DOCKER_TAG }}
39+
40+
- name: Configure AWS credentials
41+
id: aws
42+
uses: aws-actions/configure-aws-credentials@v4
43+
with:
44+
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
45+
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
46+
aws-region: ${{ secrets.AWS_DEFAULT_REGION }}
47+
48+
- name: Login to AWS ECR
49+
id: ecr
50+
uses: aws-actions/amazon-ecr-login@v2
51+
with:
52+
registries: ${{ secrets.AWS_ECR_ACCOUNT }}
53+
54+
- name: Build deployment target variables
55+
id: vars
56+
run: |
57+
echo "Setting up deployment variables..."
58+
echo "IMAGE_URL=${{ steps.ecr.outputs.registry }}/appbuilder-buildengine-api-origin" >> $GITHUB_OUTPUT
59+
echo "OTEL_URL=${{ steps.ecr.outputs.registry }}/appbuilder-buildengine-api-otel-collector" >> $GITHUB_OUTPUT
60+
61+
- name: Push to AWS ECR
62+
run: |
63+
docker tag ${{ inputs.BUILD_ENGINE_BUILD_TAG}} "${{ steps.vars.outputs.IMAGE_URL }}:${{ inputs.DOCKER_TAG }}"
64+
docker tag ${{ inputs.BUILD_ENGINE_BUILD_TAG}} "${{ steps.vars.outputs.IMAGE_URL }}:${{ inputs.BUILD_NUMBER }}"
65+
docker tag ${{ inputs.OTEL_BUILD_TAG}} "${{ steps.vars.outputs.OTEL_URL }}:${{ inputs.DOCKER_TAG }}"
66+
docker tag ${{ inputs.OTEL_BUILD_TAG}} "${{ steps.vars.outputs.OTEL_URL }}:${{ inputs.BUILD_NUMBER }}"
67+
echo "Docker images tagged as ${{ inputs.DOCKER_TAG }} and ${{ inputs.BUILD_NUMBER }}"
68+
69+
docker push "${{ steps.vars.outputs.IMAGE_URL }}:${{ inputs.DOCKER_TAG }}"
70+
docker push "${{ steps.vars.outputs.IMAGE_URL }}:${{ inputs.BUILD_NUMBER }}"
71+
echo "Docker images pushed successfully to ${{ steps.vars.outputs.IMAGE_URL }}"
72+
73+
docker push "${{ steps.vars.outputs.OTEL_URL }}:${{ inputs.DOCKER_TAG }}"
74+
docker push "${{ steps.vars.outputs.OTEL_URL }}:${{ inputs.BUILD_NUMBER }}"
75+
echo "Docker images pushed successfully to ${{ steps.vars.outputs.OTEL_URL }}"
76+
77+
- name: Deploy to ECS
78+
if: ${{ inputs.ECS_CLUSTER != 'none' }}
79+
run: |
80+
echo "Deploying ${{ inputs.BUILD_NUMBER }} to ${{ inputs.ECS_CLUSTER }}"
81+
# Deploy to ECS cluster with service name 'build-engine', setting all images to the latest tag
82+
ecs-deploy -c ${{ inputs.ECS_CLUSTER }} -n buildengine -i ignore -to ${{ inputs.BUILD_NUMBER }} --max-definitions 20 --timeout 600

.github/workflows/main.yml

Lines changed: 80 additions & 152 deletions
Original file line numberDiff line numberDiff line change
@@ -1,70 +1,54 @@
1-
name: BuildEngine CI
1+
name: BuildEngine v2 Test and Deploy
22

33
on:
44
push:
5-
branches: [master, develop, github-builds]
6-
pull_request:
75
workflow_dispatch:
86
inputs:
9-
logLevel:
10-
description: "Log Level"
11-
required: true
12-
default: "warning"
137
tags:
148
description: "Tags"
15-
schedule:
16-
- cron: "0 0 * * 0" # weekly
179

1810
env:
19-
BUILD_TAG: "build-engine-api:${{ github.run_number }}"
20-
BUILD_NUMBER: ${{ github.run_number }}
11+
BUILD_ENGINE_BUILD_TAG: "build-engine-api:${{ github.run_number }}"
12+
OTEL_BUILD_TAG: "build-engine-otel:${{ github.run_number }}"
2113

