prod #1415
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Deploy Happy | |
on: deployment | |
# https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services | |
permissions: | |
id-token: write | |
contents: read | |
deployments: write | |
env: | |
DOCKER_BUILDKIT: 1 | |
COMPOSE_DOCKER_CLI_BUILD: 1 | |
DOCKER_REPO: ${{ secrets.ECR_REPO }}/ | |
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | |
jobs: | |
upgrade: | |
runs-on: ubuntu-20.04 | |
steps: | |
- uses: act10ns/slack@v1 | |
with: | |
status: starting | |
if: github.event.deployment.environment == 'prod' | |
- name: Configure AWS Prod Credentials | |
uses: aws-actions/configure-aws-credentials@v2 | |
if: github.event.deployment.environment == 'prod' | |
with: | |
role-session-name: DeployProdStack | |
aws-region: us-west-2 | |
role-to-assume: ${{ secrets.AWS_PROD_ROLE_TO_ASSUME }} | |
role-duration-seconds: 2000 | |
- name: Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@v2 | |
if: github.event.deployment.environment != 'prod' | |
with: | |
role-session-name: DeployNonProdStack | |
aws-region: us-west-2 | |
role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }} | |
role-duration-seconds: 2000 | |
- uses: actions/checkout@v2 | |
with: | |
ref: ${{ github.event.deployment.sha }} | |
- name: Install happy dependencies | |
run: | | |
pip install -r .happy/requirements.txt | |
- uses: avakar/set-deployment-status@v1 | |
with: | |
state: in_progress | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Update deployment | |
uses: chanzuckerberg/github-actions/.github/actions/[email protected] | |
with: | |
tfe-token: ${{ secrets.TFE_TOKEN }} | |
stack-name: ge${{ github.event.deployment.environment }}stack | |
happy_version: "0.41.3" | |
create-tag: "false" | |
tag: ${{ github.event.deployment.payload.tag }} | |
env: ${{ github.event.deployment.environment }} | |
- name: Run integration tests | |
env: | |
TFE_TOKEN: ${{ secrets.TFE_TOKEN }} | |
DEPLOYMENT_STAGE: ${{ github.event.deployment.environment }} | |
if: github.event.deployment.environment != 'prod' | |
run: | | |
echo "DOCKER_REPO=${DOCKER_REPO}" > .env.ecr | |
echo "TODO - run functional tests against staging!" | |
### Need to write success failure way because Github API doesn't allow doing | |
### "if: always(), state: ${{ success() }}: | |
- name: Set deployment status to success if no errors | |
uses: avakar/set-deployment-status@v1 | |
with: | |
state: success | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- uses: act10ns/slack@v1 | |
with: | |
status: ${{ job.status }} | |
steps: ${{ toJson(steps) }} | |
if: github.event.deployment.environment == 'prod' || failure() | |
- name: Set deployment status to failure if errors | |
uses: avakar/set-deployment-status@v1 | |
if: failure() | |
with: | |
state: failure | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |