Continuous Integration #2188
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Continuous Integration | |
| on: | |
| workflow_run: | |
| workflows: ["Automated Tests"] | |
| branches: [main] | |
| types: | |
| - completed | |
| workflow_dispatch: | |
| inputs: | |
| deploy_env: | |
| description: "Select the target environment" | |
| required: false | |
| default: staging | |
| type: choice | |
| options: | |
| - staging | |
| - prod | |
| git_ref: | |
| description: "Enter Git hash or branch" | |
| required: false | |
| default: main | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.event.inputs.deploy_env }} | |
| cancel-in-progress: false | |
| permissions: | |
| contents: read | |
| id-token: write # required for requesting JWT token from AWS | |
| jobs: | |
| deploy: | |
| runs-on: ubuntu-latest | |
| if: | | |
| github.event_name == 'workflow_dispatch' || | |
| ( | |
| github.event_name == 'workflow_run' && | |
| github.event.workflow_run.conclusion == 'success' | |
| ) | |
| env: | |
| STAGING_DEPLOY_ROLE_ARN: ${{ vars.STAGING_DEPLOY_ROLE_ARN }} | |
| PROD_DEPLOY_ROLE_ARN: ${{ vars.PROD_DEPLOY_ROLE_ARN }} | |
| DEPLOY_ENV: ${{ github.event.inputs.deploy_env || 'staging' }} | |
| steps: | |
| - name: Workflow details | |
| run: | | |
| echo "Event: ${{ github.event_name }}" | |
| echo "Git reference: ${{ github.event.inputs.git_ref || github.ref }}" | |
| echo "Environment: ${{ env.DEPLOY_ENV }}" | |
| - name: Checkout application repository | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| with: | |
| ref: ${{ github.event.inputs.git_ref }} | |
| - name: Get Git SHA | |
| run: | | |
| GIT_SHA=$(git rev-parse HEAD) | |
| echo "$GIT_SHA" > src/git_hash.txt | |
| SHORT_GIT_SHA=${GIT_SHA:0:7} | |
| echo "SHORT_GIT_SHA=$SHORT_GIT_SHA" >> "$GITHUB_ENV" | |
| echo "Git SHA: ${SHORT_GIT_SHA}" | |
| - name: Checkout deploy repository | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| with: | |
| repository: "researchhub/researchhub-internal-utils" | |
| ref: main | |
| path: researchhub-internal-utils | |
| token: ${{ secrets.PAT }} | |
| - name: Copy Beanstalk configuration files | |
| run: | | |
| cp -r researchhub-internal-utils/deploy/backend/config/.ebextensions \ | |
| researchhub-internal-utils/deploy/backend/config/.platform \ | |
| researchhub-internal-utils/deploy/backend/config/Procfile \ | |
| src | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@d0cc045d04ccac9d8b7881df0226f9e82c39688e # v6.8.0 | |
| with: | |
| enable-cache: true | |
| cache-dependency-glob: "uv.lock" | |
| - name: Generate requirements.txt from uv.lock | |
| run: | | |
| uv export --frozen --no-dev > src/requirements.txt | |
| - name: Generate Beanstalk deployment package | |
| run: | | |
| mkdir -p target | |
| cd src | |
| zip -r ../target/deploy.zip . -x '*.git*' | |
| - name: Upload artifact | |
| uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 | |
| with: | |
| name: "backend-${{ env.SHORT_GIT_SHA }}" | |
| path: target/deploy.zip | |
| - name: Get deploy role ARN | |
| id: get-role-arn | |
| run: | | |
| role_arn_name=${DEPLOY_ENV^^}_DEPLOY_ROLE_ARN | |
| role_arn=$(eval echo \$$role_arn_name) | |
| echo "role_arn=$role_arn" >> "$GITHUB_OUTPUT" | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 # v5.0.0 | |
| with: | |
| role-to-assume: ${{ secrets.AWS_GITHUB_ACTIONS_ROLE }} | |
| aws-region: us-east-1 | |
| - name: Assume role | |
| id: aws_credentials | |
| uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 # v5.0.0 | |
| with: | |
| role-to-assume: ${{ steps.get-role-arn.outputs.role_arn }} | |
| role-session-name: github-actions-beanstalk-session | |
| role-chaining: true | |
| role-duration-seconds: 3600 | |
| role-skip-session-tagging: true | |
| aws-region: us-west-2 | |
| retry-max-attempts: 3 | |
| output-credentials: true | |
| - name: Deploy ${{ env.DEPLOY_ENV }} Backend - API | |
| uses: einaregilsson/beanstalk-deploy@27edd8a0ebe8656ac70654372c73f06f7e9a1027 # v22 | |
| with: | |
| aws_access_key: ${{ steps.aws_credentials.outputs.aws-access-key-id }} | |
| aws_secret_key: ${{ steps.aws_credentials.outputs.aws-secret-access-key }} | |
| application_name: backend | |
| environment_name: ${{ env.DEPLOY_ENV }}-backend-api | |
| version_label: ${{ env.SHORT_GIT_SHA }} | |
| use_existing_version_if_available: true | |
| region: us-west-2 | |
| deployment_package: target/deploy.zip | |
| wait_for_environment_recovery: 300 | |
| - name: Deploy ${{ env.DEPLOY_ENV }} Backend - Main Worker | |
| uses: einaregilsson/beanstalk-deploy@27edd8a0ebe8656ac70654372c73f06f7e9a1027 # v22 | |
| with: | |
| aws_access_key: ${{ steps.aws_credentials.outputs.aws-access-key-id }} | |
| aws_secret_key: ${{ steps.aws_credentials.outputs.aws-secret-access-key }} | |
| application_name: backend | |
| environment_name: ${{ env.DEPLOY_ENV }}-backend-worker-main | |
| version_label: ${{ env.SHORT_GIT_SHA }} | |
| use_existing_version_if_available: true | |
| region: us-west-2 | |
| deployment_package: target/deploy.zip | |
| wait_for_environment_recovery: 120 | |
| - name: Deploy ${{ env.DEPLOY_ENV }} Backend - Cermine Worker | |
| uses: einaregilsson/beanstalk-deploy@27edd8a0ebe8656ac70654372c73f06f7e9a1027 # v22 | |
| with: | |
| aws_access_key: ${{ steps.aws_credentials.outputs.aws-access-key-id }} | |
| aws_secret_key: ${{ steps.aws_credentials.outputs.aws-secret-access-key }} | |
| application_name: backend | |
| environment_name: ${{ env.DEPLOY_ENV }}-backend-worker-cermine | |
| version_label: ${{ env.SHORT_GIT_SHA }} | |
| use_existing_version_if_available: true | |
| region: us-west-2 | |
| deployment_package: target/deploy.zip | |
| wait_for_environment_recovery: 120 |