2214
jobs:
23-
build:
15+
check:
16+
uses: "./.github/workflows/setup.yml"
17+
secrets:
18+
AUTH0_SECRET: ${{ secrets.AUTH0_SECRET }}
19+
push-to-ghcr:
2420
runs-on: ubuntu-latest
25-
21+
needs: check
22+
outputs:
23+
DOCKER_TAG: ${{ steps.branch.outputs.DOCKER_TAG }}
24+
ECS_CLUSTER: ${{ steps.branch.outputs.ECS_CLUSTER }}
25+
BUILD_ENGINE_BUILD_TAG: ${{ env.BUILD_ENGINE_BUILD_TAG }}
26+
OTEL_BUILD_TAG: ${{ env.OTEL_BUILD_TAG }}
27+
if: ${{ success() && (github.ref == 'refs/heads/develop' || github.ref == 'refs/heads/master') }}
2628
steps:
27-
- uses: actions/checkout@v3
28-
29-
- name: Get environment info
30-
run: |
31-
echo Docker version
32-
docker --version
33-
echo
34-
echo Env
35-
env
36-
37-
- name: Setup local.env
38-
run: |
39-
echo "COMPOSER_AUTH={\"github-oauth\":{\"github.com\":\""${{ secrets.GITHUB_TOKEN }}\""}}" > local.env
40-
41-
- name: Install dependencies
42-
run: |
43-
echo "Installing ecs-deploy script..."
44-
mkdir -p $HOME/.local/bin
45-
curl -o $HOME/.local/bin/ecs-deploy https://raw.githubusercontent.com/silinternational/ecs-deploy/master/ecs-deploy
46-
chmod +x $HOME/.local/bin/ecs-deploy
47-
48-
- name: Tests
49-
run: |
50-
make test
29+
- name: Checkout
30+
uses: actions/checkout@v5
5131

52-
- name: Build docker image
53-
uses: docker/build-push-action@v4
32+
- name: Setup node
33+
uses: actions/setup-node@v5
5434
with:
55-
push: false
56-
tags: ${{ env.BUILD_TAG }}
57-
context: .
58-
load: true
35+
node-version: 24
5936

6037
- name: Determine branch tag
6138
id: branch
6239
run: |
6340
if [[ "${GITHUB_HEAD_REF}" != "" ]]; then BRANCH="${GITHUB_HEAD_REF}"; else BRANCH="${GITHUB_REF_NAME}"; fi
6441
case $BRANCH in develop) DOCKER_TAG="staging" ;; master) DOCKER_TAG="production" ;; *) DOCKER_TAG="${BRANCH//\//-}" ;; esac
6542
case $BRANCH in develop) ECS_CLUSTER="scriptoria-stg";; master) ECS_CLUSTER="scriptoria-prd" ;; *) ECS_CLUSTER="none" ;; esac
66-
echo "DockerTag=${DOCKER_TAG}" >> $GITHUB_OUTPUT
67-
echo "EcsCluster=${ECS_CLUSTER}" >> $GITHUB_OUTPUT
43+
echo "DOCKER_TAG=${DOCKER_TAG}" >> $GITHUB_OUTPUT
44+
echo "ECS_CLUSTER=${ECS_CLUSTER}" >> $GITHUB_OUTPUT
45+
46+
- name: Build Docker images
47+
run: |
48+
echo "Building Docker images..."
49+
docker build -t ${{ env.BUILD_ENGINE_BUILD_TAG}} .
50+
docker build -t ${{ env.OTEL_BUILD_TAG}} -f Dockerfile.otel .
51+
echo "Docker images built successfully."
6852
6953
- name: Login to GitHub Container Registry
7054
uses: docker/login-action@v2
@@ -75,110 +59,54 @@ jobs:
7559

