-
Notifications
You must be signed in to change notification settings - Fork 4
137 lines (122 loc) · 5.4 KB
/
deploy_dev.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
name: Deploy Portal to Dev
on:
push:
branches:
- main
jobs:
deploy-dev:
name: Deploy to Dev
runs-on: ubuntu-latest
env:
CLUSTER_NAME: systems-intuition-dev-cluster
SERVICE_NAME: portal-intuition-dev
ECR_IMAGE: ${{ secrets.AWS_ACCOUNT }}.dkr.ecr.${{ secrets.AWS_REGION }}.amazonaws.com/portal-dev:latest
steps:
- name: Check if important variables are set
shell: bash
run: |
if [[ ${{ secrets.AWS_ACCESS_KEY_ID }} == '' ]]; then
echo "secret AWS_ACCESS_KEY_ID not set"
exit 1
fi
if [[ ${{ secrets.AWS_SECRET_ACCESS_KEY }} == '' ]]; then
echo "secret AWS_SECRET_ACCESS_KEY not set"
exit 1
fi
if [[ ${{ secrets.AWS_ACCOUNT }} == '' ]]; then
echo "secret AWS_ACCOUNT not set"
exit 1
fi
- name: Print variables
shell: bash
run: |
echo "ENV=$ENV"
echo "CLUSTER_NAME=$CLUSTER_NAME"
echo "SERVICE_NAME=$SERVICE_NAME"
echo "ECR_IMAGE=$ECR_IMAGE"
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: 20
- name: Setup pnpm
uses: pnpm/action-setup@v3
with:
version: 9.0.6
- name: Install dependencies
run: pnpm install
- name: Run codegen for API package
run: API_URL=https://dev.api.intuition.systems pnpm run codegen
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v2
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.AWS_REGION }}
- name: Login to Amazon ECR
uses: aws-actions/amazon-ecr-login@v1
with:
mask-password: true
- name: Build, tag, and push image to AWS ECR
run: |
echo "${{ secrets.PRIVY_VERIFICATION_KEY_DEV }}" > privy_verification_key.pem
docker build \
--platform linux/x86_64 \
-t portal \
-f apps/portal/Dockerfile \
. \
--build-arg ALCHEMY_MAINNET_API_KEY=${{ secrets.ALCHEMY_MAINNET_API_KEY }} \
--build-arg ALCHEMY_API_KEY=${{ secrets.ALCHEMY_API_KEY }} \
--build-arg ALCHEMY_MAINNET_RPC_URL=${{ secrets.ALCHEMY_MAINNET_RPC_URL }} \
--build-arg ALCHEMY_BASE_SEPOLIA_RPC_URL=${{ secrets.ALCHEMY_BASE_SEPOLIA_RPC_URL }} \
--build-arg ALCHEMY_BASE_RPC_URL=${{ secrets.ALCHEMY_BASE_RPC_URL }} \
--build-arg WALLETCONNECT_PROJECT_ID=${{ secrets.WALLETCONNECT_PROJECT_ID }} \
--build-arg SESSION_SECRET=${{ secrets.SESSION_SECRET }} \
--build-arg API_URL=${{ secrets.API_URL }} \
--build-arg API_KEY=${{ secrets.API_KEY }} \
--build-arg PRIVY_APP_ID=${{ secrets.PRIVY_APP_ID }} \
--build-arg PRIVY_APP_SECRET=${{ secrets.PRIVY_APP_SECRET }} \
--build-arg PRIVY_VERIFICATION_KEY="$(cat privy_verification_key.pem)" \
--build-arg CLOUDINARY_CLOUD_NAME=${{ secrets.CLOUDINARY_CLOUD_NAME }} \
--build-arg CLOUDINARY_API_KEY=${{ secrets.CLOUDINARY_API_KEY }} \
--build-arg CLOUDINARY_API_SECRET=${{ secrets.CLOUDINARY_API_SECRET }} \
--build-arg SENTRY_DSN=${{ secrets.SENTRY_DSN }} \
--build-arg SENTRY_AUTH_TOKEN=${{ secrets.SENTRY_AUTH_TOKEN }} \
--build-arg SENTRY_ORG=${{ secrets.SENTRY_ORG }} \
--build-arg SENTRY_PROJECT=${{ secrets.SENTRY_PROJECT }} \
--build-arg VITE_DEPLOY_ENV=development \
--build-arg ORIGIN_URL=${{ secrets.ORIGIN_URL_DEVELOPMENT }} \
--build-arg PHOSPHOR_API_KEY=${{ secrets.PHOSPHOR_API_KEY }} \
--build-arg PHOSPHOR_ADMIN_API_URL=${{ secrets.PHOSPHOR_ADMIN_API_URL }} \
--build-arg PHOSPHOR_COLLECTION_ID=${{ secrets.PHOSPHOR_COLLECTION_ID }} \
--build-arg GTM_TRACKING_ID=${{ secrets.GTM_TRACKING_ID }} \
--build-arg RELIC_GRAPHQL_ENDPOINT=${{ secrets.RELIC_GRAPHQL_ENDPOINT }} \
--build-arg I7N_GRAPHQL_ENDPOINT=${{ secrets.I7N_GRAPHQL_ENDPOINT }} \
--build-arg FF_FULL_LOCKDOWN_ENABLED=false \
--build-arg FF_GENERIC_BANNER_ENABLED=true \
--build-arg FF_INCIDENT_BANNER_ENABLED=false
docker tag portal ${{ env.ECR_IMAGE }}
docker push ${{ env.ECR_IMAGE }}
rm privy_verification_key.pem
- name: Download task definition
shell: bash
run: |
aws ecs describe-task-definition --task-definition ${{ env.SERVICE_NAME }} --query taskDefinition > task-definition.json
- name: Render Amazon ECS task definition
id: render-container
uses: aws-actions/amazon-ecs-render-task-definition@v1
with:
task-definition: task-definition.json
container-name: portal
image: ${{ env.ECR_IMAGE }}
environment-variables: |
AWS_REGION=${{ secrets.AWS_REGION }}
AWS_ACCOUNT=${{ secrets.AWS_ACCOUNT }}
- name: Deploy task definition to Amazon ECS
uses: aws-actions/amazon-ecs-deploy-task-definition@v1
with:
task-definition: ${{ steps.render-container.outputs.task-definition }}
service: ${{ env.SERVICE_NAME }}
cluster: ${{ env.CLUSTER_NAME }}
wait-for-service-stability: true