Skip to content
Deploy to Dev & Staging (NEW)

Debugging new Deployment workflow (#114) #1

Sign in to view logs

Debugging new Deployment workflow (#114)

Debugging new Deployment workflow (#114) #1

Workflow file for this run

.github/workflows/deployment-dev-staging-new.yml at 9d237f3
name: Deploy to Dev & Staging (NEW)
on:
workflow_dispatch:
push:
branches: [main]
permissions:
id-token: write # This is required for requesting the JWT
contents: read # This is required for actions/checkout
packages: write # Required for publishing packages/images to gcr
pull-requests: write # This allows the workflow to comment on PRs
jobs:
check-changes:
name: Check Changes
runs-on: ubuntu-latest
outputs:
terraform_changed: ${{ steps.check.outputs.terraform_changed }}
code_changed: ${{ steps.check.outputs.code_changed }}
services_with_config_changed: ${{ steps.check.outputs.services_with_config_changed }}
steps:
- name: Check-out Code
uses: actions/checkout@v4
with:
fetch-depth: 0 # Ensure full checkout
- name: Check for Terraform & Code Changes
id: check
run: |
echo "Processing Push Event"
BASE_SHA=${{ github.event.before }}
HEAD_SHA=${{ github.event.after }}
git diff --name-only $BASE_SHA $HEAD_SHA > changed_files.txt
echo "Changed files:"
cat changed_files.txt
echo $'\nChecking for Terraform changes...'
if grep "^infra/terraform/" changed_files.txt | grep -qv "\.md$"; then
echo "terraform_changed=true" >> $GITHUB_OUTPUT
echo "Matching Terraform files:"
grep "^infra/terraform/" changed_files.txt | grep -v "\.md$"
else
echo "terraform_changed=false" >> $GITHUB_OUTPUT
echo "No matching Terraform files"
fi
echo $'\nChecking for Code changes...'
if grep -qE "^(services|packages)/.*\.(py|toml|ya?ml|lock)$" changed_files.txt; then
echo "code_changed=true" >> $GITHUB_OUTPUT
echo "Matching Code files:"
grep -E "^services/|^packages/" changed_files.txt
else
echo "code_changed=false" >> $GITHUB_OUTPUT
echo "No matching Code files"
fi
echo "Checking for Service Config changes..."
services_with_config_changed=$(grep "^services/.*/config/" changed_files.txt | cut -d'/' -f2 | sort -u | jq -R -s -c 'split("\n")[:-1]')
echo "services_with_config_changed=$services_with_config_changed" >> $GITHUB_OUTPUT
- name: Display check-changes Output
run: |
echo "Terraform changed: ${{ steps.check.outputs.terraform_changed }}"
echo "Code changed: ${{ steps.check.outputs.code_changed }}"
echo "Services with Config changed: ${{ steps.check.outputs.services_with_config_changed }}"
deploy-infra:
name: Deploy Infrastructure
needs: [check-changes]
strategy:
matrix:
environment: [dev, staging]
uses: ./.github/workflows/terraform-apply-reusable.yml
with:
environment: ${{ matrix.environment }}
terraform_changed: ${{ needs.check-changes.outputs.terraform_changed }}
deploy-service-config:
name: Deploy Service Config
needs: [check-changes, deploy-infra]
runs-on: ubuntu-latest
strategy:
matrix:
environment: [dev, staging]
environment: ${{ matrix.environment }}
steps:
- name: Check-out Code
if: needs.check-changes.outputs.services_with_config_changed != '[]'
uses: actions/checkout@v4
- name: Configure AWS credentials
if: needs.check-changes.outputs.services_with_config_changed != '[]'
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ vars.AWS_GITHUB_ACTIONS_ROLE }}
role-session-name: GithubWorkflow-ServiceConfigDeployment-${{ matrix.environment }}
aws-region: ${{ vars.AWS_PRIMARY_REGION }}
role-duration-seconds: 900
role-skip-session-tagging: true
- name: Deploy Service Configurations
if: needs.check-changes.outputs.services_with_config_changed != '[]'
run: |
services_array=$(echo '${{ needs.check-changes.outputs.services_with_config_changed }}' | jq -r '.[]')
chmod +x .github/scripts/deploy-service-configuration.sh
for service in $services_array; do
echo "Deploying configuration for service: $service"
if ! .github/scripts/deploy-service-configuration.sh --service-name "$service" --stage ${{ matrix.environment }} --region ${{ vars.AWS_PRIMARY_REGION }} --platform AWS; then
