Skip to content
Deploy to p2-stage-appv3 environment

Merge pull request #2594 from intersective/2.4.y.z/CORE-7942/descript… #863

Sign in to view logs

Merge pull request #2594 from intersective/2.4.y.z/CORE-7942/descript…

Merge pull request #2594 from intersective/2.4.y.z/CORE-7942/descript… #863

Workflow file for this run

.github/workflows/p2-stage-appv3.yml at b219b8c
################################################
# GITHUB ACTION WORKFLOW NAME
################################################
name: Deploy to p2-stage-appv3 environment
################################################
# GITHUB ACTION EVENT TRIGGER
################################################
on:
workflow_dispatch:
inputs:
INPUT_BRANCH:
description: 'Branch or tag to deploy'
required: true
default: ''
push:
branches:
- 'trunk'
################################################
# GITHUB ACTION JOBS
################################################
jobs:
deploy-p2-stage-appv3:
name: deploy-p2-stage-appv3
runs-on: ubuntu-latest
environment: p2-stage
permissions: write-all
timeout-minutes: 15
################################################
# GITHUB ACTIONS GLOBAL ENV VARIABLES
################################################
env:
REGION : ap-southeast-2
ENV : test # Valid values are dev,test,live only
STACK_NAME: p2-stage # Valid values are au,us,uk,p2,lf,nu,p1-sandbox,p1-stage,p2-stage,shared only
ROOTSTACK: app-v3
CFNS3BucketName: devops-cfn-templates
PRIVATES3BucketName: devops-shared-private
PUBLICZONENAME: p2-stage.practera.com
BUILD_CONFIG: stage
STATUSREPORTS3Bucket: deployment-status.practera.com
STATUS: DEPLOYED
REQUESTOR: ${{ github.event.inputs.REQUESTOR }}
REASON: ${{ github.event.inputs.REASON }}
ENDPOINT: app.p2-stage.practera.com
AWS_ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID }}
CUSTOMPLAIN_PRDMODEFLAG: false # for devtools
steps:
################################################
# Export BRANCH_TAG_NAME
################################################
- name: Get branch for env BRANCH_TAG_NAME
run: |
if [ -z "$INPUT_BRANCH" ]; then
echo "BRANCH_TAG_NAME="$(echo "$GITHUB_REF_NAME") >> $GITHUB_ENV
else
echo "BRANCH_TAG_NAME="$(echo "$INPUT_BRANCH") >> $GITHUB_ENV
fi
env:
INPUT_BRANCH: ${{ github.event.inputs.INPUT_BRANCH }}
################################################
# GITHUB REPO CHECKOUT
################################################
- uses: actions/checkout@v4
with:
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
ref: ${{ env.BRANCH_TAG_NAME }}
################################################
# GET P2 P2STAGE AWS ORGANIZATION NUMBER
################################################
- name: Get AWS Organization Number
id: AWS_ORG
run: |
P2STAGE=$(echo $AWS_ACCOUNT_ID | jq -r .P2STAGE)
CENTRALIZED=$(echo $AWS_ACCOUNT_ID | jq -r .CENTRALIZED)
echo "::add-mask::$P2STAGE"
echo "::add-mask::$CENTRALIZED"
echo "P2STAGE=$P2STAGE" >> $GITHUB_OUTPUT
echo "CENTRALIZED=$CENTRALIZED" >> $GITHUB_OUTPUT
################################################
# NODE ENV
################################################
- name: Setup Node.js environment
uses: actions/setup-node@v4
with:
node-version: 18
################################################
# NODE MODULES CACHE
################################################
- name: Cache node modules
uses: actions/cache@v4
id: cache-node-modules
env:
cache-name: cache
with:
# npm cache files are stored in `~/.npm` on Linux/macOS
path: |
~/.npm
node_modules
*/*/node_modules
key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('**/package.json') }}
restore-keys: |
${{ runner.os }}-build-${{ env.cache-name }}-
${{ runner.os }}-build-
${{ runner.os }}-
################################################
# NODE MODULES INSTALL
################################################
- name: Install dependencies
if: steps.cache-node-modules.outputs.cache-hit != 'true'
run: npm install
################################################
