Skip to content
Deploy

Deploy #3086

Sign in to view logs

Deploy

Deploy #3086

Workflow file for this run

.github/workflows/deploy.yml at 2d9eb72
name: Deploy
concurrency: deploy-${{ fromJSON('["pastaporto", "production"]')[github.ref == 'refs/heads/main'] }}
on:
push:
branches:
- main
workflow_dispatch:
env:
TF_WORKSPACE: ${{ fromJSON('["pastaporto", "production"]')[github.ref == 'refs/heads/main'] }}
jobs:
check-pretix-build:
name: Check pretix needs building
runs-on: ubuntu-24.04
outputs:
image_exists: ${{ steps.image.outputs.image_exists }}
githash: ${{ steps.git.outputs.githash }}
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.ref }}
fetch-depth: 0
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.aws_access_key_id }}
aws-secret-access-key: ${{ secrets.aws_secret_access_key }}
aws-region: eu-central-1
- name: Get service githash
id: git
run: |
hash=$(git rev-list -1 HEAD -- ./pretix)
echo "githash=$hash" >> $GITHUB_OUTPUT
- name: Check if commit is already on ECR
id: image
run: |
set +e
aws ecr describe-images --repository-name=pythonit/pretix --image-ids=imageTag=arm-${{ steps.git.outputs.githash }}
if [[ $? == 0 ]]; then
echo "image_exists=1" >> $GITHUB_OUTPUT
else
echo "image_exists=0" >> $GITHUB_OUTPUT
fi
check-frontend-build:
name: Check frontend needs building
runs-on: ubuntu-24.04
outputs:
image_exists: ${{ steps.image.outputs.image_exists }}
githash: ${{ steps.git.outputs.githash }}
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.ref }}
fetch-depth: 0
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.aws_access_key_id }}
aws-secret-access-key: ${{ secrets.aws_secret_access_key }}
aws-region: eu-central-1
- name: Get service githash
id: git
run: |
hash=$(git rev-list -1 HEAD -- frontend)
echo "githash=$hash" >> $GITHUB_OUTPUT
- name: Check if commit is already on ECR
id: image
run: |
set +e
aws ecr describe-images --repository-name=pythonit/${{ fromJSON('["pastaporto", "production"]')[github.ref == 'refs/heads/main'] }}-pycon-frontend --image-ids=imageTag=${{ steps.git.outputs.githash }}
if [[ $? == 0 ]]; then
echo "image_exists=1" >> $GITHUB_OUTPUT
else
echo "image_exists=0" >> $GITHUB_OUTPUT
fi
check-backend-build:
name: Check backend needs building
runs-on: ubuntu-24.04
outputs:
image_exists: ${{ steps.image.outputs.image_exists }}
githash: ${{ steps.git.outputs.githash }}
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.ref }}
fetch-depth: 0
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.aws_access_key_id }}
aws-secret-access-key: ${{ secrets.aws_secret_access_key }}
aws-region: eu-central-1
- name: Get service githash
id: git
run: |
hash=$(git rev-list -1 HEAD -- backend)
echo "githash=$hash" >> $GITHUB_OUTPUT
- name: Check if commit is already on ECR
id: image
run: |
set +e
aws ecr describe-images --repository-name=pythonit/pycon-backend --image-ids=imageTag=arm-${{ steps.git.outputs.githash }}
if [[ $? == 0 ]]; then
echo "image_exists=1" >> $GITHUB_OUTPUT
else
echo "image_exists=0" >> $GITHUB_OUTPUT
fi
build-pretix:
name: Build pretix
needs: [check-pretix-build]
uses: ./.github/workflows/build-pretix.yml
with:
githash: ${{ needs.check-pretix-build.outputs.githash }}
secrets: inherit
if: ${{ needs.check-pretix-build.outputs.image_exists == 0 }}
build-be:
name: Build backend
needs: [check-backend-build]
uses: ./.github/workflows/build-backend.yml
with:
githash: ${{ needs.check-backend-build.outputs.githash }}
secrets: inherit
if: ${{ needs.check-backend-build.outputs.image_exists == 0 }}
deploy-be:
name: Deploy backend
runs-on: ubuntu-24.04
needs: [build-be, build-pretix, check-frontend-build]
if: always() && !cancelled() && !failure() && !contains(needs.*.result, 'failure') && !contains(needs.*.result, 'cancelled')
environment:
name: ${{ fromJSON('["pastaporto", "production"]')[github.ref == 'refs/heads/main'] }}
defaults:
run:
working-directory: ./infrastructure/applications
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.ref }}
fetch-depth: 0
- uses: hashicorp/setup-terraform@v3
with:
terraform_version: 1.2.4
- name: Terraform Init
run: terraform init
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
- name: Terraform Validate
id: validate
run: terraform validate -no-color
- name: Terraform apply
run: terraform apply -target module.pretix -target module.pycon_backend -target module.clamav -target module.database -target module.emails -target module.cluster -target module.vpc -no-color -auto-approve &> /dev/null
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: eu-central-1
wait-be-update:
name: Wait backend deployment
runs-on: ubuntu-24.04
needs: [deploy-be, check-backend-build]
if: always() && !cancelled() && !failure() && !contains(needs.*.result, 'failure') && !contains(needs.*.result, 'cancelled')
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.ref }}
fetch-depth: 0
- name: Wait stable deployment
uses: ./.github/actions/wait-for-deployment
with:
url: https://${{ fromJSON('["pastaporto-", ""]')[github.ref == 'refs/heads/main'] }}admin.pycon.it/health/
githash: ${{ needs.check-backend-build.outputs.githash }}
build-fe:
name: Build frontend
needs: [wait-be-update, check-frontend-build]
uses: ./.github/workflows/build-frontend.yml
with:
githash: ${{ needs.check-frontend-build.outputs.githash }}
tf_environment: ${{ fromJSON('["pastaporto", "production"]')[github.ref == 'refs/heads/main'] }}
secrets: inherit
if: always() && needs.check-frontend-build.outputs.image_exists == 0 && !cancelled() && !failure() && !contains(needs.*.result, 'failure') && !contains(needs.*.result, 'cancelled')
deploy-fe:
name: Deploy frontend
runs-on: ubuntu-24.04
needs: [build-fe]
if: always() && !cancelled() && !failure() && !contains(needs.*.result, 'failure') && !contains(needs.*.result, 'cancelled')
environment:
name: ${{ fromJSON('["pastaporto", "production"]')[github.ref == 'refs/heads/main'] }}
defaults:
run:
working-directory: ./infrastructure/applications
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.ref }}
fetch-depth: 0
- uses: hashicorp/setup-terraform@v3
with:
terraform_version: 1.2.4
- name: Terraform Init
run: terraform init
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
- name: Terraform Validate
id: validate
run: terraform validate -no-color
- name: Terraform apply
run: terraform apply -no-color -auto-approve &> /dev/null
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: eu-central-1
wait-fe-update:
name: Wait frontend deployment
runs-on: ubuntu-24.04
needs: [deploy-fe, check-frontend-build]
if: always() && !cancelled() && !failure() && !contains(needs.*.result, 'failure') && !contains(needs.*.result, 'cancelled')
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.ref }}
fetch-depth: 0
- name: Wait stable deployment
uses: ./.github/actions/wait-for-deployment
with:
url: https://${{ fromJSON('["pastaporto-frontend", "frontend"]')[github.ref == 'refs/heads/main'] }}.pycon.it/api/health
githash: ${{ needs.check-frontend-build.outputs.githash }}