Skip to content

Commit 9a417b5

Browse files
author
jyoti
committed
new prod workflow
1 parent d626590 commit 9a417b5

File tree

1 file changed

+93
-0
lines changed

1 file changed

+93
-0
lines changed

.github/workflows/build-push-deploy-prod.yaml

+93
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,93 @@
1+
on:
2+
push:
3+
branches:
4+
- new-prod
5+
6+
name: Deploy to AWS Production
7+
8+
jobs:
9+
deploy:
10+
name: Deploy
11+
runs-on: ubuntu-latest
12+
permissions:
13+
id-token: write
14+
env:
15+
AWS_REGION: us-east-1
16+
ECR_REPO_NAME: summer-fi-prod
17+
SERVICE_NAME: summer-fi-prod
18+
CLUSTER_NAME: summer-fi-prod
19+
20+
steps:
21+
- name: Checkout
22+
uses: actions/checkout@v3
23+
24+
- name: Configure AWS credentials
25+
uses: aws-actions/configure-aws-credentials@v4
26+
with:
27+
role-to-assume: ${{ secrets.BUILD_DEPLOY_OIDC_ROLE_PROD }}
28+
aws-region: ${{ env.AWS_REGION }}
29+
30+
- name: Login to Amazon ECR
31+
id: login-ecr
32+
uses: aws-actions/amazon-ecr-login@v1
33+
34+
- name: Extract commit hash
35+
id: vars
36+
shell: bash
37+
run: |
38+
echo "::set-output name=sha_short::$(git rev-parse --short HEAD)"
39+
40+
- name: Build, tag, and push image to Amazon ECR
41+
id: build-image
42+
env:
43+
SHA_TAG: ${{ steps.vars.outputs.sha_short }}
44+
LATEST_TAG: latest
45+
ENVIRONMENT_TAG: prod
46+
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
47+
run: |
48+
# Build a docker container and
49+
# push it to ECR so that it can
50+
# be deployed to ECS.
51+
docker build -f Dockerfile.production \
52+
--build-arg COMMIT_SHA='' \
53+
--build-arg AJNA_SUBGRAPH_URL=${{ secrets.AJNA_SUBGRAPH_URL_PROD }} \
54+
--build-arg AJNA_SUBGRAPH_URL_GOERLI=${{ secrets.AJNA_SUBGRAPH_URL_GOERLI }} \
55+
--build-arg AJNA_SUBGRAPH_V2_URL=${{ secrets.AJNA_SUBGRAPH_V2_URL_PROD }} \
56+
--build-arg AJNA_SUBGRAPH_V2_URL_GOERLI=${{ secrets.AJNA_SUBGRAPH_V2_URL_GOERLI }} \
57+
--build-arg MIXPANEL_ENV=production \
58+
--build-arg MIXPANEL_KEY=${{ secrets.MIXPANEL_KEY_PROD }} \
59+
--build-arg INFURA_PROJECT_ID=${{ secrets.INFURA_PROJECT_ID_PROD }} \
60+
--build-arg ETHERSCAN_API_KEY=${{ secrets.ETHERSCAN_API_KEY }} \
61+
--build-arg BLOCKNATIVE_API_KEY=${{ secrets.BLOCKNATIVE_API_KEY_PROD }} \
62+
--build-arg SHOW_BUILD_INFO=0 \
63+
--build-arg NODE_ENV=production \
64+
--build-arg NEXT_PUBLIC_SENTRY_ENV=production \
65+
--build-arg SENTRY_AUTH_TOKEN=${{ secrets.SENTRY_AUTH_TOKEN }} \
66+
--build-arg PRODUCT_HUB_KEY=${{ secrets.PRODUCT_HUB_KEY }} \
67+
--build-arg ONE_INCH_API_KEY=${{ secrets.ONE_INCH_API_KEY_PROD }} \
68+
--build-arg ONE_INCH_API_URL=${{ secrets.ONE_INCH_API_URL_PROD }} \
69+
--build-arg REFERRAL_SUBGRAPH_URL=${{ secrets.REFERRAL_SUBGRAPH_URL_PROD }} \
70+
--build-arg CONFIG_URL=${{ secrets.CONFIG_URL }} \
71+
--build-arg NPM_TOKEN=${{ secrets.NPM_TOKEN }} \
72+
--build-arg BLOG_POSTS_API_KEY=${{ secrets.BLOG_POSTS_API_KEY }} \
73+
--build-arg BLOG_POSTS_API_URL=${{ secrets.BLOG_POSTS_API_URL }} \
74+
--build-arg NEXT_PUBLIC_SPINDL_SDK_KEY=${{ secrets.NEXT_PUBLIC_SPINDL_SDK_KEY }} \
75+
--build-arg NEWSLETTER_API_KEY=${{ secrets.NEWSLETTER_API_KEY }} \
76+
--build-arg NEWSLETTER_PUBLICATION_ID=${{ secrets.NEWSLETTER_PUBLICATION_ID }} \
77+
--build-arg NEWSLETTER_ENDPOINT=${{ secrets.NEWSLETTER_ENDPOINT }} \
78+
--cache-from=$ECR_REGISTRY/$ECR_REPO_NAME:$ENVIRONMENT_TAG \
79+
-t $ECR_REGISTRY/$ECR_REPO_NAME:$SHA_TAG \
80+
-t $ECR_REGISTRY/$ECR_REPO_NAME:$LATEST_TAG \
81+
-t $ECR_REGISTRY/$ECR_REPO_NAME:$ENVIRONMENT_TAG \
82+
.
83+
docker push $ECR_REGISTRY/$ECR_REPO_NAME --all-tags
84+
85+
- name: Update ECS service with latest Docker image
86+
id: service-update
87+
run: |
88+
aws ecs update-service --cluster $CLUSTER_NAME --service ${{ env.SERVICE_NAME }} --force-new-deployment --region $AWS_REGION
89+
90+
- name: Invalidate CloudFront
91+
run:
92+
AWS_MAX_ATTEMPTS=10 aws cloudfront create-invalidation --distribution-id ${{ secrets.NEW_CF_DIST_ID_PROD }} --paths "/*"
93+

0 commit comments

Comments
 (0)