echo "Error: Failed to deploy configuratio for service $service on environment ${{ matrix.environment }} in region ${{ vars.AWS_PRIMARY_REGION }} . Aborting."
return 1
fi
done
echo "Services' configuration deployment completed successfully!"
deploy-services:
runs-on: ubuntu-latest
needs: [check-changes, deploy-service-config]
if: needs.check-changes.outputs.code_changed == 'true'
strategy:
matrix:
environment: [dev, staging]
environment: ${{ matrix.environment }}
steps:
- name: Check-out Code
uses: actions/checkout@v4
with:
fetch-depth: 0 # Ensure full checkout
- name: Configure AWS credentials
id: aws-creds
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ vars.AWS_GITHUB_ACTIONS_ROLE }}
role-session-name: GithubWorkflow-Deployment-dev-staging
aws-region: ${{ vars.AWS_PRIMARY_REGION }}
output-credentials: true
- name: Set-up Devcontainer Environment Variables
run: |
echo "PWD=${GITHUB_WORKSPACE}" >> $GITHUB_ENV
cp .devcontainer/.env.ci .devcontainer/.env
echo ".devcontainer/.env:"
cat .devcontainer/.env
- name: Deploy Services to
uses: devcontainers/[email protected]
env:
GH_ACTIONS_PAT: ${{ secrets.GH_ACTIONS_PAT }}
with:
cacheFrom: ghcr.io/limorl/monorepo-python-sample-devcontainer
push: never
env: |
GH_TOKEN=${{ secrets.GH_ACTIONS_PAT }}
AWS_ACCESS_KEY_ID=${{ steps.aws-creds.outputs.aws-access-key-id }}
AWS_SECRET_ACCESS_KEY=${{ steps.aws-creds.outputs.aws-secret-access-key }}
AWS_SESSION_TOKEN=${{ steps.aws-creds.outputs.aws-session-token }}
AWS_REGION=${{ vars.AWS_PRIMARY_REGION }}
AWS_ACCOUNT_ID=${{ vars.AWS_ACCOUNT_ID }}
AWS_PRIMARY_REGION=${{ vars.AWS_PRIMARY_REGION }}
AWS_GITHUB_ACTIONS_ROLE=${{ vars.AWS_GITHUB_ACTIONS_ROLE }}
ENV=${{ matrix.environment }}
runCmd: |
# Temporarily unset GITHUB_TOKEN
# GITHUB_TOKEN_BACKUP=$GITHUB_TOKEN
# unset GITHUB_TOKEN
# echo "Authenticating with GH_ACTIONS_PAT"
# gh auth login --with-token <<< "$GH_TOKEN"
# echo "Verifying Github credentials..."
# if ! gh auth status; then
# echo "Github authentication failed. Debug info:"
# gh auth status
# exit 1
# fi
# echo "Successfully authenticated with GitHub"
# echo "Verifying AWS credentials..."
# echo "AWS_ACCESS_KEY_ID: ${AWS_ACCESS_KEY_ID:0:5}..."
# echo "AWS_SECRET_ACCESS_KEY: ${AWS_SECRET_ACCESS_KEY:0:5}..."
# echo "AWS_SESSION_TOKEN: ${AWS_SESSION_TOKEN:0:5}..."
# echo "AWS_REGION: $AWS_REGION"
echo "Verifying AWS credentials..."
if ! aws sts get-caller-identity; then
echo "AWS authentication failed. Debug info:"
aws sts get-caller-identity --debug
exit 1
fi
echo "Successfully authenticated with AWS"
deploy_to_env() {
# local ENV=$1
# echo ">> Getting variables for $ENV environment:"
# if ! VARS=$(gh variable list -e $ENV 2>&1); then
# echo "Failed to list variables. Error:"
# echo "$VARS"
# echo "Attempting to get repository details..."
# gh api repos/$GITHUB_REPOSITORY || echo "Failed to access repo API"
# echo "Attempting to list environments..."
# gh api repos/$GITHUB_REPOSITORY/environments || echo "Failed to list environments"
# else
# echo "$VARS"
# fi
# AWS_ACCOUNT_ID=$(echo "$VARS" | grep AWS_ACCOUNT_ID | awk '{print $2}')
# AWS_PRIMARY_REGION=$(echo "$VARS" | grep AWS_PRIMARY_REGION | awk '{print $2}')
# AWS_GITHUB_ACTIONS_ROLE=$(echo "$VARS" | grep AWS_GITHUB_ACTIONS_ROLE | awk '{print $2}')
if [ -z "$AWS_ACCOUNT_ID" ] || [ -z "$AWS_PRIMARY_REGION" ] || [ -z "$AWS_GITHUB_ACTIONS_ROLE" ]; then
echo "Failed to retrieve necessary AWS variables for $ENV environment"
return 1
fi
echo "AWS_ACCOUNT_ID: $AWS_ACCOUNT_ID"
echo "AWS_PRIMARY_REGION: $AWS_PRIMARY_REGION"
echo "AWS_GITHUB_ACTIONS_ROLE: $AWS_GITHUB_ACTIONS_ROLE"
echo ">> Deploying to $ENV environment..."
chmod +x .github/scripts/sam-build-and-deploy-services.sh
chmod +x .github/scripts/deploy-service-configuration.sh
if ! .github/scripts/sam-build-and-deploy-services.sh $ENV $AWS_ACCOUNT_ID $AWS_PRIMARY_REGION false ; then
echo "Deployment failed for $ENV environment"
return 1
fi
echo "Deployment completed successfully for $ENV environment"
}
deploy_to_env
# deploy_to_env "dev" || exit 1
# deploy_to_env "staging" || exit 1
# Restore GITHUB_TOKEN if needed for other operations
export GITHUB_TOKEN=$GITHUB_TOKEN_BACKUP