Update config and paths to deploy services with docker compose (#696) #3302
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Chartpress Publish and Deploy | |
| on: | |
| push: | |
| branches: | |
| - 'main' | |
| - 'staging' | |
| - 'disable_alb' | |
| jobs: | |
| build: | |
| runs-on: ubuntu-22.04 | |
| timeout-minutes: 120 | |
| env: | |
| RAILS_MASTER_KEY: ${{ secrets.RAILS_MASTER_KEY }} | |
| steps: | |
| - uses: actions/checkout@v1 | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@v1 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.repository_owner }} | |
| password: ${{ secrets.GHCR_GITHUB_TOKEN }} | |
| - name: Setup python | |
| uses: actions/setup-python@v2 | |
| with: | |
| python-version: '3.7' | |
| - name: Setup git | |
| run: git config --global user.email "[email protected]" && git config --global user.name "Github Action" | |
| - name: Install Chartpress | |
| run: | | |
| pip install chartpress==2.3.0 six ruamel.yaml | |
| - name: Run Chartpress | |
| run: chartpress --push | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GHCR_GITHUB_TOKEN }} | |
| RAILS_MASTER_KEY: ${{ secrets.RAILS_MASTER_KEY }} | |
| _input-file: 'values.development.template.yaml' | |
| _format-key: '{{key}}' | |
| _output-file: 'values.development.yaml' | |
| AWS_SSL_ARN: ${{ secrets.AWS_SSL_ARN }} | |
| ## web | |
| MAILER_ADDRESS: ${{ secrets.MAILER_ADDRESS }} | |
| MAILER_DOMAIN: ${{ secrets.MAILER_DOMAIN }} | |
| MAILER_PASSWORD: ${{ secrets.STAGING_MAILER_PASSWORD }} | |
| MAILER_USERNAME: ${{ secrets.STAGING_MAILER_USERNAME }} | |
| DEVELOPMENT_DB: ${{ secrets.STAGING_DB }} | |
| DEVELOPMENT_DB_EBS: ${{ secrets.STAGING_DB_EBS }} | |
| DEVELOPMENT_DB_PASSWORD: ${{ secrets.STAGING_DB_PASSWORD }} | |
| DEVELOPMENT_DB_USER: ${{ secrets.STAGING_DB_USER }} | |
| DEVELOPMENT_DOMAIN_NAME: ohmstaging.org | |
| DEVELOPMENT_ID_KEY: ${{ secrets.STAGING_ID_KEY }} | |
| DEVELOPMENT_ID_APPLICATION: ${{ secrets.STAGING_ID_APPLICATION }} | |
| DEVELOPMENT_OAUTH_CLIENT_ID: ${{ secrets.STAGING_OAUTH_CLIENT_ID }} | |
| DEVELOPMENT_OAUTH_KEY: ${{ secrets.STAGING_OAUTH_KEY }} | |
| DEVELOPMENT_S3_BUCKET: osmseed-dev | |
| ## tiler | |
| DEVELOPMENT_TILER_DB_HOST: ${{ secrets.STAGING_TILER_DB_HOST }} | |
| DEVELOPMENT_TILER_SERVER_HOST: ${{ secrets.STAGING_TILER_DB_HOST }} | |
| DEVELOPMENT_TILER_DB_PASSWORD: ${{ secrets.STAGING_TILER_DB_PASSWORD }} | |
| DEVELOPMENT_TILER_CACHE_AWS_ACCESS_KEY_ID: ${{ secrets.STAGING_TILER_CACHE_AWS_ACCESS_KEY_ID }} | |
| DEVELOPMENT_TILER_CACHE_AWS_SECRET_ACCESS_KEY: ${{ secrets.STAGING_TILER_CACHE_AWS_SECRET_ACCESS_KEY }} | |
| DEVELOPMENT_SQS_QUEUE_URL: ${{ secrets.STAGING_SQS_QUEUE_URL }} | |
| ## tm | |
| DEVELOPMENT_TM_DB_PASSWORD: ${{ secrets.STAGING_TM_DB_PASSWORD }} | |
| DEVELOPMENT_TM_API_SECRET: ${{ secrets.STAGING_TM_API_SECRET }} | |
| ## nominatim | |
| DEVELOPMENT_NOMINATIM_PG_PASSWORD: ${{ secrets.STAGING_NOMINATIM_PG_PASSWORD }} | |
| ## osmcha | |
| DEVELOPMENT_OSMCHA_PG_PASSWORD: ${{ secrets.STAGING_OSMCHA_PG_PASSWORD }} | |
