CodeForPoznan · arturtamborski · Mar 12, 2022 · May 8, 2021 · May 9, 2021 · May 9, 2021
diff --git a/.travis.yml b/.travis.yml
@@ -1,14 +1,25 @@
+os: linux
+dist: xenial
 language: python
 python: 3.8
 
 env:
   global:
     - SECRET_KEY=codeforpoznan
-    # AWS_ACCESS_KEY_ID
+    - AWS_REGION=eu-west-1
+
+    - STAGING_RESOURCE=dev_codeforpoznan_pl_v3
+    # STAGING_AWS_ACCESS_KEY_ID
     - secure: "lP1qLhUyJgoJlDqva3dYq3jQh8j1jSXJx19Lq4oNwMLxk4d567LAA/AZHBj8lRqrwW/tjiONb5o1V15+9ogfoK7Y8ika7F3YZkUQ5k/OOliQzDqditSWjYCv3Rx6fc1D5UGQLF1MYYjGctDxiRHmPWb2WfIoqUdrcN4GAbXBKA/EGn8Y680JZm6XZkXFc2PjqoILPwJ+ZIWqAIELibnpHPnRDHD28a3uXjWa1Syehctj2f44wxRNo1hJIQp2mlO9BFS2LrCrhUD2OgeC8gy/j5itzNcDrRwnwZmeZ92YdSsNGGark3K3zPyl5em5v7zlJB/6f/6Jf1IIU0hpc1QAUwZjPd7rRBeYR2U8vUBdYrBlhKFwAJjQjGj4Xm0dgIjcFiANtfppxMt7cFg/c9AUkI+jLGdqfGxkVYKtvYAYWC6QEDikKFwz8eN94zfmkMRkXcniSZPkXAuwLEl9ozz+QAzzNs8BzxzMV4pFB+N/of88B91FyWCchxzSftbrgc8wFmMFZGwzfStgbDU4RX3sGeY7af7rF6uCYS6eHEVwllvJefyNkjUIR8x7wmCXaPjHnKgRzuYrcLtTNUxuc0LMfLCxqVCkGXxflQNIY7Zd59SWukJyloZbUZhxYuoX7YTwVHynNrx+pxvPBP/0QaSnuT8RBZOxmDf1HqT1ShvQgsg="
-    # AWS_SECRET_ACCESS_KEY
+    # STAGING_AWS_SECRET_ACCESS_KEY
     - secure: "JggIiR6ZzXMoK7uCxMgB4nkPzWl7aYXTvIUlkjDdt0OHHySMAEv1D6m45npjCYTqSXwiEuNSplRCMvK72Br1PfWl6hu3d+Nr6DxDTjVu0Xs2jW55h5+A+VNS/Df7Rb2cQ7Ei9e+KI2yoD5oF4ayp62P0RXu060f/9jVnZNFHmR0yJ97eZLcSuY2nmxfQXK/ADnhKIOg0wk2MEnKPlVjzfFBFhvM7h+fmWGaD02QqBfijfnbH6vRdEWICvdkY3eE0Ah7fnETEYMbGVdzGFBouFx66BRKcBFZPbkRtfDNbkIjiClQjWa/HpeXjNxSfgdVrse826qBUN2FrUMR1lxUq4lzSJqNBEQq12if19RFaI12grLo7zfgDIUTOCgXtR+9hGrFredweE7E+q4SmmeFKrzI3fElnEq3PjCzOMMYkF0u3Fvhm9yncZ52SiZYovF4ws6FNxlNud6t6u4jgvphr6fUAHq94g/lLfPgxM/LEIfCaXYHAQ1bKH9MGdqP8zTmQC0OQ2QcpUFl961fiUowIawGrUnkddQGB1AsVlIYehMhVYIhvV7DI9X9ZpYbbADS9WKy2FTzD2KezuJrmZHUumTVT22ZMGai0wP/deLaNEklT6p5qgid4d+ifSvOwaBSTghqpktE6/DbkcgAx4I8o8RkGsl6kucdy8USCRYTHWAE="
 
+    - PRODUCTION_RESOURCE=codeforpoznan_pl_v3
+    # PRODUCTION_AWS_ACCESS_KEY_ID
+    #- secure: "TODO REPLACE ME WITH ENCRYPTED VALUES"
+    # PRODUCTION_AWS_SECRET_ACCESS_KEY
+    #- secure: "TODO REPLACE ME WITH ENCRYPTED VALUES"
+
 install:
   - pip install awscli
   - nvm install 10.13.0
@@ -21,9 +32,18 @@ script:
   - (cd backend  && black --check .)  # lint backend
 
