Add .gitignore #12
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy Demo | |
| on: | |
| push: | |
| branches: [ main ] | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| id-token: write | |
| concurrency: | |
| group: demo-build | |
| cancel-in-progress: false | |
| jobs: | |
| deploy_backend_and_frontend: | |
| name: "Backend and Frontend" | |
| if: github.ref == 'refs/heads/main' && github.repository != 'ambarltd/ambar_demo' | |
| runs-on: ubuntu-latest | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| - name: Credential Attributes | |
| id: credential-attributes | |
| run: | | |
| echo "role=$(echo '${{ secrets.GH_ACTION_SECRET }}' | base64 --decode | jq .github_action.github_assumable_role_arn -r)" >> "$GITHUB_OUTPUT" | |
| echo "region=$(echo '${{ secrets.GH_ACTION_SECRET }}' | base64 --decode | jq .github_action.region_name -r)" >> "$GITHUB_OUTPUT" | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v3 | |
| with: | |
| role-to-assume: ${{ steps.credential-attributes.outputs.role }} | |
| aws-region: ${{ steps.credential-attributes.outputs.region }} | |
| role-session-name: "GithubAction" | |
| - name: Login to Amazon ECR | |
| id: login-ecr | |
| uses: aws-actions/amazon-ecr-login@v1 | |
| - name: Build Backend Image | |
| working-directory: ./backend | |
| run: > | |
| DOCKER_BUILDKIT=1 docker build --progress=plain | |
| --tag $(echo '${{ secrets.GH_ACTION_SECRET }}' | base64 --decode | jq .github_action.backend_ecr_repository_url -r):LATEST | |
| --file Dockerfile . | |
| --build-arg="ARG_PG_HOST=$(echo '${{ secrets.GH_ACTION_SECRET }}' | base64 --decode | jq .postgres_application.host -r)" | |
| --build-arg="ARG_PG_DATABASE=$(echo '${{ secrets.GH_ACTION_SECRET }}' | base64 --decode | jq .postgres_application.database -r)" | |
| --build-arg="ARG_PG_PORT=$(echo '${{ secrets.GH_ACTION_SECRET }}' | base64 --decode | jq .postgres_application.port -r)" | |
| --build-arg="ARG_PG_USERNAME=$(echo '${{ secrets.GH_ACTION_SECRET }}' | base64 --decode | jq .postgres_application.username -r)" | |
| --build-arg="ARG_PG_PASSWORD=$(echo '${{ secrets.GH_ACTION_SECRET }}' | base64 --decode | jq .postgres_application.password -r)" | |
| --build-arg="ARG_DESTINATION_USERNAME=$(echo '${{ secrets.GH_ACTION_SECRET }}' | base64 --decode | jq .destination_config.username -r)" | |
| --build-arg="ARG_DESTINATION_PASSWORD=$(echo '${{ secrets.GH_ACTION_SECRET }}' | base64 --decode | jq .destination_config.password -r)" | |
| - name: Push Backend Image | |
| working-directory: ./backend | |
| run: > | |
| docker push $(echo '${{ secrets.GH_ACTION_SECRET }}' | base64 --decode | jq .github_action.backend_ecr_repository_url -r):LATEST | |
| - name: Build Frontend Image | |
| working-directory: ./frontend | |
| run: > | |
| DOCKER_BUILDKIT=1 docker build --progress=plain | |
| --tag $(echo '${{ secrets.GH_ACTION_SECRET }}' | base64 --decode | jq .github_action.frontend_ecr_repository_url -r):LATEST | |
| --file Dockerfile . | |
| --build-arg="ARG_BE_DOMAIN=$(echo '${{ secrets.GH_ACTION_SECRET }}' | base64 --decode | jq .domains.backend_domain_name -r)" | |
| --build-arg="ARG_REPO_BASE_URL=${{ github.server_url }}/${{ github.repository }}" | |