# AWS CLI CONFIGURATION - CENTRALIZED ACCOUNT
################################################
- name: Configure AWS Credentials from P1 Centralized account
uses: ./.github/actions/aws-oidc
with:
role-to-assume: arn:aws:iam::${{ steps.AWS_ORG.outputs.CENTRALIZED }}:role/github-restricted-role-to-assume
region: ${{ env.REGION }}
###############################################################
# SERVERLESS DEPLOYMENT VARIABLES FROM SHARED ACCOUNT
##############################################################
- name: Serverless deployment variables created from shared account
run: |
cat >> .env <<EOF
FILESTACKAWSID=$(aws secretsmanager get-secret-value --secret-id $STACK_NAME-DEPLOY-$ENV| jq --raw-output '.SecretString' | jq -r .FILESTACKID)
P1STACKAWSID=$(aws secretsmanager get-secret-value --secret-id $STACK_NAME-DEPLOY-$ENV| jq --raw-output '.SecretString' | jq -r .P1PRODID)
EOF
env: #TODO: Update once manually to new stack accordingly
STACK_NAME: shared # Valid values are au,us,uk,p2,lf,nu,p1-sandbox,p1-stage,p2-stage,shared only
ENV: live # Valid values are sandbox,stage,live only
################################################
# AWS CLI CONFIGURATION - DEVOPS P2 P2STAGE
################################################
- name: Configure AWS Credentials from p2 stage AU account
uses: ./.github/actions/aws-oidc
with:
role-to-assume: arn:aws:iam::${{ steps.AWS_ORG.outputs.P2STAGE }}:role/github-restricted-role-to-assume
region: ${{ env.REGION }}
###############################################################
# ANGULAR ENVIRONMENT CREATION
##############################################################
- name: Angular Environment creation
run: |
printf "Creating required secret variables for angular environment variable creation\n\n"
export CUSTOM_APPKEY=$(aws secretsmanager get-secret-value --secret-id $STACK_NAME-AppKeySecret-$ENV| jq --raw-output '.SecretString' | jq -r .appkey)
export CUSTOM_FILESTACK_SIGNATURE=$(aws secretsmanager get-secret-value --secret-id $STACK_NAME-FilestackSecret-$ENV| jq --raw-output '.SecretString' | jq -r .signature)
export CUSTOM_FILESTACK_VIRUS_DETECTION=$(aws secretsmanager get-secret-value --secret-id $STACK_NAME-FilestackSecret-$ENV| jq --raw-output '.SecretString' | jq -r .virusdetection)
export CUSTOM_FILESTACK_KEY=$(aws secretsmanager get-secret-value --secret-id $STACK_NAME-FilestackSecret-$ENV| jq --raw-output '.SecretString' | jq -r .apikey)
export CUSTOM_FILESTACK_POLICY=$(aws secretsmanager get-secret-value --secret-id $STACK_NAME-FilestackSecret-$ENV| jq --raw-output '.SecretString' | jq -r .policy)
export CUSTOM_STACK_UUID=$(aws secretsmanager get-secret-value --secret-id $STACK_NAME-LoginCoreSecrets-$ENV| jq --raw-output '.SecretString' | jq -r .APP_STACK_UUID)
export CUSTOM_PUSHER_APPID=$(aws secretsmanager get-secret-value --secret-id $STACK_NAME-PusherSecret-$ENV| jq --raw-output '.SecretString' | jq -r .app_id)
export CUSTOM_PUSHERKEY=$(aws secretsmanager get-secret-value --secret-id $STACK_NAME-PusherSecret-$ENV| jq --raw-output '.SecretString' | jq -r .key)
export CUSTOM_PUSHER_SECRET=$(aws secretsmanager get-secret-value --secret-id $STACK_NAME-PusherSecret-$ENV| jq --raw-output '.SecretString' | jq -r .secret)
export CUSTOM_PUSHER_CLUSTER=$(aws secretsmanager get-secret-value --secret-id $STACK_NAME-PusherSecret-$ENV| jq --raw-output '.SecretString' | jq -r .cluster)
export CUSTOM_INTERCOM=$(aws secretsmanager get-secret-value --secret-id $STACK_NAME-IntercomSecret-$ENV| jq --raw-output '.SecretString' | jq -r .app_id)
export CUSTOM_BADGE_PROJECT_URL=https://badge.p2-stage.practera.com
export CUSTOM_UPLOAD_TUS_ENDPOINT=https://tusd.practera.com/uploads/
export CUSTOM_ENABLE_ASSESSMENT_PAGINATION=true
export CUSTOM_HELPLINE=programs@practera.com
export CUSTOM_STACK_NAME=${{ env.STACK_NAME }}
printf "Angular environment variable creation complete\n\n"
printf "Executing env.sh script\n\n"
chmod +x env.sh && ./env.sh
