From b56de776348a406db230fe1bbe825127858bbcff Mon Sep 17 00:00:00 2001 From: shuli-ogp Date: Tue, 30 Nov 2021 16:20:38 +0800 Subject: [PATCH 01/25] feat: github actions CI --- .github/workflows/deploy-eb.yml | 69 +++++++++++++++++++++++++++++++++ 1 file changed, 69 insertions(+) create mode 100644 .github/workflows/deploy-eb.yml diff --git a/.github/workflows/deploy-eb.yml b/.github/workflows/deploy-eb.yml new file mode 100644 index 0000000000..069603b8ef --- /dev/null +++ b/.github/workflows/deploy-eb.yml @@ -0,0 +1,69 @@ +name: Deploy to AWS Elastic Beanstalk +on: + push: + branches: + - release + - staging + - staging-alt + - uat + +jobs: + build-application: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - uses: actions/setup-node@v2 + with: + node-version: '14' + cache: 'npm' + - uses: actions/setup-python@v2 + with: + python-version: '3.9' + cache: 'pip' + - name: build script + env: + - NODE_OPTIONS: '--max-old-space-size=4096' + run: | + npm ci + set -e + npm_config_mode=yes npx lockfile-lint --type npm --path package.json --validate-https --allowed-hosts npm + npm run lint-ci + npm run build + + deploy-application: + needs: build-application + runs-on: ubuntu-latest + env: + IMAGE_TAG: github-actions-${{ github.sha }}-${{ github.github_run_id }} + steps: + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v1 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: ${{ secrets.AWS_REGION }} + + - name: Login to Amazon ECR + id: login-ecr + uses: aws-actions/amazon-ecr-login@v1 + + - name: Build, tag, and push image to Amazon ECR + env: + ECR_REPOSITORY: ${{ secrets.ECR_REPO }} + run: | + docker build -t $ECR_REPOSITORY:$IMAGE_TAG . + docker push $ECR_REPOSITORY:$IMAGE_TAG + sed -i -e "s/@TAG/$IMAGE_TAG/g" Dockerrun.aws.json + zip -r "$IMAGE_TAG.zip" .ebextensions Dockerrun.aws.json + + - name: Deploy to Elastic Beanstalk + if: github.ref == 'staging' + uses: einaregilsson/beanstalk-deploy@v18 + with: + aws_access_key: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws_secret_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + application_name: ${{ secrets.STAGING_APP_NAME }} + environment_name: ${{ secrets.STAGING_DEPLOY_ENV }} + version_label: $IMAGE_TAG + region: ${{ secrets.AWS_REGION }} + deployment_package: $IMAGE_TAG.zip From 99129f36482c6b6038c8f3601a0fe190cec3756a Mon Sep 17 00:00:00 2001 From: shuli-ogp Date: Tue, 30 Nov 2021 17:00:34 +0800 Subject: [PATCH 02/25] chore: do not use 3rd party github action --- .github/workflows/deploy-eb.yml | 32 ++++++++++++++++++++++---------- 1 file changed, 22 insertions(+), 10 deletions(-) diff --git a/.github/workflows/deploy-eb.yml b/.github/workflows/deploy-eb.yml index 069603b8ef..edd4ab4409 100644 --- a/.github/workflows/deploy-eb.yml +++ b/.github/workflows/deploy-eb.yml @@ -22,7 +22,7 @@ jobs: cache: 'pip' - name: build script env: - - NODE_OPTIONS: '--max-old-space-size=4096' + NODE_OPTIONS: '--max-old-space-size=4096' run: | npm ci set -e @@ -47,6 +47,13 @@ jobs: id: login-ecr uses: aws-actions/amazon-ecr-login@v1 + - name: Get App Version + id: get-version + run: | + versionValue=$(cat package.json | jq '.version') + appVersion="${versionValue%\"}" + appVersion="${appVersion#\"}" + - name: Build, tag, and push image to Amazon ECR env: ECR_REPOSITORY: ${{ secrets.ECR_REPO }} @@ -58,12 +65,17 @@ jobs: - name: Deploy to Elastic Beanstalk if: github.ref == 'staging' - uses: einaregilsson/beanstalk-deploy@v18 - with: - aws_access_key: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws_secret_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - application_name: ${{ secrets.STAGING_APP_NAME }} - environment_name: ${{ secrets.STAGING_DEPLOY_ENV }} - version_label: $IMAGE_TAG - region: ${{ secrets.AWS_REGION }} - deployment_package: $IMAGE_TAG.zip + env: + APP_VERSION: v${{ steps.get-version.outputs.app-version }} + BUCKET_NAME: ${{ secrets.STAGING_BUCKET_NAME }} + APP_NAME: ${{ secrets.STAGING_APP_NAME }} + ENV: ${{ secrets.STAGING_DEPLOY_ENV }} + run: | + aws elasticbeanstalk create-application-version --application-name $APP_NAME \ + --version-label $APP_VERSION \ + --source-bundle S3Bucket=$BUCKET_NAME,S3Key=$IMAGE_TAG.zip \ + --description "${{ github.event.head_commit.message }}" + + aws elasticbeanstalk update-environment --application-name $APP_NAME \ + --environment-name $ENV \ + --version-label $APP_VERSION From 06fa78828a3e58e5b6621cf45dfc633b729736ce Mon Sep 17 00:00:00 2001 From: shuli-ogp Date: Tue, 30 Nov 2021 17:03:39 +0800 Subject: [PATCH 03/25] chore: no need pip --- .github/workflows/deploy-eb.