Store Next.js ISG cache on Redis (#4228) #2918
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy | |
| concurrency: deploy-${{ fromJSON('["pastaporto", "production"]')[github.ref == 'refs/heads/main'] }} | |
| on: | |
| push: | |
| branches: | |
| - main | |
| workflow_dispatch: | |
| env: | |
| TF_WORKSPACE: ${{ fromJSON('["pastaporto", "production"]')[github.ref == 'refs/heads/main'] }} | |
| jobs: | |
| create-db: | |
| runs-on: ubuntu-latest | |
| defaults: | |
| run: | |
| working-directory: ./infrastructure/applications | |
| steps: | |
| - uses: actions/checkout@v4 | |
| if: github.ref != 'refs/heads/main' | |
| with: | |
| ref: ${{ github.ref }} | |
| fetch-depth: 0 | |
| - name: Configure AWS credentials | |
| if: github.ref != 'refs/heads/main' | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-access-key-id: ${{ secrets.aws_access_key_id }} | |
| aws-secret-access-key: ${{ secrets.aws_secret_access_key }} | |
| aws-region: eu-central-1 | |
| - uses: hashicorp/setup-terraform@v3 | |
| if: github.ref != 'refs/heads/main' | |
| with: | |
| terraform_version: 1.2.4 | |
| - name: Terraform Init | |
| if: github.ref != 'refs/heads/main' | |
| run: terraform init | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| - name: Terraform apply | |
| if: github.ref != 'refs/heads/main' | |
| run: terraform apply -target module.database -no-color -auto-approve &> /dev/null | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| AWS_DEFAULT_REGION: eu-central-1 | |
| build-pretix: | |
| runs-on: [self-hosted] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.ref }} | |
| fetch-depth: 0 | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-access-key-id: ${{ secrets.aws_access_key_id }} | |
| aws-secret-access-key: ${{ secrets.aws_secret_access_key }} | |
| aws-region: eu-central-1 | |
| - name: Get service githash | |
| id: git | |
| run: | | |
| hash=$(git rev-list -1 HEAD -- ./pretix) | |
| echo "githash=$hash" >> $GITHUB_OUTPUT | |
| - name: Check if commit is already on ECR | |
| id: image | |
| run: | | |
| set +e | |
| aws ecr describe-images --repository-name=pythonit/pretix --image-ids=imageTag=arm-${{ steps.git.outputs.githash }} | |
| if [[ $? == 0 ]]; then | |
| echo "image_exists=1" >> $GITHUB_OUTPUT | |
| else | |
| echo "image_exists=0" >> $GITHUB_OUTPUT | |
| fi | |
| - uses: actions/checkout@v4 | |
| if: ${{ steps.image.outputs.image_exists == 0 }} | |
| with: | |
| repository: pretix/pretix | |
| ref: v2024.10.0 | |
| path: ./pretix-clone | |
| - name: Login to Amazon ECR | |
| if: ${{ steps.image.outputs.image_exists == 0 }} | |
| uses: aws-actions/amazon-ecr-login@v2 | |
| - name: Set up Docker Buildx | |
| id: buildx | |
| if: ${{ steps.image.outputs.image_exists == 0 }} | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Build pretix base | |
| if: ${{ steps.image.outputs.image_exists == 0 }} | |
| uses: docker/build-push-action@v6 | |
| id: build-pretix-base | |
| with: | |
| context: ./pretix-clone | |
| file: ./pretix-clone/Dockerfile | |
| builder: ${{ steps.buildx.outputs.name }} | |
| provenance: false | |
| push: true | |
| tags: | | |
| ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.eu-central-1.amazonaws.com/pythonit/pretix:pretix-base-${{ steps.git.outputs.githash }} | |
| cache-from: type=local,src=/tmp/.buildx-cache | |
| cache-to: type=local,dest=/tmp/.buildx-cache | |
| platforms: linux/arm64 | |
| - name: Build and push pretix | |
| if: ${{ steps.image.outputs.image_exists == 0 }} | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: ./pretix | |
| file: ./pretix/Dockerfile | |
| builder: ${{ steps.buildx.outputs.name }} | |
| provenance: false | |
| push: true | |
| tags: | | |
| ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.eu-central-1.amazonaws.com/pythonit/pretix:arm-${{ steps.git.outputs.githash }} | |
| cache-from: type=local,src=/tmp/.buildx-cache | |
| cache-to: type=local,dest=/tmp/.buildx-cache | |