| DEVELOPMENT_OSMCHA_DJANGO_SECRET_KEY: ${{ secrets.STAGING_OSMCHA_DJANGO_SECRET_KEY }} | |
| DEVELOPMENT_OSMCHA_REACT_APP_MAPBOX_ACCESS_TOKEN: ${{ secrets.STAGING_OSMCHA_REACT_APP_MAPBOX_ACCESS_TOKEN }} | |
| OHM_SLACK_WEBHOOK_URL: ${{ secrets.OHM_SLACK_WEBHOOK_URL }} | |
| ################ Staging secrets ################ | |
| - name: Staging - substitute secrets | |
| if: github.ref == 'refs/heads/staging' || github.ref == 'refs/heads/disable_alb' | |
| uses: bluwy/substitute-string-action@v1 | |
| with: | |
| _input-file: 'values.staging.template.yaml' | |
| _format-key: '{{key}}' | |
| _output-file: 'values.staging.yaml' | |
| STAGING_AWS_SSL_ARN: ${{ secrets.STAGING_AWS_SSL_ARN }} | |
| STAGING_AWS_WAF_WEBACL_ARN: ${{ secrets.STAGING_AWS_WAF_WEBACL_ARN }} | |
| ## web | |
| MAILER_ADDRESS: ${{ secrets.MAILER_ADDRESS }} | |
| MAILER_DOMAIN: ${{ secrets.MAILER_DOMAIN }} | |
| MAILER_PASSWORD: ${{ secrets.STAGING_MAILER_PASSWORD }} | |
| MAILER_USERNAME: ${{ secrets.STAGING_MAILER_USERNAME }} | |
| STAGING_DB: ${{ secrets.STAGING_DB }} | |
| STAGING_DB_EBS: ${{ secrets.STAGING_DB_EBS }} | |
| STAGING_DB_PASSWORD: ${{ secrets.STAGING_DB_PASSWORD }} | |
| STAGING_DB_USER: ${{ secrets.STAGING_DB_USER }} | |
| STAGING_DOMAIN_NAME: ohmstaging.org | |
| STAGING_ID_KEY: ${{ secrets.STAGING_ID_KEY }} | |
| STAGING_ID_APPLICATION: ${{ secrets.STAGING_ID_APPLICATION }} | |
| STAGING_OAUTH_CLIENT_ID: ${{ secrets.STAGING_OAUTH_CLIENT_ID }} | |
| STAGING_OAUTH_KEY: ${{ secrets.STAGING_OAUTH_KEY }} | |
| STAGING_S3_BUCKET: ${{ secrets.STAGING_S3_BUCKET }} | |
| STAGING_RAILS_CREDENTIALS_YML_ENC: ${{ secrets.STAGING_RAILS_CREDENTIALS_YML_ENC }} | |
| STAGING_RAILS_MASTER_KEY: ${{ secrets.STAGING_RAILS_MASTER_KEY }} | |
| STAGING_WIKIPEDIA_AUTH_ID: ${{ secrets.STAGING_WIKIPEDIA_AUTH_ID }} | |
| STAGING_WIKIPEDIA_AUTH_SECRET: ${{ secrets.STAGING_WIKIPEDIA_AUTH_SECRET }} | |
| ## tiler | |
| STAGING_TILER_DB_HOST: ${{ secrets.STAGING_TILER_DB_HOST }} | |
| STAGING_TILER_SERVER_HOST: ${{ secrets.STAGING_TILER_DB_HOST }} | |
| STAGING_TILER_DB_PASSWORD: ${{ secrets.STAGING_TILER_DB_PASSWORD }} | |
| STAGING_TILER_CACHE_AWS_ACCESS_KEY_ID: ${{ secrets.STAGING_TILER_CACHE_AWS_ACCESS_KEY_ID }} | |
| STAGING_TILER_CACHE_AWS_SECRET_ACCESS_KEY: ${{ secrets.STAGING_TILER_CACHE_AWS_SECRET_ACCESS_KEY }} | |
| STAGING_SQS_QUEUE_URL: ${{ secrets.STAGING_SQS_QUEUE_URL }} | |
| ## tm | |
| STAGING_TM_DB_PASSWORD: ${{ secrets.STAGING_TM_DB_PASSWORD }} | |
| STAGING_TM_API_SECRET: ${{ secrets.STAGING_TM_API_SECRET }} | |
| ## nominatim | |
| STAGING_NOMINATIM_PG_PASSWORD: ${{ secrets.STAGING_NOMINATIM_PG_PASSWORD }} | |
| STAGING_NOMINATIM_HOST: ${{ secrets.STAGING_NOMINATIM_HOST }} | |
| ## Overpass api external service | |
| STAGING_OVERPASS_HOST: ${{ secrets.STAGING_OVERPASS_HOST }} | |
| ## osmcha | |
| STAGING_OSMCHA_PG_PASSWORD: ${{ secrets.STAGING_OSMCHA_PG_PASSWORD }} | |
| STAGING_OSMCHA_DJANGO_SECRET_KEY: ${{ secrets.STAGING_OSMCHA_DJANGO_SECRET_KEY }} | |