echo "Extracting chatbotSNStopicARN to send stack update"
echo "ChatBotSNSTopicARN="$(aws cloudformation list-exports --query "Exports[?Name==\`$STACK_NAME-ChatBotSNSTopicARN-$ENV\`].Value" --no-paginate --output text) >> $GITHUB_ENV
env:
CUSTOM_UPLOAD_MAX_FILE_SIZE: 2147483648
CUSTOM_PATH_IMAGE: /appv3/test/images/
CUSTOM_PATH_VIDEO: /appv3/test/videos/
CUSTOM_GRAPH_QL: https://core-graphql-api.${{ env.PUBLICZONENAME }}
CUSTOM_API_ENDPOINT: https://admin.${{ env.PUBLICZONENAME }}/
CUSTOM_S3_BUCKET: files.${{ env.PUBLICZONENAME }}
CUSTOM_ENVIRONMENT: ${{ env.ENV }}
CUSTOM_CHAT_GRAPH_QL: https://chat-api.${{ env.PUBLICZONENAME }}
CUSTOM_GLOBAL_LOGIN_URL: https://app.login-stage.practera.com
CUSTOM_COUNTRY: AUS #TODO CHECK
CUSTOMPLAIN_SKIPGLOBALLOGINFLAG: false
CUSTOM_PATH_ANY: /appv3/test/any/
CUSTOM_AWS_REGION: ${{ env.REGION }}
CUSTOM_JS_ENVIRONEMENT: test #TODO CHECK
CUSTOM_LOGIN_API_URL: https://api.login-stage.practera.com
CUSTOM_NEWRELIC: true
CUSTOM_PORTAL_ID: 3404872
CUSTOM_FORM_ID: 114bee73-67ac-4f23-8285-2b67e0e28df4
CUSTOM_LIVE_SERVER_REGION: AU
CUSTOM_STACK_NAME: ${{ env.STACK_NAME }}
###############################################################
# BUILD WEB PACKAGES
##############################################################
- name: Build Web Packages
run: |
test -f projects/v3/src/environments/environment.ts && echo "environment here" || cp projects/v3/src/environments/environment.local.ts projects/v3/src/environments/environment.ts
node_modules/.bin/ng build request --configuration=${{ env.BUILD_CONFIG }}
node_modules/.bin/ng build v3 --configuration=${{ env.BUILD_CONFIG }}
npm run generate-version-v3
##########################################################
# AWS S3 SYNC - SERVERLESS TEMPLATES
##########################################################
- name: AWS S3 Sync operation
run: |
mv serverless-appv3.yml serverless.yml
aws s3 cp serverless.yml s3://$CFNS3BucketName/$STACK_NAME/$REGION/$ROOTSTACK/sls-templates/serverless-appv3-lambda-edge.yml
aws s3 cp serverless.yml s3://$CFNS3BucketName/$STACK_NAME/$REGION/$ROOTSTACK/sls-templates/serverless.yml
##########################################################
# CLOUDFORMATION EXPORT VARIABLES
##########################################################
- name: Cloudformation Export variables
run: |
cat >> .env <<EOF
CDNSharedACMCertificateArn=$(aws cloudformation list-exports --query "Exports[?Name==\`$STACK_NAME-CDNSharedACMCertificateArn-$ENV\`].Value" --no-paginate --output text)
ChatBotSNSTopicARN=$(aws cloudformation list-exports --query "Exports[?Name==\`$STACK_NAME-ChatBotSNSTopicARN-$ENV\`].Value" --no-paginate --output text)
EOF
##########################################################
# AWS P2STAGE ACCOUNT STEPS BELOW US-EAST-1 FOR LAMBDA@EDGE
##########################################################
- name: Configure AWS Credentials from p2 p2stage AU account
uses: ./.github/actions/aws-oidc
with:
role-to-assume: arn:aws:iam::${{ steps.AWS_ORG.outputs.P2STAGE }}:role/github-restricted-role-to-assume
region: us-east-1
##########################################################
# CLOUDFORMATION EXPORT VARIABLES
##########################################################
- name: Cloudformation Export variables
run: |
cat >> .env <<EOF
Nonce=$GITHUB_SHA
EOF
####################################################
# S3 for lambda@edge
####################################################
- name: S3 Bucket for lambda@edge
run: |
if ! aws s3api head-bucket --bucket $STACK_NAME-lambda-edge-$ENV > /dev/null 2>&1; then
aws s3api create-bucket --bucket $STACK_NAME-lambda-edge-$ENV --region us-east-1
fi
####################################################
# S3 for lambda@edge
####################################################
- name: Deploy lambda@edge
run: |
export $(cat .env | xargs)
bash lambda/deploy.sh
env:
REGION: us-east-1
##########################################################