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/deploy-eb.yml b/.github/workflows/deploy-eb.yml index edd4ab4409..0cb17870ee 100644 --- a/.github/workflows/deploy-eb.yml +++ b/.github/workflows/deploy-eb.yml @@ -16,10 +16,10 @@ jobs: with: node-version: '14' cache: 'npm' - - uses: actions/setup-python@v2 - with: - python-version: '3.9' - cache: 'pip' + # - uses: actions/setup-python@v2 + # with: + # python-version: '3.9' + # cache: 'pip' - name: build script env: NODE_OPTIONS: '--max-old-space-size=4096' From cb03930d6cc95a44fe32c111775951d3ac8d9f4a Mon Sep 17 00:00:00 2001 From: shuli-ogp Date: Wed, 1 Dec 2021 13:53:50 +0800 Subject: [PATCH 04/25] feat: dynamically configure environment --- .github/workflows/deploy-eb.yml | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/.github/workflows/deploy-eb.yml b/.github/workflows/deploy-eb.yml index 0cb17870ee..da261359bb 100644 --- a/.github/workflows/deploy-eb.yml +++ b/.github/workflows/deploy-eb.yml @@ -8,7 +8,15 @@ on: - uat jobs: - build-application: + set_environment: + outputs: + current_env: ${{ steps.set-environment.outputs.current_env }} + runs-on: ubuntu-latest + steps: + - id: set-environment + run: echo "::set-output name=current_env::${{github.ref_name}}" + + build_application: runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 @@ -16,10 +24,6 @@ jobs: with: node-version: '14' cache: 'npm' - # - uses: actions/setup-python@v2 - # with: - # python-version: '3.9' - # cache: 'pip' - name: build script env: NODE_OPTIONS: '--max-old-space-size=4096' @@ -30,9 +34,11 @@ jobs: npm run lint-ci npm run build - deploy-application: - needs: build-application + deploy_application: + needs: [build_application, set_environment] runs-on: ubuntu-latest + environment: + name: ${{ needs.set_environment.outputs.current_env }} env: IMAGE_TAG: github-actions-${{ github.sha }}-${{ github.github_run_id }} steps: @@ -64,7 +70,6 @@ jobs: zip -r "$IMAGE_TAG.zip" .ebextensions Dockerrun.aws.json - name: Deploy to Elastic Beanstalk - if: github.ref == 'staging' env: APP_VERSION: v${{ steps.get-version.outputs.app-version }} BUCKET_NAME: ${{ secrets.STAGING_BUCKET_NAME }} From 84086ae8539c378645b02db2db9cc1cbe36797ab Mon Sep 17 00:00:00 2001 From: shuli-ogp Date: Wed, 1 Dec 2021 14:07:49 +0800 Subject: [PATCH 05/25] chore: update aws region env --- .github/workflows/deploy-eb.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy-eb.yml b/.github/workflows/deploy-eb.yml index da261359bb..d124f9649b 100644 --- a/.github/workflows/deploy-eb.yml +++ b/.github/workflows/deploy-eb.yml @@ -47,7 +47,7 @@ jobs: with: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws-region: ${{ secrets.AWS_REGION }} + aws-region: ${{ secrets.AWS_DEFAULT_REGION }} - name: Login to Amazon ECR id: login-ecr From b0e0676258f6d09579e6768e04e4dcba202d85e0 Mon Sep 17 00:00:00 2001 From: shuli-ogp Date: Wed, 1 Dec 2021 14:44:34 +0800 Subject: [PATCH 06/25] chore: combine build and deploy --- .github/workflows/deploy-eb.yml | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) diff --git a/.github/workflows/deploy-eb.yml b/.github/workflows/deploy-eb.yml index d124f9649b..37c1f84e4c 100644 --- a/.github/workflows/deploy-eb.yml +++ b/.github/workflows/deploy-eb.yml @@ -16,7 +16,12 @@ jobs: - id: set-environment run: echo "::set-output name=current_env::${{github.ref_name}}" - build_application: + build_deploy_application: + needs: set_environment + environment: + name: ${{ needs.set_environment.outputs.current_env }} + env: + IMAGE_TAG: github-actions-${{ github.sha }}-${{ github.github_run_id }} runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 @@ -24,7 +29,7 @@ jobs: with: node-version: '14' cache: 'npm' - - name: build script + - name: Build env: NODE_OPTIONS: '--max-old-space-size=4096' run: | @@ -34,14 +39,6 @@ jobs: npm run lint-ci npm run build - deploy_application: - needs: [build_application, set_environment] - runs-on: ubuntu-latest - environment: - name: ${{ needs.set_environment.outputs.current_env }} - env: - IMAGE_TAG: github-actions-${{ github.sha }}-${{ github.github_run_id }} - steps: - name: Configure AWS credentials uses: aws-actions/configure-aws-credentials@v1 with: From fb83b86986bc37bfc42e7b4c238aef494a001829 Mon Sep 17 00:00:00 2001 From: shuli-ogp Date: Wed, 1 Dec 2021 14:56:37 +0800 Subject: [PATCH 07/25] chore: add docker build file flag --- .github/workflows/deploy-eb.