| STAGING_OSMCHA_REACT_APP_MAPBOX_ACCESS_TOKEN: ${{ secrets.STAGING_OSMCHA_REACT_APP_MAPBOX_ACCESS_TOKEN }} | |
| OHM_SLACK_WEBHOOK_URL: ${{ secrets.OHM_SLACK_WEBHOOK_URL }} | |
| # ohm website | |
| STAGING_OPENSTREETMAP_AUTH_ID: ${{ secrets.STAGING_OPENSTREETMAP_AUTH_ID }} | |
| STAGING_OPENSTREETMAP_AUTH_SECRET: ${{ secrets.STAGING_OPENSTREETMAP_AUTH_SECRET }} | |
| ################ Production secrets ################ | |
| - name: Production - substitute secrets | |
| if: github.ref == 'refs/heads/main' | |
| uses: bluwy/substitute-string-action@v1 | |
| with: | |
| _input-file: 'values.production.template.yaml' | |
| _format-key: '{{key}}' | |
| _output-file: 'values.production.yaml' | |
| PRODUCTION_AWS_SSL_ARN: ${{ secrets.PRODUCTION_AWS_SSL_ARN }} | |
| PRODUCTION_AWS_WAF_WEBACL_ARN: ${{ secrets.PRODUCTION_AWS_WAF_WEBACL_ARN }} | |
| ## web | |
| MAILER_ADDRESS: ${{ secrets.MAILER_ADDRESS }} | |
| MAILER_DOMAIN: ${{ secrets.MAILER_DOMAIN }} | |
| MAILER_PASSWORD: ${{ secrets.MAILER_PASSWORD }} | |
| MAILER_USERNAME: ${{ secrets.MAILER_USERNAME }} | |
| PRODUCTION_DB: ${{ secrets.PRODUCTION_DB }} | |
| PRODUCTION_DB_EBS: ${{ secrets.PRODUCTION_DB_EBS }} | |
| PRODUCTION_DB_PASSWORD: ${{ secrets.PRODUCTION_DB_PASSWORD }} | |
| PRODUCTION_DB_USER: ${{ secrets.PRODUCTION_DB_USER }} | |
| PRODUCTION_DOMAIN_NAME: ${{ secrets.PRODUCTION_DOMAIN_NAME }} | |
| PRODUCTION_ID_KEY: ${{ secrets.PRODUCTION_ID_KEY }} | |
| PRODUCTION_ID_APPLICATION: ${{ secrets.PRODUCTION_ID_APPLICATION }} | |
| PRODUCTION_OAUTH_CLIENT_ID: ${{ secrets.PRODUCTION_OAUTH_CLIENT_ID }} | |
| PRODUCTION_OAUTH_KEY: ${{ secrets.PRODUCTION_OAUTH_KEY }} | |
| PRODUCTION_S3_BUCKET: ${{ secrets.PRODUCTION_S3_BUCKET }} | |
| PRODUCTION_DB_BACKUP_S3_BUCKET: ${{ secrets.PRODUCTION_DB_BACKUP_S3_BUCKET }} | |
| PRODUCTION_RAILS_CREDENTIALS_YML_ENC: ${{ secrets.PRODUCTION_RAILS_CREDENTIALS_YML_ENC }} | |
| PRODUCTION_RAILS_MASTER_KEY: ${{ secrets.PRODUCTION_RAILS_MASTER_KEY }} | |
| PRODUCTION_WIKIPEDIA_AUTH_ID: ${{ secrets.PRODUCTION_WIKIPEDIA_AUTH_ID }} | |
| PRODUCTION_WIKIPEDIA_AUTH_SECRET: ${{ secrets.PRODUCTION_WIKIPEDIA_AUTH_SECRET }} | |
| ## tiler | |
| PRODUCTION_TILER_DB_HOST: ${{ secrets.PRODUCTION_TILER_DB_HOST }} | |
| PRODUCTION_TILER_SERVER_HOST: ${{ secrets.PRODUCTION_TILER_DB_HOST }} | |
| PRODUCTION_TILER_DB_PASSWORD: ${{ secrets.PRODUCTION_TILER_DB_PASSWORD }} | |
| PRODUCTION_TILER_CACHE_AWS_ACCESS_KEY_ID: ${{ secrets.PRODUCTION_TILER_CACHE_AWS_ACCESS_KEY_ID }} | |
| PRODUCTION_SQS_QUEUE_URL: ${{ secrets.PRODUCTION_SQS_QUEUE_URL }} | |
| PRODUCTION_TILER_CACHE_AWS_SECRET_ACCESS_KEY: ${{ secrets.PRODUCTION_TILER_CACHE_AWS_SECRET_ACCESS_KEY }} | |
| ## tm | |
| PRODUCTION_TM_DB_PASSWORD: ${{ secrets.PRODUCTION_TM_DB_PASSWORD }} | |
| PRODUCTION_TM_API_SECRET: ${{ secrets.PRODUCTION_TM_API_SECRET }} | |
| ## nominatim and nominatim external service ip | |
| PRODUCTION_NOMINATIM_PG_PASSWORD: ${{ secrets.PRODUCTION_NOMINATIM_PG_PASSWORD }} | |
| PRODUCTION_NOMINATIM_HOST: ${{ secrets.PRODUCTION_NOMINATIM_HOST }} | |
| ## Overpass api external service | |