7660
- name: Push to GHCR
7761
run: |
78-
docker tag ${{ env.BUILD_TAG }} ghcr.io/sillsdev/appbuilder-buildengine-api:${{ steps.branch.outputs.DockerTag }}
79-
docker push ghcr.io/sillsdev/appbuilder-buildengine-api:${{ steps.branch.outputs.DockerTag }}
80-
81-
- name: Configure AWS credentials (SIL)
82-
id: aws_sil
83-
uses: aws-actions/configure-aws-credentials@v4
84-
with:
85-
aws-access-key-id: ${{ secrets.SIL__AWS_ACCESS_KEY_ID }}
86-
aws-secret-access-key: ${{ secrets.SIL__AWS_SECRET_ACCESS_KEY }}
87-
aws-region: ${{ secrets.SIL__AWS_DEFAULT_REGION }}
88-
89-
- name: Login to AWS ECR (SIL)
90-
id: ecr_sil
91-
uses: aws-actions/amazon-ecr-login@v2
92-
with:
93-
registries: ${{ secrets.SIL__AWS_ECR_ACCOUNT }}
94-
95-
- name: Push to AWS ECR (SIL)
96-
run: |
97-
docker tag ${{ env.BUILD_TAG }} "${{ steps.ecr_sil.outputs.registry }}/appbuilder-buildengine-api:${{ steps.branch.outputs.DockerTag }}"
98-
docker tag ${{ env.BUILD_TAG }} "${{ steps.ecr_sil.outputs.registry }}/appbuilder-buildengine-api:${{ env.BUILD_NUMBER }}"
99-
docker push "${{ steps.ecr_sil.outputs.registry }}/appbuilder-buildengine-api:${{ steps.branch.outputs.DockerTag }}"
100-
docker push "${{ steps.ecr_sil.outputs.registry }}/appbuilder-buildengine-api:${{ env.BUILD_NUMBER }}"
101-
102-
- name: Deploy to ECS (SIL)
103-
if: ${{ steps.branch.outputs.EcsCluster != 'none' }}
104-
run: |
105-
echo "Deploying ${{ env.BUILD_NUMBER }} to ${{ steps.branch.outputs.EcsCluster }}"
106-
# Deploy to ECS cluster with service name 'build-engine', setting all images to the latest tag
107-
ecs-deploy -c ${{ steps.branch.outputs.EcsCluster }} -n buildengine -i ignore -to ${{ env.BUILD_NUMBER }} --max-definitions 20 --timeout 600
108-
echo "Deployment initiated successfully."
109-
110-
- name: Configure AWS credentials (FCBH)
111-
if: false # Temporarily disabled - remove this line to re-enable
112-
# if: ${{ steps.branch.outputs.EcsCluster == 'scriptoria-prd' }} # Restore this when re-enabling
113-
id: aws_fcbh
114-
uses: aws-actions/configure-aws-credentials@v4
115-
with:
116-
aws-access-key-id: ${{ secrets.FCBH__AWS_ACCESS_KEY_ID }}
117-
aws-secret-access-key: ${{ secrets.FCBH__AWS_SECRET_ACCESS_KEY }}
118-
aws-region: ${{ secrets.FCBH__AWS_DEFAULT_REGION }}
119-
120-
- name: Login to AWS ECR (FCBH)
121-
if: false # Temporarily disabled - remove this line to re-enable
122-
# if: ${{ steps.branch.outputs.EcsCluster == 'scriptoria-prd' }} # Restore this when re-enabling
123-
id: ecr_fcbh
124-
uses: aws-actions/amazon-ecr-login@v2
125-
with:
126-
registries: ${{ secrets.FCBH__AWS_ECR_ACCOUNT }}
127-
128-
- name: Push to AWS ECR (FCBH)
129-
if: false # Temporarily disabled - remove this line to re-enable
130-
# if: ${{ steps.branch.outputs.EcsCluster == 'scriptoria-prd' }} # Restore this when re-enabling
131-
run: |
132-
docker tag ${{ env.BUILD_TAG }} "${{ steps.ecr_fcbh.outputs.registry }}/appbuilder-buildengine-api:${{ steps.branch.outputs.DockerTag }}"
133-
