-
Notifications
You must be signed in to change notification settings - Fork 7
131 lines (109 loc) · 4.51 KB
/
deploy.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
# Docs: https://docs.github.com/en/actions
name: Deploy to production
run-name: Deploy to production by @${{ github.actor }}
on: workflow_dispatch
jobs:
push-to-production:
runs-on: ubuntu-latest
steps:
- name: Harden CI
uses: step-security/[email protected]
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
*.github.com:443
*.githubusercontent.com:443
ecs.us-west-2.amazonaws.com:443
files.pythonhosted.org:443
github.com:443
pypi.org:443
sts.us-west-2.amazonaws.com:443
- name: Check user
if: ${{ ! contains('["wsanchez", "mikeburg", "plapsley"]', github.actor) }}
run: false
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.AWS_DEFAULT_REGION }}
- name: Checkout source code
uses: actions/checkout@v4
- name: Install Python
uses: actions/setup-python@v5
with:
python-version: "3.12"
- name: Deploy to production
run: ./bin/deploy production
env:
# https://github.com/burningmantech/ranger-ims-server/settings/secrets
AWS_ECR_IMAGE_NAME: ${{ secrets.AWS_ECR_IMAGE_NAME }}
AWS_ECS_CLUSTER_STAGING: rangers
AWS_ECS_SERVICE_STAGING: ${{ secrets.AWS_ECS_SERVICE_STAGING }}
AWS_ECS_CLUSTER_PRODUCTION: rangers
AWS_ECS_SERVICE_PRODUCTION: ${{ secrets.AWS_ECS_SERVICE_PRODUCTION }}
NOTIFY_SMTP_HOST: ${{ secrets.NOTIFY_SMTP_HOST }}
NOTIFY_SMTP_USER: ${{ secrets.NOTIFY_SMTP_USER }}
NOTIFY_SMTP_PASSWORD: ${{ secrets.NOTIFY_SMTP_PASSWORD }}
NOTIFY_EMAIL_RECIPIENT: ${{ secrets.NOTIFY_EMAIL_RECIPIENT }}
NOTIFY_EMAIL_SENDER: ${{ secrets.NOTIFY_EMAIL_SENDER }}
CI: true
PROJECT_NAME: Ranger IMS Server
REPOSITORY_ID: ${{ github.repository }}
BUILD_NUMBER: 0
BUILD_URL: https://github.com/burningmantech/ranger-ims-server/commit/${{ github.sha }}/checks
COMMIT_ID: ${{ github.sha }}
COMMIT_AUTHOR_USER: ${{ github.actor }}
push-to-training:
runs-on: ubuntu-latest
steps:
- name: Harden CI
uses: step-security/[email protected]
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
*.github.com:443
*.githubusercontent.com:443
ecs.us-west-2.amazonaws.com:443
files.pythonhosted.org:443
github.com:443
pypi.org:443
sts.us-west-2.amazonaws.com:443
- name: Check user
if: ${{ ! contains('["wsanchez", "mikeburg", "plapsley"]', github.actor) }}
run: false
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.AWS_DEFAULT_REGION }}
- name: Checkout source code
uses: actions/checkout@v4
- name: Install Python
uses: actions/setup-python@v5
with:
python-version: "3.12"
- name: Deploy to training
run: ./bin/deploy production
env:
# https://github.com/burningmantech/ranger-ims-server/settings/secrets
AWS_ECR_IMAGE_NAME: ${{ secrets.AWS_ECR_IMAGE_NAME }}
AWS_ECS_CLUSTER_STAGING: rangers
AWS_ECS_SERVICE_STAGING: ${{ secrets.AWS_ECS_SERVICE_STAGING }}
AWS_ECS_CLUSTER_PRODUCTION: rangers
AWS_ECS_SERVICE_PRODUCTION: ${{ secrets.AWS_ECS_SERVICE_TRAINING }}
NOTIFY_SMTP_HOST: ${{ secrets.NOTIFY_SMTP_HOST }}
NOTIFY_SMTP_USER: ${{ secrets.NOTIFY_SMTP_USER }}
NOTIFY_SMTP_PASSWORD: ${{ secrets.NOTIFY_SMTP_PASSWORD }}
NOTIFY_EMAIL_RECIPIENT: ${{ secrets.NOTIFY_EMAIL_RECIPIENT }}
NOTIFY_EMAIL_SENDER: ${{ secrets.NOTIFY_EMAIL_SENDER }}
CI: true
PROJECT_NAME: Ranger IMS Server
REPOSITORY_ID: ${{ github.repository }}
BUILD_NUMBER: 0
BUILD_URL: https://github.com/burningmantech/ranger-ims-server/commit/${{ github.sha }}/checks
COMMIT_ID: ${{ github.sha }}
COMMIT_AUTHOR_USER: ${{ github.actor }}