Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: migrate CI pipeline to github actions #3120

Merged
merged 25 commits into from
Dec 2, 2021
Merged
Show file tree
Hide file tree
Changes from 21 commits
Commits
Show all changes
25 commits
Select commit Hold shift + click to select a range
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions .github/mergify.yml
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ pull_request_rules:
- check-success~=CodeQL # CodeQL code scanning results
- check-success~=GitGuardian
- check-success~=Semantic Pull Request
- check-success~=Travis CI - Branch
- check-success~=build_deploy_application
- check-success~=coverage/coveralls
- check-success~=license/snyk
- check-success~=security/snyk
Expand All @@ -32,7 +32,7 @@ pull_request_rules:
- check-success~=CodeQL # CodeQL code scanning results
- check-success~=GitGuardian
- check-success~=Semantic Pull Request
- check-success~=Travis CI - Branch
- check-success~=build_deploy_application
- check-success~=coverage/coveralls
- check-success~=license/snyk
- check-success~=security/snyk
Expand Down
79 changes: 79 additions & 0 deletions .github/workflows/deploy-eb.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,79 @@
name: Deploy to AWS Elastic Beanstalk
on:
push:
branches: # There should be 4 environments in github actions secrets: release, staging, staging-alt, uat. This is different from the DEPLOY_ENV secret which corresponds to elastic beanstalk environment name
- release
- staging
- staging-alt
- uat

jobs:
set_environment:
outputs:
current_env: ${{ steps.set-environment.outputs.current_env }}
runs-on: ubuntu-latest
steps:
- id: set-environment
run: echo "::set-output name=current_env::${{github.ref_name}}"

build_deploy_application:
needs: set_environment
environment:
name: ${{ needs.set_environment.outputs.current_env }}
env:
IMAGE_TAG: github-actions-${{ github.sha }}-${{ github.run_id }}
BRANCH: ${{ needs.set_environment.outputs.current_env }}
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/setup-node@v2
with:
node-version: '14'
cache: 'npm'
- name: Build
env:
NODE_OPTIONS: '--max-old-space-size=4096'
run: |
npm ci
set -e
npm_config_mode=yes npx lockfile-lint --type npm --path package.json --validate-https --allowed-hosts npm
npm run lint-ci
npm run build

- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.AWS_DEFAULT_REGION }}

- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1

- name: Build, tag, and push image to Amazon ECR
env:
ECR_REPOSITORY: ${{ secrets.ECR_REPO }}
run: |
docker build -f Dockerfile.production -t $ECR_REPOSITORY:$IMAGE_TAG .
docker tag $ECR_REPOSITORY:$IMAGE_TAG $ECR_REPOSITORY:$BRANCH
docker push -a $ECR_REPOSITORY
sed -i -e "s/@TAG/$IMAGE_TAG/g" Dockerrun.aws.json
zip -r "$IMAGE_TAG.zip" .ebextensions Dockerrun.aws.json

- name: Deploy to Elastic Beanstalk
env:
BUCKET_NAME: ${{ secrets.BUCKET_NAME }}
APP_NAME: ${{ secrets.APP_NAME }}
DEPLOY_ENV: ${{ secrets.DEPLOY_ENV }}
run: |
aws s3 cp $IMAGE_TAG.zip s3://$BUCKET_NAME/$IMAGE_TAG.zip

aws elasticbeanstalk create-application-version --application-name $APP_NAME \
--version-label $IMAGE_TAG \
--source-bundle S3Bucket=$BUCKET_NAME,S3Key=$IMAGE_TAG.zip \
--description "${{ github.event.head_commit.message }}"

aws elasticbeanstalk update-environment --application-name $APP_NAME \
--environment-name $DEPLOY_ENV \
--version-label $IMAGE_TAG
123 changes: 0 additions & 123 deletions .travis.yml

This file was deleted.