docker tag ${{ env.BUILD_TAG }} "${{ steps.ecr_fcbh.outputs.registry }}/appbuilder-buildengine-api:${{ env.BUILD_NUMBER }}"
134-
docker push "${{ steps.ecr_fcbh.outputs.registry }}/appbuilder-buildengine-api:${{ steps.branch.outputs.DockerTag }}"
135-
docker push "${{ steps.ecr_fcbh.outputs.registry }}/appbuilder-buildengine-api:${{ env.BUILD_NUMBER }}"
136-
137-
- name: Deploy to ECS (FCBH)
138-
if: false # Temporarily disabled - remove this line to re-enable
139-
# if: ${{ steps.branch.outputs.EcsCluster == 'scriptoria-prd' }} # Restore this when re-enabling
140-
run: |
141-
echo "Deploying ${{ env.BUILD_NUMBER }} to ${{ steps.branch.outputs.EcsCluster }}"
142-
# Deploy to ECS cluster with service name 'build-engine', setting all images to the latest tag
143-
ecs-deploy -c ${{ steps.branch.outputs.EcsCluster }} -n buildengine -i ignore -to ${{ env.BUILD_NUMBER }} --max-definitions 20 --timeout 600
144-
echo "Deployment initiated successfully."
145-
146-
- name: Configure AWS credentials (LU)
147-
if: ${{ steps.branch.outputs.EcsCluster == 'scriptoria-stg' }}
148-
id: aws_lu
149-
uses: aws-actions/configure-aws-credentials@v4
150-
with:
151-
aws-access-key-id: ${{ secrets.LU__AWS_ACCESS_KEY_ID }}
152-
aws-secret-access-key: ${{ secrets.LU__AWS_SECRET_ACCESS_KEY }}
153-
aws-region: ${{ secrets.LU__AWS_DEFAULT_REGION }}
154-
155-
- name: Login to AWS ECR (LU)
156-
if: ${{ steps.branch.outputs.EcsCluster == 'scriptoria-stg' }}
157-
id: ecr_lu
158-
uses: aws-actions/amazon-ecr-login@v2
159-
with:
160-
registries: ${{ secrets.LU__AWS_ECR_ACCOUNT }}
161-
162-
- name: Push to AWS ECR (LU)
163-
if: ${{ steps.branch.outputs.EcsCluster == 'scriptoria-stg' }}
164-
run: |
165-
docker tag ${{ env.BUILD_TAG }} "${{ steps.ecr_lu.outputs.registry }}/appbuilder-buildengine-api:${{ steps.branch.outputs.DockerTag }}"
166-
docker tag ${{ env.BUILD_TAG }} "${{ steps.ecr_lu.outputs.registry }}/appbuilder-buildengine-api:${{ env.BUILD_NUMBER }}"
167-
docker push "${{ steps.ecr_lu.outputs.registry }}/appbuilder-buildengine-api:${{ steps.branch.outputs.DockerTag }}"
168-
docker push "${{ steps.ecr_lu.outputs.registry }}/appbuilder-buildengine-api:${{ env.BUILD_NUMBER }}"
169-
170-
- name: Deploy to ECS (LU)
171-
if: ${{ steps.branch.outputs.EcsCluster == 'scriptoria-stg' }}
172-
run: |
173-
echo "Deploying ${{ env.BUILD_NUMBER }} to ${{ steps.branch.outputs.EcsCluster }}"
174-
# Deploy to ECS cluster with service name 'build-engine', setting all images to the latest tag
175-
ecs-deploy -c ${{ steps.branch.outputs.EcsCluster }} -n buildengine -i ignore -to ${{ env.BUILD_NUMBER }} --max-definitions 20 --timeout 600
176-
echo "Deployment initiated successfully."
177-
178-
- name: Clean up older packages
179-
uses: actions/delete-package-versions@v4
180-
with:
181-
package-name: "appbuilder-buildengine-api"
182-
package-type: "container"
183-
min-versions-to-keep: 6
184-
delete-only-untagged-versions: "true"
62+