| platforms: linux/arm64 | |
| build-args: | | |
| PRETIX_IMAGE=${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.eu-central-1.amazonaws.com/pythonit/pretix:pretix-base-${{ steps.git.outputs.githash }} | |
| build-and-push-arm-service: | |
| runs-on: [self-hosted] | |
| permissions: | |
| packages: write | |
| contents: read | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| service: | |
| - name: pycon-backend | |
| dir: backend | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.ref }} | |
| fetch-depth: 0 | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-access-key-id: ${{ secrets.aws_access_key_id }} | |
| aws-secret-access-key: ${{ secrets.aws_secret_access_key }} | |
| aws-region: eu-central-1 | |
| - name: Get service githash | |
| id: git | |
| run: | | |
| hash=$(git rev-list -1 HEAD -- ${{ matrix.service.dir }}) | |
| echo "githash=$hash" >> $GITHUB_OUTPUT | |
| - name: Check if commit is already on ECR | |
| id: image | |
| run: | | |
| set +e | |
| aws ecr describe-images --repository-name=pythonit/${{ matrix.service.name }} --image-ids=imageTag=arm-${{ steps.git.outputs.githash }} | |
| if [[ $? == 0 ]]; then | |
| echo "image_exists=1" >> $GITHUB_OUTPUT | |
| else | |
| echo "image_exists=0" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Set up QEMU dependency | |
| if: ${{ steps.image.outputs.image_exists == 0 }} | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Login to GitHub Packages | |
| if: ${{ steps.image.outputs.image_exists == 0 }} | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Login to Amazon ECR | |
| if: ${{ steps.image.outputs.image_exists == 0 }} | |
| uses: aws-actions/amazon-ecr-login@v2 | |
| - name: Set up Docker Buildx | |
| id: buildx | |
| if: ${{ steps.image.outputs.image_exists == 0 }} | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Build and push | |
| if: ${{ steps.image.outputs.image_exists == 0 }} | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: ./${{ matrix.service.dir }} | |
| file: ./${{ matrix.service.dir }}/Dockerfile | |
| builder: ${{ steps.buildx.outputs.name }} | |
| provenance: false | |
| push: true | |
| tags: | | |
| ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.eu-central-1.amazonaws.com/pythonit/${{ matrix.service.name }}:arm-${{ steps.git.outputs.githash }} | |
| ghcr.io/pythonitalia/pycon/${{ matrix.service.name }}:arm-${{ steps.git.outputs.githash }} | |
| cache-from: type=local,src=/tmp/.buildx-cache | |
| cache-to: type=local,dest=/tmp/.buildx-cache | |
| platforms: linux/arm64 | |
| terraform: | |
| runs-on: ubuntu-latest | |
| needs: [build-and-push-arm-service, build-pretix, create-db] | |
| environment: | |
| name: ${{ fromJSON('["pastaporto", "production"]')[github.ref == 'refs/heads/main'] }} | |
| defaults: | |
| run: | |
| working-directory: ./infrastructure/applications | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.ref }} | |
| fetch-depth: 0 | |
| - uses: hashicorp/setup-terraform@v3 | |
| with: | |
| terraform_version: 1.2.4 | |
| - name: Terraform Init | |
| run: terraform init | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| - name: Terraform Validate | |
| id: validate | |
| run: terraform validate -no-color | |
| - name: Terraform apply | |
| run: terraform apply -target module.pretix -target module.pycon_backend -target module.clamav -target module.database -target module.emails -target module.cluster -no-color -auto-approve &> /dev/null | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| AWS_DEFAULT_REGION: eu-central-1 | |
| wait-aws-update: | |
| runs-on: ubuntu-latest | |
| needs: [terraform] | |
| steps: | |
| - name: Check health status | |
| run: | | |
| while true; do | |
| response=$(curl -s "https://${{ fromJSON('["pastaporto-", ""]')[github.ref == 'refs/heads/main'] }}admin.pycon.it/health") | |
| commit=$(echo $response | jq -r '.commit') | |
| if [ "$commit" == "${{ steps.git.outputs.githash }}" ]; then | |
| echo "New version live" | |