# CLOUDFORMATION EXPORT VARIABLES
##########################################################
- name: Cloudformation Export variables
run: |
cat >> .env <<EOF
HandlerVersionArn=$(aws cloudformation list-exports --query "Exports[?Name==\`$STACK_NAME-HandlerVersion-$ENV\`].Value" --no-paginate --output text)
EOF
##########################################################
# AWS P2STAGE ACCOUNT STEPS BELOW ap-southeast-2
##########################################################
- name: Configure AWS Credentials from p2 p2stage AU account
uses: ./.github/actions/aws-oidc
with:
role-to-assume: arn:aws:iam::${{ steps.AWS_ORG.outputs.P2STAGE }}:role/github-restricted-role-to-assume
region: ${{ env.REGION }}
###############################################################
# SERVERLESS DEPLOYMENT
##############################################################
- name: Serverless deployment
run: |
echo "Serverless Deploying appv3"
node_modules/.bin/serverless deploy
rm serverless.yml .env
env:
AppV3S3Bucket: app.${{ env.PUBLICZONENAME }}
FILESS3BUCKET: files.${{ env.PUBLICZONENAME }}
FILESS3BUCKETEXIST: true
S3VERSIONING: true
NONCURRENTVERSION_EXPIREINDAYS: 30
##########################################################
# AWS S3 SYNC OPERATIONS
##########################################################
- name: AWS S3 Sync Operations
run: |
APP_V2_S3=$(aws cloudformation list-exports --query "Exports[?Name==\`$STACK_NAME-AppV3S3Bucket-$ENV\`].Value" --no-paginate --output text)
aws s3 sync dist/v3/ s3://$APP_V2_S3 --delete
##########################################################
# AWS CDN CACHE INVALIDATION
##########################################################
- name: AWS Cloudfront Cache invalidation
run: |
APP_V2_CDN=$(aws cloudformation list-exports --query "Exports[?Name==\`$STACK_NAME-AppV3CloudFrontDistributionID-$ENV\`].Value" --no-paginate --output text)
for i in $APP_V2_CDN;do aws cloudfront create-invalidation --distribution-id $i --paths "/*";done
# #########################################################
# # SLACK NOTIFICATION
# #########################################################
- name: Slack Notification
if: always() # Pick up events even if the job fails or is canceled.
uses: 8398a7/action-slack@v3
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
MATRIX_CONTEXT: ${{ toJson(matrix) }} # required
with:
status: ${{ job.status }}
author_name: ${{ env.BRANCH_TAG_NAME }} - ${{ env.ROOTSTACK }} deployed to ${{ env.ENV }} environemnt in ${{ env.STACK_NAME }} AWS account
mention: 'here'
if_mention: failure,cancelled
job_name: deploy-p2-stage-appv3 # Match the name above.
fields: repo,commit,eventName,ref,workflow,message,author,job,took
custom_payload: |
{
username: 'GitHub Action CI WorkFlow',
icon_emoji: ':github:',
attachments: [{
color: '${{ job.status }}' === 'success' ? 'good' : ${{ job.status }}' === 'failure' ? 'danger' : 'warning',
text:
`${process.env.AS_REPO}\n
${process.env.AS_COMMIT}\n
${process.env.AS_EVENT_NAME}\n
@${process.env.AS_REF}\n
@${process.env.AS_WORKFLOW}\n
${process.env.AS_MESSAGE}\n
${process.env.AS_AUTHOR}\n
${process.env.AS_JOB}\n
${process.env.AS_TOOK}`,
}]
}
# ################################################
# # STATUS VARIABLE UPDATE
# ################################################
- name: Deployment status variable update
if: ${{ failure() }}
run: |
echo "STATUS=FAILURE" >> $GITHUB_ENV
# ################################################
# # DEVOPS-DEPLOYMENT REPORT
# ################################################
- name: DevOps Deployment Reporting
if: always()
run: |
pip install --upgrade pip
pip install --upgrade csvtotable
export REASON=$(git log -2 --format=%s | sed -n 2p)
export REQUESTOR=${{ github.actor }}
aws s3 cp s3://$STATUSREPORTS3Bucket/deploy-reporting.sh deploy-reporting.sh
chmod +x deploy-reporting.sh && ./deploy-reporting.sh
echo "LINK="${GITHUB_REPOSITORY##*/}.html >> $GITHUB_ENV
echo $REASON
echo $REQUESTOR