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy-eb.yml b/.github/workflows/deploy-eb.yml index 37c1f84e4c..9c08201a69 100644 --- a/.github/workflows/deploy-eb.yml +++ b/.github/workflows/deploy-eb.yml @@ -61,7 +61,7 @@ jobs: env: ECR_REPOSITORY: ${{ secrets.ECR_REPO }} run: | - docker build -t $ECR_REPOSITORY:$IMAGE_TAG . + docker build -f Dockerfile.production -t $ECR_REPOSITORY:$IMAGE_TAG . docker push $ECR_REPOSITORY:$IMAGE_TAG sed -i -e "s/@TAG/$IMAGE_TAG/g" Dockerrun.aws.json zip -r "$IMAGE_TAG.zip" .ebextensions Dockerrun.aws.json From 8228b42a7ee275bd0c9870e5ccba07943632c532 Mon Sep 17 00:00:00 2001 From: shuli-ogp Date: Wed, 1 Dec 2021 15:00:40 +0800 Subject: [PATCH 08/25] chore: add docker tag --- .github/workflows/deploy-eb.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/deploy-eb.yml b/.github/workflows/deploy-eb.yml index 9c08201a69..bca16f8cbc 100644 --- a/.github/workflows/deploy-eb.yml +++ b/.github/workflows/deploy-eb.yml @@ -22,6 +22,7 @@ jobs: name: ${{ needs.set_environment.outputs.current_env }} env: IMAGE_TAG: github-actions-${{ github.sha }}-${{ github.github_run_id }} + BRANCH: ${{ needs.set_environment.outputs.current_env }} runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 @@ -62,7 +63,8 @@ jobs: ECR_REPOSITORY: ${{ secrets.ECR_REPO }} run: | docker build -f Dockerfile.production -t $ECR_REPOSITORY:$IMAGE_TAG . - docker push $ECR_REPOSITORY:$IMAGE_TAG + docker tag $ECR_REPOSITORY:$IMAGE_TAG $ECR_REPOSITORY:$BRANCH + docker push $ECR_REPOSITORY sed -i -e "s/@TAG/$IMAGE_TAG/g" Dockerrun.aws.json zip -r "$IMAGE_TAG.zip" .ebextensions Dockerrun.aws.json From c04336818546f09f73fb197882405fcd0fd56f08 Mon Sep 17 00:00:00 2001 From: shuli-ogp Date: Wed, 1 Dec 2021 15:13:37 +0800 Subject: [PATCH 09/25] chore: docker push tag --- .github/workflows/deploy-eb.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy-eb.yml b/.github/workflows/deploy-eb.yml index bca16f8cbc..ea3e8119eb 100644 --- a/.github/workflows/deploy-eb.yml +++ b/.github/workflows/deploy-eb.yml @@ -64,7 +64,7 @@ jobs: run: | docker build -f Dockerfile.production -t $ECR_REPOSITORY:$IMAGE_TAG . docker tag $ECR_REPOSITORY:$IMAGE_TAG $ECR_REPOSITORY:$BRANCH - docker push $ECR_REPOSITORY + docker push $ECR_REPOSITORY:$IMAGE_TAG sed -i -e "s/@TAG/$IMAGE_TAG/g" Dockerrun.aws.json zip -r "$IMAGE_TAG.zip" .ebextensions Dockerrun.aws.json From 086172c44233b36598d3ab00c7fa6a06b52aa4ce Mon Sep 17 00:00:00 2001 From: shuli-ogp Date: Wed, 1 Dec 2021 15:21:37 +0800 Subject: [PATCH 10/25] chore: docker push all tags --- .github/workflows/deploy-eb.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy-eb.yml b/.github/workflows/deploy-eb.yml index ea3e8119eb..fe0c660573 100644 --- a/.github/workflows/deploy-eb.yml +++ b/.github/workflows/deploy-eb.yml @@ -64,7 +64,7 @@ jobs: run: | docker build -f Dockerfile.production -t $ECR_REPOSITORY:$IMAGE_TAG . docker tag $ECR_REPOSITORY:$IMAGE_TAG $ECR_REPOSITORY:$BRANCH - docker push $ECR_REPOSITORY:$IMAGE_TAG + docker push -a $ECR_REPOSITORY sed -i -e "s/@TAG/$IMAGE_TAG/g" Dockerrun.aws.json zip -r "$IMAGE_TAG.zip" .ebextensions Dockerrun.aws.json From 368ae44983dbfc0b0f5f5fe5628d06b2df72e2b4 Mon Sep 17 00:00:00 2001 From: shuli-ogp Date: Wed, 1 Dec 2021 15:37:53 +0800 Subject: [PATCH 11/25] fix: github run id variable name --- .github/workflows/deploy-eb.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy-eb.yml b/.github/workflows/deploy-eb.yml index fe0c660573..caa607be31 100644 --- a/.github/workflows/deploy-eb.yml +++ b/.github/workflows/deploy-eb.yml @@ -21,7 +21,7 @@ jobs: environment: name: ${{ needs.set_environment.outputs.current_env }} env: - IMAGE_TAG: github-actions-${{ github.sha }}-${{ github.github_run_id }} + IMAGE_TAG: github-actions-${{ github.sha }}-${{ github.run_id }} BRANCH: ${{ needs.set_environment.outputs.current_env }} runs-on: ubuntu-latest steps: From d4f3dc48799e3f7676c08074fb41f06e3701e178 Mon Sep 17 00:00:00 2001 From: shuli-ogp Date: Wed, 1 Dec 2021 15:45:01 +0800 Subject: [PATCH 12/25] feat: copy to s3 bucket, configure sentry --- .github/workflows/deploy-eb.yml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/.github/workflows/deploy-eb.yml b/.github/workflows/deploy-eb.yml index caa607be31..44e41a6e21 100644 --- a/.github/workflows/deploy-eb.yml +++ b/.github/workflows/deploy-eb.yml @@ -75,6 +75,8 @@ jobs: APP_NAME: ${{ secrets.STAGING_APP_NAME }} ENV: ${{ secrets.STAGING_DEPLOY_ENV }} run: | + aws s3 cp $IMAGE_TAG.zip s3://$BUCKET_NAME/$IMAGE_TAG.zip + aws elasticbeanstalk create-application-version --application-name $APP_NAME \ --version-label $APP_VERSION \ --source-bundle S3Bucket=$BUCKET_NAME,S3Key=$IMAGE_TAG.zip \ @@ -83,3 +85,17 @@ jobs: aws elasticbeanstalk update-environment --application-name $APP_NAME \ --environment-name $ENV \ --version-label $APP_VERSION + + - name: Configure Sentry + env: + SENTRY_PROJECT: ${{ secrets.SENTRY_PROJECT }} + SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} + SENTRY_ORG: ${{ secrets.SENTRY_ORG }} + SENTRY_URL: ${{ secrets.SENTRY_URL }} + run: | + if [[ "$SENTRY_PROJECT" && "$SENTRY_AUTH_TOKEN" && "$SENTRY_ORG" && "$SENTRY_URL" ]]; then + curl -sL https://sentry.io/get-cli/ | bash + sentry-cli releases --org $SENTRY_ORG --project $SENTRY_PROJECT new "$TAG" + sentry-cli releases files "$TAG" upload-sourcemaps ./ --rewrite --ignore-file .sentryignore + sentry-cli releases finalize "$TAG" + fi \ No newline at end of file From 673e9608b2bd3202cfa8d4219aef085dde1b887e Mon Sep 17 00:00:00 2001 From: shuli-ogp Date: Wed, 1 Dec 2021 15:59:40 +0800 Subject: [PATCH 13/25] nit: indent --- .github/workflows/deploy-eb.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/deploy-eb.yml b/.github/workflows/deploy-eb.yml index 44e41a6e21..c4fe08f216 100644 --- a/.github/workflows/deploy-eb.yml +++ b/.github/workflows/deploy-eb.yml @@ -93,9 +93,9 @@ jobs: SENTRY_ORG: ${{ secrets.SENTRY_ORG }} SENTRY_URL: ${{ secrets.SENTRY_URL }} run: | - if [[ "$SENTRY_PROJECT" && "$SENTRY_AUTH_TOKEN" && "$SENTRY_ORG" && "$SENTRY_URL" ]]; then - curl -sL https://sentry.io/get-cli/ | bash - sentry-cli releases --org $SENTRY_ORG --project $SENTRY_PROJECT new "$TAG" - sentry-cli releases files "$TAG" upload-sourcemaps ./ --rewrite --ignore-file .sentryignore - sentry-cli releases finalize "$TAG" - fi \ No newline at end of file + if [[ "$SENTRY_PROJECT" && "$SENTRY_AUTH_TOKEN" && "$SENTRY_ORG" && "$SENTRY_URL" ]]; then + curl -sL https://sentry.io/get-cli/ | bash + sentry-cli releases --org $SENTRY_ORG --project $SENTRY_PROJECT new "$TAG" + sentry-cli releases files "$TAG" upload-sourcemaps ./ --rewrite --ignore-file .sentryignore + sentry-cli releases finalize "$TAG" + fi From 46deff26858507cd973ee5dcaedc4aa90a19947c Mon Sep 17 00:00:00 2001 From: shuli-ogp Date: Wed, 1 Dec 2021 16:59:05 +0800 Subject: [PATCH 14/25] chore: use image_tag for eb version-label --- .github/workflows/deploy-eb.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/deploy-eb.yml b/.github/workflows/deploy-eb.yml index c4fe08f216..171296995d 100644 --- a/.github/workflows/deploy-eb.yml +++ b/.github/workflows/deploy-eb.yml @@ -78,13 +78,13 @@ jobs: aws s3 cp $IMAGE_TAG.zip s3://$BUCKET_NAME/$IMAGE_TAG.zip aws elasticbeanstalk create-application-version --application-name $APP_NAME \ - --version-label $APP_VERSION \ + --version-label $IMAGE_TAG \ --source-bundle S3Bucket=$BUCKET_NAME,S3Key=$IMAGE_TAG.zip \ --description "${{ github.event.head_commit.message }}" aws elasticbeanstalk update-environment --application-name $APP_NAME \ --environment-name $ENV \ - --version-label $APP_VERSION + --version-label $IMAGE_TAG - name: Configure Sentry env: From 11fa0be23fe17e70d91b259cd226fe208ad7ca8e Mon Sep 17 00:00:00 2001 From: shuli-ogp Date: Wed, 1 Dec 2021 16:59:28 +0800 Subject: [PATCH 15/25] chore: rename DEPLOY_ENV --- .github/workflows/deploy-eb.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/deploy-eb.yml b/.github/workflows/deploy-eb.yml index 171296995d..b75fbca67f 100644 --- a/.github/workflows/deploy-eb.yml +++ b/.github/workflows/deploy-eb.yml @@ -73,7 +73,7 @@ jobs: APP_VERSION: v${{ steps.get-version.outputs.app-version }} BUCKET_NAME: ${{ secrets.STAGING_BUCKET_NAME }} APP_NAME: ${{ secrets.STAGING_APP_NAME }} - ENV: ${{ secrets.STAGING_DEPLOY_ENV }} + DEPLOY_ENV: ${{ secrets.STAGING_DEPLOY_ENV }} run: | aws s3 cp $IMAGE_TAG.zip s3://$BUCKET_NAME/$IMAGE_TAG.zip @@ -83,7 +83,7 @@ jobs: --description "${{ github.event.head_commit.message }}" aws elasticbeanstalk update-environment --application-name $APP_NAME \ - --environment-name $ENV \ + --environment-name $DEPLOY_ENV \ --version-label $IMAGE_TAG - name: Configure Sentry From f4914f4ab985fdde39abbf4d9a85e1f921b6e55c Mon Sep 17 00:00:00 2001 From: shuli-ogp Date: Wed, 1 Dec 2021 19:39:25 +0800 Subject: [PATCH 16/25] chore: remove environment-specific naming --- .github/workflows/deploy-eb.