 deploy:
-  skip_cleanup: true
-  provider: script
-  script: bash deploy.sh
-  on:
-    branch: master
-    repo: CodeForPoznan/codeforpoznan.pl_v3
+  # staging -- https://dev.codeforpoznan.pl
+  - provider: script
+    skip_cleanup: true
+    script: bash deploy.sh staging
+    on:
+      branch: master
+      repo: CodeForPoznan/codeforpoznan.pl_v3
+
+  # production -- https://codeforpoznan.pl
+  - provider: script
+    skip_cleanup: true
+    script: bash deploy.sh production
+    on:
+      tags: true
+      repo: CodeForPoznan/codeforpoznan.pl_v3
diff --git a/deploy.sh b/deploy.sh
@@ -1,41 +1,77 @@
 #!/usr/bin/env bash
+set -Eeuo pipefail
+
+
+case "${1:-}" in
+  staging)
+    echo "deploying to staging"
+    export RESOURCE="${STAGING_RESOURCE}"
+    export AWS_ACCESS_KEY_ID="${STAGING_AWS_ACCESS_KEY_ID}"
+    export AWS_SECRET_ACCESS_KEY="${STAGING_AWS_SECRET_ACCESS_KEY}"
+  ;;
+
+  production)
+    echo "deploying to production"
+    export RESOURCE="${PRODUCTION_RESOURCE}"
+    export AWS_ACCESS_KEY_ID="${PRODUCTION_AWS_ACCESS_KEY_ID}"
+    export AWS_SECRET_ACCESS_KEY="${PRODUCTION_AWS_SECRET_ACCESS_KEY}"
+  ;;
+
+  *)
+    echo "invalid environment '${1}', exiting..."
+    exit 1
+  ;;
+esac
+
 
 echo "build and push frontend"
 (cd frontend && yarn run build && cp -r dist ../public)
-aws s3 sync --delete public s3://codeforpoznan-public/dev_codeforpoznan_pl_v3
-aws cloudfront create-invalidation --paths "/*" --distribution-id E6PZCV3N5WWJ8
+aws s3 sync --delete public "s3://codeforpoznan-public/${RESOURCE}"
+
+
+echo "refresh CDN"
+dist_id=$(
+  aws cloudfront list-distributions \
+    | jq --arg PATH "/${RESOURCE}" -r '
+      .DistributionList.Items[]
+      | {Id, p: .Origins.Items[].OriginPath}
+      | select(.p == $PATH).Id'
+)
+aws cloudfront create-invalidation --paths "/*" --distribution-id "${dist_id}"
+
 
 echo "bundle application"
-(cd backend && pipenv run pip install -r <(pipenv lock -r) --target ../packages)
+(cd backend  && pipenv run pip install -r <(pipenv lock -r) --target ../packages)
 (cd packages && zip -qgr9 ../lambda.zip .)
-ln -s backend/migrations migrations
+ln  --symbolic backend/migrations migrations
 zip --symlinks -qgr9 lambda.zip backend/ migrations/
 
+
 echo "upload lambdas"
-aws s3 cp lambda.zip s3://codeforpoznan-lambdas/dev_codeforpoznan_pl_v3_serverless_api.zip
-aws s3 cp lambda.zip s3://codeforpoznan-lambdas/dev_codeforpoznan_pl_v3_migration.zip
+aws s3 cp lambda.zip "s3://codeforpoznan-lambdas/${RESOURCE}_serverless_api.zip"
+aws s3 cp lambda.zip "s3://codeforpoznan-lambdas/${RESOURCE}_migration.zip"
+
 
 echo "refresh lambdas"
-aws lambda update-function-code                              \
-  --function-name dev_codeforpoznan_pl_v3_serverless_api     \
-  --s3-bucket     codeforpoznan-lambdas                      \
-  --s3-key        dev_codeforpoznan_pl_v3_serverless_api.zip \
-  --region        eu-west-1                                  \
-| jq 'del(.Environment, .VpcConfig, .Role, .FunctionArn)'    \
-
-aws lambda update-function-code                              \
-  --function-name dev_codeforpoznan_pl_v3_migration          \
-  --s3-bucket     codeforpoznan-lambdas                      \
-  --s3-key        dev_codeforpoznan_pl_v3_migration.zip      \
-  --region        eu-west-1                                  \
-| jq 'del(.Environment, .VpcConfig, .Role, .FunctionArn)'    \
+aws lambda update-function-code                           \
+  --s3-bucket     "codeforpoznan-lambdas"                 \
+  --s3-key        "${RESOURCE}_serverless_api.zip"        \
+  --function-name "${RESOURCE}_serverless_api"            \
+| jq 'del(.Environment, .VpcConfig, .Role, .FunctionArn)' \
+
+aws lambda update-function-code                           \
+  --s3-bucket     "codeforpoznan-lambdas"                 \
+  --s3-key        "${RESOURCE}_migration.zip"             \
+  --function-name "${RESOURCE}_migration"                 \
+| jq 'del(.Environment, .VpcConfig, .Role, .FunctionArn)' \
+
 
 echo "run migrations"
-aws lambda invoke                                            \
-  --function-name dev_codeforpoznan_pl_v3_migration          \
-  --region        eu-west-1                                  \
-  response.json                                              \
-> request.json                                               \
+aws lambda invoke                         \
+  --function-name "${RESOURCE}_migration" \
+  response.json                           \
+> request.json                            \
+
 
 echo "show migration output"
 jq -s add ./*.json | jq -re '
@@ -45,4 +81,5 @@ jq -s add ./*.json | jq -re '
     .stdout, .stderr
   end'
 
+
 exit $?