Skip to content
Deploy to dev cluster

ci: WIP #713

Sign in to view logs

ci: WIP

ci: WIP #713

Workflow file for this run

.github/workflows/dev-deploy.yml at 7fd8b42
name: Deploy to dev cluster
on:
push:
branches:
- 'dev-*'
delete:
branches:
- 'dev-*'
pull_request:
types: [labeled, unlabeled, synchronize, closed]
# https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services
permissions:
id-token: write
contents: read
jobs:
deploy-to-dev:
name: deploy dev branch
runs-on: ubuntu-latest
environment: dev
if: |
github.repository == 'chanzuckerberg/cryoet-data-portal' && (
github.event_name != 'pull_request' ||
(
startsWith(github.head_ref, 'dev-') != true &&
(
contains(github.event.pull_request.labels.*.name, 'preview') ||
(
github.event.action == 'unlabeled' &&
github.event.label.name == 'preview'
)
)
)
)
steps:
- name: Checkout Repo
uses: actions/checkout@v3
- id: deploy-data
name: get stack name
uses: actions/github-script@v7
with:
script: |
const getDeployData = require('./.github/get-deploy-data')
return getDeployData({
event: ${{ toJson(github.event) }},
eventName: '${{ github.event_name }}',
})
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
mask-aws-account-id: true
aws-region: ${{ secrets.AWS_REGION }}
role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
role-duration-seconds: 1200
- name: check value
run: |
echo ${{ fromJson(steps.deploy-data.outputs.result) }}
echo '${{ fromJson(fromJson(steps.deploy-data.outputs.result).isPush) }}'
echo '${{ fromJson(steps.deploy-data.outputs.result).isSync }}'
echo '${{ fromJson(steps.deploy-data.outputs.result).url }}'
- name: Create or update dev stack
if: |
fromJson(steps.deploy-data.outputs.result).isPush ||
fromJson(steps.deploy-data.outputs.result).isLabeled ||
fromJson(steps.deploy-data.outputs.result).isSync == 'true'
uses: chanzuckerberg/github-actions/.github/actions/[email protected]
env:
# Force using BuildKit instead of normal Docker, required so that metadata
# is written/read to allow us to use layers of previous builds as cache.
DOCKER_BUILDKIT: 1
COMPOSE_DOCKER_CLI_BUILD: 1
DOCKER_REPO: ${{ secrets.ECR_REPO }}/
ENV: dev
with:
stack-name: ${{ fromJson(steps.deploy-data.outputs.result).ref }}
create-tag: true
tfe-token: ${{ secrets.TFE_TOKEN }}
working-directory: ./frontend
env: dev
operation: create-or-update
- name: Annotate workflow run with frontend URL
if: |
success() && (
fromJson(steps.deploy-data.outputs.result).isPush ||
fromJson(steps.deploy-data.outputs.result).isLabeled ||
fromJson(steps.deploy-data.outputs.result).isSync
)
run: |
echo "# Frontend URL:" >> $GITHUB_STEP_SUMMARY
echo >> $GITHUB_STEP_SUMMARY
echo "https://${{ steps.deploy-data.outputs.result }}.cryoet.dev.si.czi.technology" >> $GITHUB_STEP_SUMMARY
- name: Post comment on PR
if: success() && fromJson(steps.deploy-data.outputs.result).isLabeled
uses: actions/github-script@v7
with:
script: |
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: '# Frontend Preview URL\n\n${{ fromJson(steps.deploy-data.outputs.result).url }}'
})
- name: Delete dev
if: |
fromJson(steps.deploy-data.outputs.result).isDelete ||
fromJson(steps.deploy-data.outputs.result).isUnlabeled ||
fromJson(steps.deploy-data.outputs.result).isClosed
uses: chanzuckerberg/github-actions/.github/actions/[email protected]
env:
ENV: dev
with:
stack-name: ${{ fromJson(steps.deploy-data.outputs.result).ref }}
operation: delete
tfe-token: ${{ secrets.TFE_TOKEN }}
env: dev
working-directory: ./frontend