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/deploy-eb.yml b/.github/workflows/deploy-eb.yml index b75fbca67f..a354645c77 100644 --- a/.github/workflows/deploy-eb.yml +++ b/.github/workflows/deploy-eb.yml @@ -71,9 +71,9 @@ jobs: - name: Deploy to Elastic Beanstalk env: APP_VERSION: v${{ steps.get-version.outputs.app-version }} - BUCKET_NAME: ${{ secrets.STAGING_BUCKET_NAME }} - APP_NAME: ${{ secrets.STAGING_APP_NAME }} - DEPLOY_ENV: ${{ secrets.STAGING_DEPLOY_ENV }} + BUCKET_NAME: ${{ secrets.BUCKET_NAME }} + APP_NAME: ${{ secrets.APP_NAME }} + DEPLOY_ENV: ${{ secrets.DEPLOY_ENV }} run: | aws s3 cp $IMAGE_TAG.zip s3://$BUCKET_NAME/$IMAGE_TAG.zip From 1783dda7e2a1632b2f56a2fdb87a31a8ec19831c Mon Sep 17 00:00:00 2001 From: shuli-ogp Date: Wed, 1 Dec 2021 19:43:57 +0800 Subject: [PATCH 17/25] chore: remove app version step --- .github/workflows/deploy-eb.yml | 8 -------- 1 file changed, 8 deletions(-) diff --git a/.github/workflows/deploy-eb.yml b/.github/workflows/deploy-eb.yml index a354645c77..9aa7f90997 100644 --- a/.github/workflows/deploy-eb.yml +++ b/.github/workflows/deploy-eb.yml @@ -51,13 +51,6 @@ jobs: id: login-ecr uses: aws-actions/amazon-ecr-login@v1 - - name: Get App Version - id: get-version - run: | - versionValue=$(cat package.json | jq '.version') - appVersion="${versionValue%\"}" - appVersion="${appVersion#\"}" - - name: Build, tag, and push image to Amazon ECR env: ECR_REPOSITORY: ${{ secrets.ECR_REPO }} @@ -70,7 +63,6 @@ jobs: - name: Deploy to Elastic Beanstalk env: - APP_VERSION: v${{ steps.get-version.outputs.app-version }} BUCKET_NAME: ${{ secrets.BUCKET_NAME }} APP_NAME: ${{ secrets.APP_NAME }} DEPLOY_ENV: ${{ secrets.DEPLOY_ENV }} From 590d1733385fae8be42ad1576eab922414cb6faa Mon Sep 17 00:00:00 2001 From: shuli-ogp Date: Wed, 1 Dec 2021 19:45:30 +0800 Subject: [PATCH 18/25] chore: delete travis ci --- .travis.yml | 123 ---------------------------------------------------- 1 file changed, 123 deletions(-) delete mode 100644 .travis.yml diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index c9579ca61b..0000000000 --- a/.travis.yml +++ /dev/null @@ -1,123 +0,0 @@ -os: linux -dist: xenial - -services: - - xvfb - -language: node_js -node_js: '14' -install: true # skip installation, perform in build stage. - -notifications: - email: - recipients: - # Please change to your own email recipient if you are forking this - # repository. - - formsg@data.gov.sg - on_success: always - on_failure: always - -jobs: - include: - - stage: Build application - install: npm ci - cache: - - npm - - pip - before_script: - - export NODE_OPTIONS=--max-old-space-size=4096 - script: - - set -e - - npm_config_mode=yes npx lockfile-lint --type npm --path package.json --validate-https --allowed-hosts npm - - npm run lint-ci - - npm run build - workspaces: - create: - name: build - paths: . - - stage: Deploy - services: - - docker - workspaces: - use: build - script: skip - before_deploy: - # Workaround to run before_deploy only once - - > - if ! [ "$TAG" ]; then - pip install --user awscli - # Put AWS in path - export PATH=$PATH:$HOME/.local/bin - # Login to AWS ECR, credentials defined in $AWS_ACCESS_KEY_ID and $AWS_SECRET_ACCESS_KEY - $(aws ecr get-login --no-include-email --region ap-southeast-1) - export TAG=travis-$TRAVIS_COMMIT-$TRAVIS_BUILD_NUMBER - docker build -f Dockerfile.production -t $REPO:$TAG . - docker tag $REPO:$TAG $REPO:$TRAVIS_BRANCH - docker push $REPO - # Add TAG to Dockerrun - sed -i -e "s/@TAG/$TAG/g" Dockerrun.aws.json - zip -r "$TAG.zip" .ebextensions Dockerrun.aws.json - fi - - export ELASTIC_BEANSTALK_LABEL="$TAG-$(env TZ=Asia/Singapore date "+%Y%m%d%H%M%S")" - deploy: - - provider: elasticbeanstalk - skip_cleanup: true - access_key_id: $AWS_ACCESS_KEY_ID - secret_access_key: $AWS_SECRET_ACCESS_KEY - region: $AWS_REGION - app: $STAGING_APP_NAME - env: $UAT_DEPLOY_ENV - bucket: $STAGING_BUCKET_NAME - zip_file: '$TAG.zip' - on: - branch: $UAT_BRANCH - - - provider: elasticbeanstalk - skip_cleanup: true - access_key_id: $AWS_ACCESS_KEY_ID - secret_access_key: $AWS_SECRET_ACCESS_KEY - region: $AWS_REGION - app: $STAGING_APP_NAME - env: $STAGING_DEPLOY_ENV - bucket: $STAGING_BUCKET_NAME - zip_file: '$TAG.zip' - on: - branch: $STAGING_BRANCH - - - provider: elasticbeanstalk - skip_cleanup: true - access_key_id: $AWS_ACCESS_KEY_ID - secret_access_key: $AWS_SECRET_ACCESS_KEY - region: $AWS_REGION - app: $STAGING_APP_NAME - env: $STAGING_ALT_DEPLOY_ENV - bucket: $STAGING_BUCKET_NAME - zip_file: '$TAG.zip' - on: - branch: $STAGING_ALT_BRANCH - - - provider: elasticbeanstalk - skip_cleanup: true - access_key_id: $AWS_ACCESS_KEY_ID - secret_access_key: $AWS_SECRET_ACCESS_KEY - region: $AWS_REGION - app: $PROD_APP_NAME - env: $PROD_DEPLOY_ENV - bucket: $PROD_BUCKET_NAME - zip_file: '$TAG.zip' - on: - branch: $PROD_BRANCH - - after_deploy: - - > - if [[ "$SENTRY_PROJECT" && "$SENTRY_AUTH_TOKEN" && "$SENTRY_ORG" && "$SENTRY_URL" ]]; then - curl -sL https://sentry.io/get-cli/ | bash - sentry-cli releases --org $SENTRY_ORG --project $SENTRY_PROJECT new "$TAG" - sentry-cli releases files "$TAG" upload-sourcemaps ./ --rewrite --ignore-file .sentryignore - sentry-cli releases finalize "$TAG" - fi - -stages: - - Build application - - Tests - - Deploy From 