Skip to content

fix: replace malicious polyfill cdn (#347) #136

fix: replace malicious polyfill cdn (#347)

fix: replace malicious polyfill cdn (#347) #136

Workflow file for this run

name: Production Deployment
on:
push:
branches:
- master
jobs:
deploy:
name: Deploy
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Get Composer Cache Directory
id: composer-cache
run: |
echo "::set-output name=dir::$(composer config cache-files-dir)"
- uses: actions/cache@v1
with:
path: ${{ steps.composer-cache.outputs.dir }}
key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
restore-keys: |
${{ runner.os }}-composer-
- name: Run composer install and optimize autoloader
run: php7.4 `which composer` install --optimize-autoloader --no-dev
- name: Cache node modules
uses: actions/cache@v1
env:
cache-name: cache-node-modules
with:
path: ~/.npm
key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-build-${{ env.cache-name }}-
${{ runner.os }}-build-
${{ runner.os }}-
- name: Install NPM dependencies
run: npm install
- name: Compile NPM
run: npm run production
- name: Build and tag docker image
run: |
docker build -f .docker/Dockerfile \
--build-arg APP_ENV=${{ secrets.PROD_APP_ENV }} \
--build-arg APP_KEY=${{ secrets.PROD_APP_KEY }} \
--build-arg APP_URL=${{ secrets.PROD_APP_URL }} \
--build-arg APP_DEBUG=${{ secrets.PROD_APP_DEBUG }} \
--build-arg DB_HOST=${{ secrets.PROD_DB_HOST }} \
--build-arg DB_DATABASE=${{ secrets.PROD_DB_DATABASE }} \
--build-arg DB_USERNAME=${{ secrets.PROD_DB_USERNAME }} \
--build-arg DB_PASSWORD=${{ secrets.PROD_DB_PASSWORD}} \
--build-arg AWS_ACCESS_KEY_ID=${{ secrets.PROD_AWS_ACCESS_KEY_ID}} \
--build-arg AWS_SECRET_ACCESS_KEY=${{ secrets.PROD_AWS_SECRET_ACCESS_KEY}} \
--build-arg AWS_DEFAULT_REGION=${{ secrets.AWS_DEFAULT_REGION}} \
--build-arg AWS_PUBLIC_BUCKET=${{ secrets.PROD_AWS_PUBLIC_BUCKET}} \
--build-arg AWS_PRIVATE_BUCKET=${{ secrets.PROD_AWS_PRIVATE_BUCKET}} \
--build-arg AWS_CDN_URL=${{ secrets.PROD_AWS_CDN_URL}} \
--build-arg FILESYSTEM_DRIVER=${{ secrets.FILESYSTEM_DRIVER}} \
--build-arg MAIL_MAILER=${{ secrets.MAIL_MAILER}} \
--build-arg MAIL_FROM_ADDRESS=${{ secrets.MAIL_FROM_ADDRESS}} \
--build-arg MAIL_FROM_NAME=${{ secrets.MAIL_FROM_NAME}} \
--build-arg MAIL_HOST=${{ secrets.MAIL_HOST}} \
--build-arg MAIL_PORT=${{ secrets.MAIL_PORT}} \
--build-arg MAIL_USERNAME=${{ secrets.MAIL_USERNAME}} \
--build-arg MAIL_PASSWORD=${{ secrets.MAIL_PASSWORD}} \
--build-arg MAIL_CONTACT_TO=${{ secrets.MAIL_CONTACT_TO}} \
--build-arg MAIL_TO_HELP_ADDRESS=${{ secrets.MAIL_TO_HELP_ADDRESS}} \
--build-arg ADMIN_APP_PATH=${{ secrets.ADMIN_APP_PATH}} \
--build-arg S3_KEY=${{ secrets.PROD_AWS_ACCESS_KEY_ID}} \
--build-arg S3_SECRET=${{ secrets.PROD_AWS_SECRET_ACCESS_KEY}} \
--build-arg S3_BUCKET=${{ secrets.PROD_AWS_PUBLIC_BUCKET}} \
--build-arg APP_HOST=${{ secrets.PROD_APP_HOST}} \
--build-arg NOCAPTCHA_SITEKEY=${{ secrets.NOCAPTCHA_SITEKEY}} \
--build-arg NOCAPTCHA_SECRET=${{ secrets.NOCAPTCHA_SECRET}} \
--build-arg SENTRY_LARAVEL_DSN=${{ secrets.SENTRY_LARAVEL_DSN}} \
--build-arg GOOGLE_MAPS_API_KEY=${{ secrets.GOOGLE_MAPS_API_KEY}} \
--build-arg CC_MAIL_TO_HELP_ADDRESS=${{ secrets.PROD_CC_MAIL_TO_HELP_ADDRESS}} \
-t ${{ github.repository }}:${{ github.sha }} \
-t ${{ secrets.PROD_AWS_ECR_REPOSITORY }}:${{ github.sha }} .
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.PROD_AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.PROD_AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.AWS_DEFAULT_REGION }}
- name: Login to AWS ECR
uses: aws-actions/amazon-ecr-login@v1
- name: Push docker image to AWS ECR
run: |
docker push ${{ secrets.PROD_AWS_ECR_REPOSITORY }}:${{ github.sha }}
- name: Prepare AWS EB payload
run: |
echo '{"AWSEBDockerrunVersion":"1","Image":{"Name":"${{ secrets.PROD_AWS_ECR_REPOSITORY }}:${{ github.sha }}","Update":"true"},"Ports":[{"ContainerPort":80,"HostPort":80}]}' > Dockerrun.aws.json
- name: Generate AWS EB deployment package
run: zip -r deploy.zip Dockerrun.aws.json .platform
- name: Deploy docker image from AWS ECR to AWS EB -
uses: einaregilsson/beanstalk-deploy@v11
with:
aws_access_key: ${{ secrets.PROD_AWS_ACCESS_KEY_ID }}
aws_secret_key: ${{ secrets.PROD_AWS_SECRET_ACCESS_KEY }}
region: ${{ secrets.AWS_DEFAULT_REGION }}
application_name: ${{ secrets.PROD_AWS_EB_APPLICATION }}
environment_name: ${{ secrets.PROD_AWS_EB_ENVIRONMENT }}
version_label: ${{ github.sha }}
deployment_package: deploy.zip
use_existing_version_if_available: true
wait_for_deployment: true
wait_for_environment_recovery: 300
- name: Send Slack notification
uses: Ilshidur/action-slack@master
env:
SLACK_WEBHOOK: ${{ secrets.PROD_SLACK_WEBHOOK }}
with:
args: "A new PROD deployment took place. Details: \nhttps://github.com/code4romania/help-for-health/commit/${{ github.sha }}"