docker tag ${{ env.BUILD_ENGINE_BUILD_TAG }} ghcr.io/sillsdev/appbuilder-buildengine-api:${{ steps.branch.outputs.DOCKER_TAG }}
63+
docker push ghcr.io/sillsdev/appbuilder-buildengine-api:${{ steps.branch.outputs.DOCKER_TAG }}
64+
65+
docker tag ${{ env.OTEL_BUILD_TAG }} ghcr.io/sillsdev/appbuilder-buildengine-otel:${{ steps.branch.outputs.DOCKER_TAG }}
66+
docker push ghcr.io/sillsdev/appbuilder-buildengine-otel:${{ steps.branch.outputs.DOCKER_TAG }}
67+
68+
deploy-sil:
69+
needs: push-to-ghcr
70+
uses: "./.github/workflows/deploy.yml"
71+
with:
72+
BUILD_NUMBER: ${{ github.run_number }}
73+
ECS_CLUSTER: ${{ needs.push-to-ghcr.outputs.ECS_CLUSTER }}
74+
DOCKER_TAG: ${{ needs.push-to-ghcr.outputs.DOCKER_TAG }}
75+
BUILD_ENGINE_BUILD_TAG: ${{ needs.push-to-ghcr.outputs.BUILD_ENGINE_BUILD_TAG }}
76+
OTEL_BUILD_TAG: ${{ needs.push-to-ghcr.outputs.OTEL_BUILD_TAG }}
77+
secrets:
78+
AWS_ACCESS_KEY_ID: ${{ secrets.SIL__AWS_ACCESS_KEY_ID }}
79+
AWS_SECRET_ACCESS_KEY: ${{ secrets.SIL__AWS_SECRET_ACCESS_KEY }}
80+
AWS_DEFAULT_REGION: ${{ secrets.SIL__AWS_DEFAULT_REGION }}
81+
AWS_ECR_ACCOUNT: ${{ secrets.SIL__AWS_ECR_ACCOUNT }}
82+
deploy-fcbh:
83+
needs: push-to-ghcr
84+
if: false # Temporarily disabled - remove this line to re-enable
85+
# if: ${{ needs.push-to-ghcr.outputs.ECS_CLUSTER == 'scriptoria-prd' }} # Restore this when re-enabling
86+
uses: "./.github/workflows/deploy.yml"
87+
with:
88+
BUILD_NUMBER: ${{ github.run_number }}
89+
ECS_CLUSTER: ${{ needs.push-to-ghcr.outputs.ECS_CLUSTER }}
90+
DOCKER_TAG: ${{ needs.push-to-ghcr.outputs.DOCKER_TAG }}
91+
BUILD_ENGINE_BUILD_TAG: ${{ needs.push-to-ghcr.outputs.BUILD_ENGINE_BUILD_TAG }}
92+
OTEL_BUILD_TAG: ${{ needs.push-to-ghcr.outputs.OTEL_BUILD_TAG }}
93+
secrets:
94+
AWS_ACCESS_KEY_ID: ${{ secrets.FCBH__AWS_ACCESS_KEY_ID }}
95+
AWS_SECRET_ACCESS_KEY: ${{ secrets.FCBH__AWS_SECRET_ACCESS_KEY }}
96+
AWS_DEFAULT_REGION: ${{ secrets.FCBH__AWS_DEFAULT_REGION }}
97+
AWS_ECR_ACCOUNT: ${{ secrets.FCBH__AWS_ECR_ACCOUNT }}
98+
deploy-lu:
99+
needs: push-to-ghcr
100+
if: ${{ needs.push-to-ghcr.outputs.ECS_CLUSTER == 'scriptoria-stg' }}
101+
uses: "./.github/workflows/deploy.yml"
102+
with:
103+
BUILD_NUMBER: ${{ github.run_number }}
104+
ECS_CLUSTER: ${{ needs.push-to-ghcr.outputs.ECS_CLUSTER }}
105+
DOCKER_TAG: ${{ needs.push-to-ghcr.outputs.DOCKER_TAG }}
106+
BUILD_ENGINE_BUILD_TAG: ${{ needs.push-to-ghcr.outputs.BUILD_ENGINE_BUILD_TAG }}
107+
OTEL_BUILD_TAG: ${{ needs.push-to-ghcr.outputs.OTEL_BUILD_TAG }}
108+
secrets:
109+
AWS_ACCESS_KEY_ID: ${{ secrets.LU__AWS_ACCESS_KEY_ID }}
110+
AWS_SECRET_ACCESS_KEY: ${{ secrets.LU__AWS_SECRET_ACCESS_KEY }}
111+
AWS_DEFAULT_REGION: ${{ secrets.LU__AWS_DEFAULT_REGION }}
112+
AWS_ECR_ACCOUNT: ${{ secrets.LU__AWS_ECR_ACCOUNT }}

.github/workflows/pr.yml

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,11 @@
1+
name: Test and Lint
2+
3+
on:
4+
pull_request:
5+
branches:
6+
- master
7+
- develop
8+
9+
jobs:
10+
checks:
11+
uses: ./.github/workflows/setup.yml

0 commit comments

Comments
 (0)