8798367101483c77f2a422ce28cfba36a85aca16 Mon Sep 17 00:00:00 2001 From: shuli-ogp Date: Thu, 2 Dec 2021 09:14:50 +0800 Subject: [PATCH 19/25] chore: update docs --- .github/mergify.yml | 4 ++-- .github/workflows/deploy-eb.yml | 2 +- README.md | 2 +- docs/DEPLOYMENT_SETUP.md | 32 +++++++++++++------------------- 4 files changed, 17 insertions(+), 23 deletions(-) diff --git a/.github/mergify.yml b/.github/mergify.yml index abb7e6dda8..513294bcdb 100644 --- a/.github/mergify.yml +++ b/.github/mergify.yml @@ -11,7 +11,7 @@ pull_request_rules: - check-success~=CodeQL # CodeQL code scanning results - check-success~=GitGuardian - check-success~=Semantic Pull Request - - check-success~=Travis CI - Branch + - check-success~=build_deploy_application - check-success~=coverage/coveralls - check-success~=license/snyk - check-success~=security/snyk @@ -32,7 +32,7 @@ pull_request_rules: - check-success~=CodeQL # CodeQL code scanning results - check-success~=GitGuardian - check-success~=Semantic Pull Request - - check-success~=Travis CI - Branch + - check-success~=build_deploy_application - check-success~=coverage/coveralls - check-success~=license/snyk - check-success~=security/snyk diff --git a/.github/workflows/deploy-eb.yml b/.github/workflows/deploy-eb.yml index 9aa7f90997..8e62c7bf5a 100644 --- a/.github/workflows/deploy-eb.yml +++ b/.github/workflows/deploy-eb.yml @@ -1,7 +1,7 @@ name: Deploy to AWS Elastic Beanstalk on: push: - branches: + branches: # There should be 4 environments in github actions secrets: release, staging, staging-alt, uat. This is different from the DEPLOY_ENV secret which corresponds to elastic beanstalk environment name - release - staging - staging-alt diff --git a/README.md b/README.md index b277650829..bd5efb8e73 100755 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # FormSG -[![Build Status](https://travis-ci.com/opengovsg/formsg.svg?branch=release)](https://travis-ci.com/opengovsg/formsg) +[![Build Status](https://github.com/opengovsg/FormSG/actions/workflows/deploy-eb.yml)](https://github.com/opengovsg/FormSG/actions/workflows/deploy-eb.yml) [![Coverage Status](https://coveralls.io/repos/github/opengovsg/FormSG/badge.svg?branch=develop)](https://coveralls.io/github/opengovsg/FormSG?branch=develop) ## Table of Contents diff --git a/docs/DEPLOYMENT_SETUP.md b/docs/DEPLOYMENT_SETUP.md index d9bee23381..a33596e58b 100644 --- a/docs/DEPLOYMENT_SETUP.md +++ b/docs/DEPLOYMENT_SETUP.md @@ -23,7 +23,7 @@ Infrastructure DevOps -- TravisCI for running tests and builds +- Github Actions for running tests and builds - AWS Elastic Container Registry to host built Docker images Network @@ -76,33 +76,27 @@ Secondly, edit the form document belonging to that specific form adminstrator by If no `msgSrvcName` is found in the form document, SMSes associated with that form will be sent out using and charged to the default Twilio API credentials. -### Travis CI/CD environment variables +### Github Actions Secrets -For more information about the various environment variables, please refer to -[Travis documentation](https://docs.travis-ci.com/user/deployment/elasticbeanstalk/). - -The following env variables are set in Travis: -| Variable | Description| +The following repository secrets are set in Github Actions: +| Secret | Description| |:---------|------------| -|`REPO`|The repository of the AWS Elastic Container Registry| -|`STAGING_BRANCH`|Name of staging branch, usually `master`.| -|`STAGING_ALT_BRANCH`|Name of staging-alt (if any) branch, usually `release`. An alternate staging branch is used to host diverging feature sets, useful for A/B testing.| -|`PROD_BRANCH`|Name of production branch, usually `release`.| |`AWS_ACCESS_KEY_ID`|AWS IAM access key ID used to deploy.| |`AWS_SECRET_ACCESS_KEY`|AWS IAM access secret used to deploy.| -|`AWS_REGION`|AWS region to use.| -|`PROD_APP_NAME`|The names of the deployed docker application for the production application on AWS as determined by `PROD_BRANCH`.| -|`STAGING_APP_NAME`|The names of the deployed docker application for the staging application on AWS as determined by `STAGING_BRANCH`.| -|`PROD_BUCKET_NAME`|Bucket name to upload the code of the production app to. Elastic Beanstalk will create and deploy an application version from the source bundle in this Amazon S3 bucket.| -|`STAGING_BUCKET_NAME`|Bucket name to upload the code of the staging app to. Elastic Beanstalk will create and deploy an application version from the source bundle in this Amazon S3 bucket.| -|`PROD_DEPLOY_ENV`|The name of the Elastic Beanstalk environment the production application will be deployed to.