| - name: Push Frontend Image | |
| working-directory: ./frontend | |
| run: > | |
| docker push $(echo '${{ secrets.GH_ACTION_SECRET }}' | base64 --decode | jq .github_action.frontend_ecr_repository_url -r):LATEST | |
| - name: Wait for Deployments | |
| run: sleep 180 | |
| - name: Print Front-End Domain | |
| run: > | |
| echo $(echo '${{ secrets.GH_ACTION_SECRET }}' | base64 --decode | jq .domains.frontend_domain_name -r) | |
| deploy_ambar: | |
| name: "Ambar" | |
| if: github.ref == 'refs/heads/main' && github.repository != 'ambarltd/ambar_demo' | |
| runs-on: ubuntu-latest | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| - name: Credential Attributes | |
| id: credential-attributes | |
| run: | | |
| echo "role=$(echo '${{ secrets.GH_ACTION_SECRET }}' | base64 --decode | jq .github_action.github_assumable_role_arn -r)" >> "$GITHUB_OUTPUT" | |
| echo "region=$(echo '${{ secrets.GH_ACTION_SECRET }}' | base64 --decode | jq .github_action.region_name -r)" >> "$GITHUB_OUTPUT" | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v3 | |
| with: | |
| role-to-assume: ${{ steps.credential-attributes.outputs.role }} | |
| aws-region: ${{ steps.credential-attributes.outputs.region }} | |
| role-session-name: "GithubAction" | |
| - name: Login to Amazon ECR | |
| id: login-ecr | |
| uses: aws-actions/amazon-ecr-login@v1 | |
| - name: Build Terraform container | |
| working-directory: ./.github/workflows | |
| run: docker build -t ambar/terraform-runner --file .terraform.Dockerfile . | |
| - name: Init Terraform | |
| run: > | |
| docker run --env AWS_ACCESS_KEY="${AWS_ACCESS_KEY_ID}" --env AWS_SECRET_ACCESS_KEY="${AWS_SECRET_ACCESS_KEY}" | |
| --env AWS_SESSION_TOKEN="${AWS_SESSION_TOKEN}" --mount "type=bind,source=${PWD}/terraform,target=/var/build-files" | |
| ambar/terraform-runner init -upgrade | |
| -backend-config="dynamodb_table=$(echo '${{ secrets.GH_ACTION_SECRET }}' | base64 --decode | jq .github_action.state_management_table_name -r)" | |
| -backend-config="bucket=$(echo '${{ secrets.GH_ACTION_SECRET }}' | base64 --decode | jq .github_action.state_management_bucket_name -r)" | |
| -backend-config="region=$(echo '${{ secrets.GH_ACTION_SECRET }}' | base64 --decode | jq .github_action.region_name -r)" | |
| env: | |
| GIT_SSH_COMMAND: "echo '${{ secrets.GH_SSH_KEY }}' > id_rsa | |
| && ssh-keyscan github.com > known_hosts | |
| && chmod 600 id_rsa known_hosts | |
| && ssh -i ./id_rsa -o UserKnownHostsFile=./known_hosts" | |
| # In production applications, the lock should be true, i.e. terraform apply -lock=true | |
| # -lock=false is used below because some demo users might interrupt their GitHub Action | |
| - name: Apply Terraform | |
| run: > | |
| docker run --env AWS_ACCESS_KEY="${AWS_ACCESS_KEY_ID}" --env AWS_SECRET_ACCESS_KEY="${AWS_SECRET_ACCESS_KEY}" | |
| --env AWS_SESSION_TOKEN="${AWS_SESSION_TOKEN}" --mount "type=bind,source=${PWD}/terraform,target=/var/build-files" | |
| ambar/terraform-runner apply -auto-approve -lock=false | |
| -var="secret_in_base_64=${{ secrets.GH_ACTION_SECRET }}" | |
| -var="github_repository=${{ github.repository }}" | |
| - name: Wait for Deployments | |
| run: sleep 120 |