fix: replace malicious polyfill cdn (#347) #136
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Production Deployment | |
on: | |
push: | |
branches: | |
- master | |
jobs: | |
deploy: | |
name: Deploy | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v2 | |
- name: Get Composer Cache Directory | |
id: composer-cache | |
run: | | |
echo "::set-output name=dir::$(composer config cache-files-dir)" | |
- uses: actions/cache@v1 | |
with: | |
path: ${{ steps.composer-cache.outputs.dir }} | |
key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }} | |
restore-keys: | | |
${{ runner.os }}-composer- | |
- name: Run composer install and optimize autoloader | |
run: php7.4 `which composer` install --optimize-autoloader --no-dev | |
- name: Cache node modules | |
uses: actions/cache@v1 | |
env: | |
cache-name: cache-node-modules | |
with: | |
path: ~/.npm | |
key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('**/package-lock.json') }} | |
restore-keys: | | |
${{ runner.os }}-build-${{ env.cache-name }}- | |
${{ runner.os }}-build- | |
${{ runner.os }}- | |
- name: Install NPM dependencies | |
run: npm install | |
- name: Compile NPM | |
run: npm run production | |
- name: Build and tag docker image | |
run: | | |
docker build -f .docker/Dockerfile \ | |
--build-arg APP_ENV=${{ secrets.PROD_APP_ENV }} \ | |
--build-arg APP_KEY=${{ secrets.PROD_APP_KEY }} \ | |
--build-arg APP_URL=${{ secrets.PROD_APP_URL }} \ | |
--build-arg APP_DEBUG=${{ secrets.PROD_APP_DEBUG }} \ | |
--build-arg DB_HOST=${{ secrets.PROD_DB_HOST }} \ | |
--build-arg DB_DATABASE=${{ secrets.PROD_DB_DATABASE }} \ | |
--build-arg DB_USERNAME=${{ secrets.PROD_DB_USERNAME }} \ | |
--build-arg DB_PASSWORD=${{ secrets.PROD_DB_PASSWORD}} \ | |
--build-arg AWS_ACCESS_KEY_ID=${{ secrets.PROD_AWS_ACCESS_KEY_ID}} \ | |
--build-arg AWS_SECRET_ACCESS_KEY=${{ secrets.PROD_AWS_SECRET_ACCESS_KEY}} \ | |
--build-arg AWS_DEFAULT_REGION=${{ secrets.AWS_DEFAULT_REGION}} \ | |
--build-arg AWS_PUBLIC_BUCKET=${{ secrets.PROD_AWS_PUBLIC_BUCKET}} \ | |
--build-arg AWS_PRIVATE_BUCKET=${{ secrets.PROD_AWS_PRIVATE_BUCKET}} \ | |
--build-arg AWS_CDN_URL=${{ secrets.PROD_AWS_CDN_URL}} \ | |
--build-arg FILESYSTEM_DRIVER=${{ secrets.FILESYSTEM_DRIVER}} \ | |
--build-arg MAIL_MAILER=${{ secrets.MAIL_MAILER}} \ | |
--build-arg MAIL_FROM_ADDRESS=${{ secrets.MAIL_FROM_ADDRESS}} \ | |
--build-arg MAIL_FROM_NAME=${{ secrets.MAIL_FROM_NAME}} \ | |
--build-arg MAIL_HOST=${{ secrets.MAIL_HOST}} \ | |
--build-arg MAIL_PORT=${{ secrets.MAIL_PORT}} \ | |
--build-arg MAIL_USERNAME=${{ secrets.MAIL_USERNAME}} \ | |
--build-arg MAIL_PASSWORD=${{ secrets.MAIL_PASSWORD}} \ | |
--build-arg MAIL_CONTACT_TO=${{ secrets.MAIL_CONTACT_TO}} \ | |
--build-arg MAIL_TO_HELP_ADDRESS=${{ secrets.MAIL_TO_HELP_ADDRESS}} \ | |
--build-arg ADMIN_APP_PATH=${{ secrets.ADMIN_APP_PATH}} \ | |
--build-arg S3_KEY=${{ secrets.PROD_AWS_ACCESS_KEY_ID}} \ | |
--build-arg S3_SECRET=${{ secrets.PROD_AWS_SECRET_ACCESS_KEY}} \ | |
--build-arg S3_BUCKET=${{ secrets.PROD_AWS_PUBLIC_BUCKET}} \ | |
--build-arg APP_HOST=${{ secrets.PROD_APP_HOST}} \ | |
--build-arg NOCAPTCHA_SITEKEY=${{ secrets.NOCAPTCHA_SITEKEY}} \ | |
--build-arg NOCAPTCHA_SECRET=${{ secrets.NOCAPTCHA_SECRET}} \ | |
--build-arg SENTRY_LARAVEL_DSN=${{ secrets.SENTRY_LARAVEL_DSN}} \ | |
--build-arg GOOGLE_MAPS_API_KEY=${{ secrets.GOOGLE_MAPS_API_KEY}} \ | |
--build-arg CC_MAIL_TO_HELP_ADDRESS=${{ secrets.PROD_CC_MAIL_TO_HELP_ADDRESS}} \ | |
-t ${{ github.repository }}:${{ github.sha }} \ | |
-t ${{ secrets.PROD_AWS_ECR_REPOSITORY }}:${{ github.sha }} . | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v1 | |
with: | |
aws-access-key-id: ${{ secrets.PROD_AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.PROD_AWS_SECRET_ACCESS_KEY }} | |
aws-region: ${{ secrets.AWS_DEFAULT_REGION }} | |
- name: Login to AWS ECR | |
uses: aws-actions/amazon-ecr-login@v1 | |
- name: Push docker image to AWS ECR | |
run: | | |
docker push ${{ secrets.PROD_AWS_ECR_REPOSITORY }}:${{ github.sha }} | |
- name: Prepare AWS EB payload | |
run: | | |
echo '{"AWSEBDockerrunVersion":"1","Image":{"Name":"${{ secrets.PROD_AWS_ECR_REPOSITORY }}:${{ github.sha }}","Update":"true"},"Ports":[{"ContainerPort":80,"HostPort":80}]}' > Dockerrun.aws.json | |
- name: Generate AWS EB deployment package | |
run: zip -r deploy.zip Dockerrun.aws.json .platform | |
- name: Deploy docker image from AWS ECR to AWS EB - | |
uses: einaregilsson/beanstalk-deploy@v11 | |
with: | |
aws_access_key: ${{ secrets.PROD_AWS_ACCESS_KEY_ID }} | |
aws_secret_key: ${{ secrets.PROD_AWS_SECRET_ACCESS_KEY }} | |
region: ${{ secrets.AWS_DEFAULT_REGION }} | |
application_name: ${{ secrets.PROD_AWS_EB_APPLICATION }} | |
environment_name: ${{ secrets.PROD_AWS_EB_ENVIRONMENT }} | |
version_label: ${{ github.sha }} | |
deployment_package: deploy.zip | |
use_existing_version_if_available: true | |
wait_for_deployment: true | |
wait_for_environment_recovery: 300 | |
- name: Send Slack notification | |
uses: Ilshidur/action-slack@master | |
env: | |
SLACK_WEBHOOK: ${{ secrets.PROD_SLACK_WEBHOOK }} | |
with: | |
args: "A new PROD deployment took place. Details: \nhttps://github.com/code4romania/help-for-health/commit/${{ github.sha }}" |