| -|`STAGING_DEPLOY_ENV`|The name of the Elastic Beanstalk environment the staging application will be deployed to.| -|`STAGING_ALT_DEPLOY_ENV`|The name of the Elastic Beanstalk environment the staging-alt application will be deployed to.| +|`AWS_DEFAULT_REGION`|AWS region to use.| +|`ECR_REPO`|ECR Repository which stores the docker images.| +|`BUCKET_NAME`| S3 Bucket used to store zipped `Dockerrun.aws.json`.| |`SENTRY_ORG`|Organisation that source-maps should be linked to on sentry dashboard.| |`SENTRY_AUTH_TOKEN`|Authentication token used by sentry cli to authenticate with sentry service.| |`SENTRY_PROJECT`|Project that source-maps should be linked to on sentry dashboard.| |`SENTRY_URL`|Sentry service that source-maps should be pushed to.| +There are also environment secrets for each environment (`staging`, `staging-alt`, `release`, `uat`): +| Secret | Description| +|:---------|------------| +|`APP_NAME`|Application name for the environment.| +|`DEPLOY_ENV`|Deployment environment on elastic beanstalk.| + ## Environment Variables These are configured by creating groups of environment variables formatted like `.env` files in the Parameter From 8a8ae54851131cdeacfc308ec60b3e16745aa370 Mon Sep 17 00:00:00 2001 From: shuli-ogp Date: Thu, 2 Dec 2021 09:35:08 +0800 Subject: [PATCH 20/25] chore: correct tag variable for sentry --- .github/workflows/deploy-eb.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/deploy-eb.yml b/.github/workflows/deploy-eb.yml index 8e62c7bf5a..763236d4f0 100644 --- a/.github/workflows/deploy-eb.yml +++ b/.github/workflows/deploy-eb.yml @@ -87,7 +87,7 @@ jobs: run: | if [[ "$SENTRY_PROJECT" && "$SENTRY_AUTH_TOKEN" && "$SENTRY_ORG" && "$SENTRY_URL" ]]; then curl -sL https://sentry.io/get-cli/ | bash - sentry-cli releases --org $SENTRY_ORG --project $SENTRY_PROJECT new "$TAG" - sentry-cli releases files "$TAG" upload-sourcemaps ./ --rewrite --ignore-file .sentryignore - sentry-cli releases finalize "$TAG" + sentry-cli releases --org $SENTRY_ORG --project $SENTRY_PROJECT new "$IMAGE_TAG" + sentry-cli releases files "$IMAGE_TAG" upload-sourcemaps ./ --rewrite --ignore-file .sentryignore + sentry-cli releases finalize "$IMAGE_TAG" fi From 16156c2e742b280bdab65169a299fc3bfe02d388 Mon Sep 17 00:00:00 2001 From: shuli-ogp Date: Thu, 2 Dec 2021 11:51:01 +0800 Subject: [PATCH 21/25] chore: drop sentry from CD --- .github/workflows/deploy-eb.yml | 14 -------------- docs/DEPLOYMENT_SETUP.md | 4 ---- 2 files changed, 18 deletions(-) diff --git a/.github/workflows/deploy-eb.yml b/.github/workflows/deploy-eb.yml index 763236d4f0..0641f7d2e3 100644 --- a/.github/workflows/deploy-eb.yml +++ b/.github/workflows/deploy-eb.yml @@ -77,17 +77,3 @@ jobs: aws elasticbeanstalk update-environment --application-name $APP_NAME \ --environment-name $DEPLOY_ENV \ --version-label $IMAGE_TAG - - - name: Configure Sentry - env: - SENTRY_PROJECT: ${{ secrets.SENTRY_PROJECT }} - SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} - SENTRY_ORG: ${{ secrets.SENTRY_ORG }} - SENTRY_URL: ${{ secrets.SENTRY_URL }} - run: | - if [[ "$SENTRY_PROJECT" && "$SENTRY_AUTH_TOKEN" && "$SENTRY_ORG" && "$SENTRY_URL" ]]; then - curl -sL https://sentry.io/get-cli/ | bash - sentry-cli releases --org $SENTRY_ORG --project $SENTRY_PROJECT new "$IMAGE_TAG" - sentry-cli releases files "$IMAGE_TAG" upload-sourcemaps ./ --rewrite --ignore-file .sentryignore - sentry-cli releases finalize "$IMAGE_TAG" - fi diff --git a/docs/DEPLOYMENT_SETUP.md b/docs/DEPLOYMENT_SETUP.md index a33596e58b..71088f256c 100644 --- a/docs/DEPLOYMENT_SETUP.md +++ b/docs/DEPLOYMENT_SETUP.md @@ -86,10 +86,6 @@ The following repository secrets are set in Github Actions: |`AWS_DEFAULT_REGION`|AWS region to use.| |`ECR_REPO`|ECR Repository which stores the docker images.| |`BUCKET_NAME`| S3 Bucket used to store zipped `Dockerrun.aws.json`.| -|`SENTRY_ORG`|Organisation that source-maps should be linked to on sentry dashboard.| -|`SENTRY_AUTH_TOKEN`|Authentication token used by sentry cli to authenticate with sentry service.| -|`SENTRY_PROJECT`|Project that source-maps should be linked to on sentry dashboard.| -|`SENTRY_URL`|Sentry service that source-maps should be pushed to.