| PRODUCTION_OVERPASS_HOST: ${{ secrets.PRODUCTION_OVERPASS_HOST }} | |
| ## osmcha | |
| PRODUCTION_OSMCHA_PG_PASSWORD: ${{ secrets.PRODUCTION_OSMCHA_PG_PASSWORD }} | |
| PRODUCTION_OSMCHA_DJANGO_SECRET_KEY: ${{ secrets.PRODUCTION_OSMCHA_DJANGO_SECRET_KEY }} | |
| PRODUCTION_OSMCHA_REACT_APP_MAPBOX_ACCESS_TOKEN: ${{ secrets.PRODUCTION_OSMCHA_REACT_APP_MAPBOX_ACCESS_TOKEN }} | |
| OHM_SLACK_WEBHOOK_URL: ${{ secrets.OHM_SLACK_WEBHOOK_URL }} | |
| # ohm website | |
| PRODUCTION_OPENSTREETMAP_AUTH_ID: ${{ secrets.PRODUCTION_OPENSTREETMAP_AUTH_ID }} | |
| PRODUCTION_OPENSTREETMAP_AUTH_SECRET: ${{ secrets.PRODUCTION_OPENSTREETMAP_AUTH_SECRET }} | |
| - name: AWS Credentials | |
| if: github.ref == 'refs/heads/staging' || github.ref == 'refs/heads/main' || github.ref == 'refs/heads/disable_alb' | |
| uses: aws-actions/configure-aws-credentials@v1 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: us-east-1 | |
| - name: Setup Kubectl and Helm Dependencies | |
| if: github.ref == 'refs/heads/staging' || github.ref == 'refs/heads/main' || github.ref == 'refs/heads/disable_alb' | |
| run: | | |
| sudo pip install awscli --ignore-installed six | |
| sudo curl -L -o /usr/bin/kubectl https://amazon-eks.s3.us-west-2.amazonaws.com/1.17.7/2020-07-08/bin/linux/amd64/kubectl | |
| sudo chmod +x /usr/bin/kubectl | |
| sudo curl -o /usr/bin/aws-iam-authenticator https://amazon-eks.s3.us-west-2.amazonaws.com/1.17.7/2020-07-08/bin/linux/amd64/aws-iam-authenticator | |
| sudo chmod +x /usr/bin/aws-iam-authenticator | |
| curl -L https://get.helm.sh/helm-v3.14.4-linux-amd64.tar.gz -o helm.tar.gz | |
| tar -xvzf helm.tar.gz | |
| sudo mv linux-amd64/helm /usr/local/bin/ | |
| sudo chmod +x /usr/local/bin/helm | |
| helm version | |
| - name: Update kube-config staging | |
| if: github.ref == 'refs/heads/staging' || github.ref == 'refs/heads/disable_alb' | |
| run: aws eks --region us-east-1 update-kubeconfig --name osmseed-staging | |
| - name: Update kube-config prod | |
| if: github.ref == 'refs/heads/main' | |
| run: aws eks --region us-east-1 update-kubeconfig --name osmseed-production-v2 | |
| - name: Add Helm repository | |
| if: github.ref == 'refs/heads/staging' || github.ref == 'refs/heads/main' || github.ref == 'refs/heads/disable_alb' | |
| run: | | |
| helm repo add osm-seed https://osm-seed.github.io/osm-seed-chart/ | |
| helm repo update | |
| - name: Install helm dependencies for | |
| if: github.ref == 'refs/heads/staging' || github.ref == 'refs/heads/main' || github.ref == 'refs/heads/disable_alb' | |
| run: cd ohm && helm dep up | |
| # Staging | |
| - name: Staging - helm deploy | |
| if: github.ref == 'refs/heads/staging' || github.ref == 'refs/heads/disable_alb' | |
| run: helm upgrade --install staging --wait ohm/ -f values.staging.yaml -f ohm/values.yaml | |
| # Production | |
| - name: Production - helm deploy | |
| if: github.ref == 'refs/heads/main' | |
| run: helm upgrade --install production --wait ohm/ -f values.production.yaml -f ohm/values.yaml |