Skip to content
Deploy

Deploy to development with reset=false core=v1.4.1 country config=f442758 #67

Sign in to view logs

Deploy to development with reset=false core=v1.4.1 country config=f442758

Deploy to development with reset=false core=v1.4.1 country config=f442758 #67

Workflow file for this run

.github/workflows/deploy.yml at e77e987
name: Deploy
run-name: Deploy to ${{ github.event.inputs.environment }} with reset=${{ github.event.inputs.reset }} core=${{ github.event.inputs.core-image-tag }} country config=${{ github.event.inputs.countryconfig-image-tag }}
on:
workflow_dispatch:
inputs:
environment:
type: choice
description: Environment to deploy to
required: true
default: 'development'
options:
- development
- qa
core-image-tag:
description: Core DockerHub image tag
required: true
default: 'v1.4.1'
countryconfig-image-tag:
description: Your Country Config DockerHub image tag
required: true
reset:
type: boolean
description: Reset the environment
default: false
debug:
type: boolean
description: Open SSH session to the runner after deployment
default: false
jobs:
deploy:
environment: ${{ github.event.inputs.environment }}
runs-on: ubuntu-20.04
outputs:
outcome: ${{ steps.deploy.outcome }}
timeout-minutes: 60
steps:
- name: Setup tmate session
uses: mxschmitt/action-tmate@v3
env:
NATIONAL_ID_OIDP_CLIENT_PRIVATE_KEY: ${{ secrets.NATIONAL_ID_OIDP_CLIENT_PRIVATE_KEY }}
NATIONAL_ID_OIDP_JWT_AUD_CLAIM: ${{ secrets.NATIONAL_ID_OIDP_JWT_AUD_CLAIM }}
MOSIP_MEDIATOR_AUTH_PASS: ${{ secrets.MOSIP_MEDIATOR_AUTH_PASS }}
MOSIP_MEDIATOR_AUTH_URL: ${{ secrets.MOSIP_MEDIATOR_AUTH_URL }}
MOSIP_MEDIATOR_AUTH_USER: ${{ secrets.MOSIP_MEDIATOR_AUTH_USER }}
MOSIP_MEDIATOR_BIRTH_PROXY_CALLBACK_URL: ${{ secrets.MOSIP_MEDIATOR_BIRTH_PROXY_CALLBACK_URL }}
MOSIP_MEDIATOR_CLIENT_ID: ${{ secrets.MOSIP_MEDIATOR_CLIENT_ID }}
MOSIP_MEDIATOR_CLIENT_SECRET: ${{ secrets.MOSIP_MEDIATOR_CLIENT_SECRET }}
MOSIP_MEDIATOR_AUTH_CLIENT_ID: ${{ secrets.MOSIP_MEDIATOR_AUTH_CLIENT_ID }}
MOSIP_MEDIATOR_AUTH_CLIENT_SECRET: ${{ secrets.MOSIP_MEDIATOR_AUTH_CLIENT_SECRET }}
MOSIP_MEDIATOR_DEATH_PROXY_CALLBACK_URL: ${{ secrets.MOSIP_MEDIATOR_DEATH_PROXY_CALLBACK_URL }}
MOSIP_MEDIATOR_GENERATE_AID_URL: ${{ secrets.MOSIP_MEDIATOR_GENERATE_AID_URL }}
MOSIP_MEDIATOR_SHA_SECRET: ${{ secrets.MOSIP_MEDIATOR_SHA_SECRET }}
TOKENSEEDER_AUTHTOKEN__MANDATORY_VALIDATION_AUTH_FIELDS: ${{ secrets.TOKENSEEDER_AUTHTOKEN__MANDATORY_VALIDATION_AUTH_FIELDS }}
TOKENSEEDER_CRYPTO_ENCRYPT__ENCRYPT_CERT_PATH: ${{ secrets.TOKENSEEDER_CRYPTO_ENCRYPT__ENCRYPT_CERT_PATH }}
TOKENSEEDER_CRYPTO_SIGNATURE__SIGN_P12_FILE_PASSWORD: ${{ secrets.TOKENSEEDER_CRYPTO_SIGNATURE__SIGN_P12_FILE_PASSWORD }}
TOKENSEEDER_CRYPTO_SIGNATURE__SIGN_P12_FILE_PATH: ${{ secrets.TOKENSEEDER_CRYPTO_SIGNATURE__SIGN_P12_FILE_PATH }}
TOKENSEEDER_MOSIP_AUTH__IDA_AUTH_DOMAIN_URI: ${{ secrets.TOKENSEEDER_MOSIP_AUTH__IDA_AUTH_DOMAIN_URI }}
TOKENSEEDER_MOSIP_AUTH__IDA_AUTH_URL: ${{ secrets.TOKENSEEDER_MOSIP_AUTH__IDA_AUTH_URL }}
TOKENSEEDER_MOSIP_AUTH__PARTNER_APIKEY: ${{ secrets.TOKENSEEDER_MOSIP_AUTH__PARTNER_APIKEY }}
TOKENSEEDER_MOSIP_AUTH__PARTNER_ID: ${{ secrets.TOKENSEEDER_MOSIP_AUTH__PARTNER_ID }}
TOKENSEEDER_MOSIP_AUTH__PARTNER_MISP_LK: ${{ secrets.TOKENSEEDER_MOSIP_AUTH__PARTNER_MISP_LK }}
- name: Clone core
uses: actions/checkout@v3
with:
fetch-depth: 0
repository: 'opencrvs/opencrvs-core'
path: './opencrvs-core'
- name: Clone country config resource package
uses: actions/checkout@v3
with:
fetch-depth: 0
path: './${{ github.event.repository.name }}'
- name: Checkout country branch
run: |
cd ${{ github.event.repository.name }}
git checkout ${{ github.event.inputs.countryconfig-image-tag }}
cd ../
- name: Checkout core branch
run: |
cd opencrvs-core
git checkout ${{ github.event.inputs.core-image-tag }}
- name: Read known hosts
run: |
cd ${{ github.event.repository.name }}
echo "KNOWN_HOSTS<<EOF" >> $GITHUB_ENV
sed -i -e '$a\' ./infrastructure/known-hosts
cat ./infrastructure/known-hosts >> $GITHUB_ENV
echo "EOF" >> $GITHUB_ENV
- name: Install SSH Key
uses: shimataro/ssh-key-action@v2
with:
key: ${{ secrets.SSH_KEY }}
known_hosts: ${{ env.KNOWN_HOSTS }}
- name: Unset KNOWN_HOSTS variable
run: |
echo "KNOWN_HOSTS=" >> $GITHUB_ENV
- name: Login to DockerHub
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_TOKEN }}
- name: Wait for images to be available
run: |
while true; do
if docker manifest inspect opencrvs/ocrvs-auth:${{ github.event.inputs.core-image-tag }}; then
break
fi
sleep 10
done
while true; do
if docker manifest inspect ${{ secrets.DOCKERHUB_ACCOUNT }}/${{ secrets.DOCKERHUB_REPO }}:${{ github.event.inputs.countryconfig-image-tag }}; then
break
fi
sleep 10
done
- name: Export all secrets and environment variables
run: |
cd ./${{ github.event.repository.name }}
SECRETS_JSON_WITH_NEWLINES=$(cat<<EOF
${{ toJSON(secrets) }}
EOF)
#
# Secrets & variables with newlines are filtered out automatically
# This includes SSH_KEY and KNOWN_HOSTS
#
while IFS= read -r secret; do
echo "$secret" >> .env.${{ github.event.inputs.environment }}
done < <(
jq -r '
to_entries |
map(
select(.value | test("\n") | not) |
"\(.key)=\"\(.value)\""
) |
.[]' <<< "$SECRETS_JSON_WITH_NEWLINES"
)
VARS_JSON_WITH_NEWLINES=$(cat<<EOF
${{ toJSON(vars) }}
EOF)
while IFS= read -r var; do
echo "$var" >> .env.${{ github.event.inputs.environment }}
done < <(
jq -r '
to_entries |
map(
select(.value | test("\n") | not) |
"\(.key)=\"\(.value)\""
) |
.[]' <<< "$VARS_JSON_WITH_NEWLINES"
)
- name: Deploy to ${{ github.event.inputs.environment }}
id: deploy
continue-on-error: ${{ github.event.inputs.debug == 'true' }}
run: |
cd ./${{ github.event.repository.name }}
yarn deploy \
--clear_data=no \
--environment=${{ github.event.inputs.environment }} \
--host=${{ vars.DOMAIN }} \
--ssh_host=${{ secrets.SSH_HOST }} \
--ssh_user=${{ secrets.SSH_USER }} \
--version=${{ github.event.inputs.core-image-tag }} \
--country_config_version=${{ github.event.inputs.countryconfig-image-tag }} \
--replicas=${{ vars.REPLICAS }}
- name: Setup tmate session
uses: mxschmitt/action-tmate@v3
if: ${{ github.event.inputs.debug == 'true' }}
reset:
needs: deploy
if: ${{ github.event.inputs.reset == 'true' && needs.deploy.outputs.outcome == 'success' }}
uses: ./.github/workflows/clear-environment.yml
with:
environment: ${{ github.event.inputs.environment }}
secrets: inherit
seed-data:
needs: reset
if: ${{ github.event.inputs.reset == 'true' && needs.reset.outputs.outcome == 'success' }}
uses: ./.github/workflows/seed-data.yml
with:
environment: ${{ github.event.inputs.environment }}
core-image-tag: ${{ github.event.inputs.core-image-tag }}
secrets: inherit