| There are also environment secrets for each environment (`staging`, `staging-alt`, `release`, `uat`): | Secret | Description| From 30d478962d9e800e0dabfdca15cd4b41be6b002e Mon Sep 17 00:00:00 2001 From: shuli-ogp Date: Thu, 2 Dec 2021 14:07:19 +0800 Subject: [PATCH 22/25] chore: split create app version and update eb steps --- .github/workflows/deploy-eb.yml | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/.github/workflows/deploy-eb.yml b/.github/workflows/deploy-eb.yml index 0641f7d2e3..281f23cb6b 100644 --- a/.github/workflows/deploy-eb.yml +++ b/.github/workflows/deploy-eb.yml @@ -61,19 +61,32 @@ jobs: sed -i -e "s/@TAG/$IMAGE_TAG/g" Dockerrun.aws.json zip -r "$IMAGE_TAG.zip" .ebextensions Dockerrun.aws.json - - name: Deploy to Elastic Beanstalk + - name: Copy to S3 env: BUCKET_NAME: ${{ secrets.BUCKET_NAME }} - APP_NAME: ${{ secrets.APP_NAME }} - DEPLOY_ENV: ${{ secrets.DEPLOY_ENV }} run: | aws s3 cp $IMAGE_TAG.zip s3://$BUCKET_NAME/$IMAGE_TAG.zip + - name: Create application version + env: + BUCKET_NAME: ${{ secrets.BUCKET_NAME }} + APP_NAME: ${{ secrets.APP_NAME }} + continue-on-error: true # Allow to skip so that workflow can be rerun if environment update fails + run: | aws elasticbeanstalk create-application-version --application-name $APP_NAME \ --version-label $IMAGE_TAG \ --source-bundle S3Bucket=$BUCKET_NAME,S3Key=$IMAGE_TAG.zip \ --description "${{ github.event.head_commit.message }}" + - name: Update EB environment + env: + APP_NAME: ${{ secrets.APP_NAME }} + DEPLOY_ENV: ${{ secrets.DEPLOY_ENV }} + run: | + aws elasticbeanstalk update-environment --application-name $APP_NAME \ + --environment-name $DEPLOY_ENV \ + --version-label $IMAGE_TAG + aws elasticbeanstalk update-environment --application-name $APP_NAME \ --environment-name $DEPLOY_ENV \ --version-label $IMAGE_TAG From 6541681295392a2b0dad65c2205917f12bbb6ec7 Mon Sep 17 00:00:00 2001 From: shuli-ogp Date: Thu, 2 Dec 2021 14:09:35 +0800 Subject: [PATCH 23/25] feat: add retry if deployment to eb fails --- .github/workflows/deploy-eb.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/.github/workflows/deploy-eb.yml b/.github/workflows/deploy-eb.yml index 281f23cb6b..4412eba23c 100644 --- a/.github/workflows/deploy-eb.yml +++ b/.github/workflows/deploy-eb.yml @@ -79,14 +79,22 @@ jobs: --description "${{ github.event.head_commit.message }}" - name: Update EB environment + id: update-eb-1 env: APP_NAME: ${{ secrets.APP_NAME }} DEPLOY_ENV: ${{ secrets.DEPLOY_ENV }} + continue-on-error: true # Retry in next step run: | aws elasticbeanstalk update-environment --application-name $APP_NAME \ --environment-name $DEPLOY_ENV \ --version-label $IMAGE_TAG + - name: Update EB environment (retry) # Update is sometimes flaky + if: steps.update-eb-1.outcome == 'failure' + env: + APP_NAME: ${{ secrets.APP_NAME }} + DEPLOY_ENV: ${{ secrets.DEPLOY_ENV }} + run: | aws elasticbeanstalk update-environment --application-name $APP_NAME \ --environment-name $DEPLOY_ENV \ --version-label $IMAGE_TAG From f6481d35701034b71d2aea6b7746a8af86b41961 Mon Sep 17 00:00:00 2001 From: shuli-ogp Date: Thu, 2 Dec 2021 14:46:08 +0800 Subject: [PATCH 24/25] feat: add run attempt to image tag --- .github/workflows/deploy-eb.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/deploy-eb.yml b/.github/workflows/deploy-eb.yml index 4412eba23c..0d959fb471 100644 --- a/.github/workflows/deploy-eb.yml +++ b/.github/workflows/deploy-eb.yml @@ -21,7 +21,7 @@ jobs: environment: name: ${{ needs.set_environment.outputs.current_env }} env: - IMAGE_TAG: github-actions-${{ github.sha }}-${{ github.run_id }} + IMAGE_TAG: github-actions-${{ github.sha }}-${{ github.run_id }}-${{github.run_attempt}} BRANCH: ${{ needs.set_environment.outputs.current_env }} runs-on: ubuntu-latest steps: @@ -71,7 +71,6 @@ jobs: env: BUCKET_NAME: ${{ secrets.BUCKET_NAME }} APP_NAME: ${{ secrets.APP_NAME }} - continue-on-error: true # Allow to skip so that workflow can be rerun if environment update fails run: | aws elasticbeanstalk create-application-version --application-name $APP_NAME \ --version-label $IMAGE_TAG \ From 9d9f5fdb3414d6bc6c746b138b71c1757062c148 Mon Sep 17 00:00:00 2001 From: shuli-ogp Date: Thu, 2 Dec 2021 14:52:31 +0800 Subject: [PATCH 25/25] chore: remove auto retry --- .github/workflows/deploy-eb.yml | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/.github/workflows/deploy-eb.yml b/.github/workflows/deploy-eb.yml index 0d959fb471..d27e932649 100644 --- a/.github/workflows/deploy-eb.yml +++ b/.github/workflows/deploy-eb.yml @@ -79,17 +79,6 @@ jobs: - name: Update EB environment id: update-eb-1 - env: - APP_NAME: ${{ secrets.APP_NAME }} - DEPLOY_ENV: ${{ secrets.DEPLOY_ENV }} - continue-on-error: true # Retry in next step - run: | - aws elasticbeanstalk update-environment --application-name $APP_NAME \ - --environment-name $DEPLOY_ENV \ - --version-label $IMAGE_TAG - - - name: Update EB environment (retry) # Update is sometimes flaky - if: steps.update-eb-1.outcome == 'failure' env: APP_NAME: ${{ secrets.APP_NAME }} DEPLOY_ENV: ${{ secrets.DEPLOY_ENV }}