| break | |
| else | |
| echo "Commit hash does not match. Retrying..." | |
| sleep 3 | |
| fi | |
| done | |
| shell: bash | |
| build-fe: | |
| needs: [wait-aws-update] | |
| runs-on: [self-hosted] | |
| permissions: | |
| packages: write | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.ref }} | |
| fetch-depth: 0 | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-access-key-id: ${{ secrets.aws_access_key_id }} | |
| aws-secret-access-key: ${{ secrets.aws_secret_access_key }} | |
| aws-region: eu-central-1 | |
| - name: Get service githash | |
| id: git | |
| run: | | |
| hash=$(git rev-list -1 HEAD -- frontend) | |
| echo "githash=$hash" >> $GITHUB_OUTPUT | |
| - name: Check if commit is already on ECR | |
| id: image | |
| run: | | |
| set +e | |
| aws ecr describe-images --repository-name=pythonit/pycon-frontend --image-ids=imageTag=${{ steps.git.outputs.githash }} | |
| if [[ $? == 0 ]]; then | |
| echo "image_exists=1" >> $GITHUB_OUTPUT | |
| else | |
| echo "image_exists=0" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Set up QEMU dependency | |
| if: ${{ steps.image.outputs.image_exists == 0 }} | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Login to GitHub Packages | |
| if: ${{ steps.image.outputs.image_exists == 0 }} | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Login to Amazon ECR | |
| if: ${{ steps.image.outputs.image_exists == 0 }} | |
| uses: aws-actions/amazon-ecr-login@v2 | |
| - name: Set up Docker Buildx | |
| id: buildx | |
| if: ${{ steps.image.outputs.image_exists == 0 }} | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Get vars | |
| id: vars | |
| if: ${{ steps.image.outputs.image_exists == 0 }} | |
| run: | | |
| cms_hostname=$(aws ssm get-parameter --output text --query Parameter.Value --with-decryption --name /pythonit/${{ env.TF_WORKSPACE }}/pycon-frontend/cms-hostname) | |
| echo "CMS_HOSTNAME=$cms_hostname" >> "$GITHUB_OUTPUT" | |
| conference_code=$(aws ssm get-parameter --output text --query Parameter.Value --with-decryption --name /pythonit/${{ env.TF_WORKSPACE }}/pycon-frontend/conference-code) | |
| echo "CONFERENCE_CODE=$conference_code" >> "$GITHUB_OUTPUT" | |
| - name: Build and push | |
| if: ${{ steps.image.outputs.image_exists == 0 }} | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: ./frontend | |
| file: ./frontend/Dockerfile | |
| builder: ${{ steps.buildx.outputs.name }} | |
| provenance: false | |
| push: true | |
| tags: ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.eu-central-1.amazonaws.com/pythonit/pycon-frontend:${{ steps.git.outputs.githash }} | |
| cache-from: type=local,src=/tmp/.buildx-cache | |
| cache-to: type=local,dest=/tmp/.buildx-cache | |
| platforms: linux/arm64 | |
| build-args: | | |
| API_URL_SERVER=https://${{ fromJSON('["pastaporto-", ""]')[github.ref == 'refs/heads/main'] }}admin.pycon.it | |
| CMS_ADMIN_HOST=${{ fromJSON('["pastaporto-", ""]')[github.ref == 'refs/heads/main'] }}admin.pycon.it | |
| CMS_HOSTNAME=${{ steps.vars.outputs.cms_hostname }} | |
| CONFERENCE_CODE=${{ steps.vars.outputs.conference_code }} | |
| GIT_HASH=${{ steps.git.outputs.githash }} | |
| deploy-fe: | |
| runs-on: ubuntu-latest | |
| needs: [build-fe] | |
| environment: | |
| name: ${{ fromJSON('["pastaporto", "production"]')[github.ref == 'refs/heads/main'] }} | |
| defaults: | |
| run: | |
| working-directory: ./infrastructure/applications | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.ref }} | |
| fetch-depth: 0 | |
| - uses: hashicorp/setup-terraform@v3 | |
| with: | |
| terraform_version: 1.2.4 | |
| - name: Terraform Init | |
| run: terraform init | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| - name: Terraform Validate | |
| id: validate | |
| run: terraform validate -no-color | |
| - name: Terraform apply | |
| run: terraform apply -no-color -auto-approve &> /dev/null | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| AWS_DEFAULT_REGION: eu-central-1 |