2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# FormSG

[![Build Status](https://travis-ci.com/opengovsg/formsg.svg?branch=release)](https://travis-ci.com/opengovsg/formsg)
[![Build Status](https://github.com/opengovsg/FormSG/actions/workflows/deploy-eb.yml)](https://github.com/opengovsg/FormSG/actions/workflows/deploy-eb.yml)
[![Coverage Status](https://coveralls.io/repos/github/opengovsg/FormSG/badge.svg?branch=develop)](https://coveralls.io/github/opengovsg/FormSG?branch=develop)

## Table of Contents
Expand Down
36 changes: 13 additions & 23 deletions docs/DEPLOYMENT_SETUP.md
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Infrastructure

DevOps

- TravisCI for running tests and builds
- Github Actions for running tests and builds
- AWS Elastic Container Registry to host built Docker images

Network
Expand Down Expand Up @@ -76,32 +76,22 @@ Secondly, edit the form document belonging to that specific form adminstrator by

If no `msgSrvcName` is found in the form document, SMSes associated with that form will be sent out using and charged to the default Twilio API credentials.

### Travis CI/CD environment variables
### Github Actions Secrets

For more information about the various environment variables, please refer to
[Travis documentation](https://docs.travis-ci.com/user/deployment/elasticbeanstalk/).

The following env variables are set in Travis:
| Variable | Description|
The following repository secrets are set in Github Actions:
| Secret | Description|
|:---------|------------|
|`REPO`|The repository of the AWS Elastic Container Registry|
|`STAGING_BRANCH`|Name of staging branch, usually `master`.|
|`STAGING_ALT_BRANCH`|Name of staging-alt (if any) branch, usually `release`. An alternate staging branch is used to host diverging feature sets, useful for A/B testing.|
|`PROD_BRANCH`|Name of production branch, usually `release`.|
|`AWS_ACCESS_KEY_ID`|AWS IAM access key ID used to deploy.|
|`AWS_SECRET_ACCESS_KEY`|AWS IAM access secret used to deploy.|
|`AWS_REGION`|AWS region to use.|
|`PROD_APP_NAME`|The names of the deployed docker application for the production application on AWS as determined by `PROD_BRANCH`.|
|`STAGING_APP_NAME`|The names of the deployed docker application for the staging application on AWS as determined by `STAGING_BRANCH`.|
|`PROD_BUCKET_NAME`|Bucket name to upload the code of the production app to. Elastic Beanstalk will create and deploy an application version from the source bundle in this Amazon S3 bucket.|
|`STAGING_BUCKET_NAME`|Bucket name to upload the code of the staging app to. Elastic Beanstalk will create and deploy an application version from the source bundle in this Amazon S3 bucket.|
|`PROD_DEPLOY_ENV`|The name of the Elastic Beanstalk environment the production application will be deployed to.|
|`STAGING_DEPLOY_ENV`|The name of the Elastic Beanstalk environment the staging application will be deployed to.|
|`STAGING_ALT_DEPLOY_ENV`|The name of the Elastic Beanstalk environment the staging-alt application will be deployed to.|
|`SENTRY_ORG`|Organisation that source-maps should be linked to on sentry dashboard.|
|`SENTRY_AUTH_TOKEN`|Authentication token used by sentry cli to authenticate with sentry service.|
|`SENTRY_PROJECT`|Project that source-maps should be linked to on sentry dashboard.|
|`SENTRY_URL`|Sentry service that source-maps should be pushed to.|
|`AWS_DEFAULT_REGION`|AWS region to use.|
|`ECR_REPO`|ECR Repository which stores the docker images.|
|`BUCKET_NAME`| S3 Bucket used to store zipped `Dockerrun.aws.json`.|

There are also environment secrets for each environment (`staging`, `staging-alt`, `release`, `uat`):
| Secret | Description|
|:---------|------------|
|`APP_NAME`|Application name for the environment.|
|`DEPLOY_ENV`|Deployment environment on elastic beanstalk.|

## Environment Variables

Expand Down