feat: Add key_name variable for EC2 SSH access and update example con… #20
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy Infrastructure and Services | |
| on: | |
| push: | |
| branches: | |
| - main | |
| workflow_dispatch: | |
| env: | |
| AWS_REGION: us-east-1 | |
| S3_BUCKET: elasticbeanstalk-us-east-1-036027635110 | |
| jobs: | |
| deploy: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - service: control-broker | |
| path: control_broker | |
| application: "controll server" | |
| environment: "Controllserver-env" | |
| deployer: elasticbeanstalk | |
| - service: stream-cleaner | |
| path: stream_cleaner | |
| application: "Stream-cleaner" | |
| environment: "Stream-cleaner-env" | |
| deployer: elasticbeanstalk | |
| - service: visual-controller | |
| path: visual_controller | |
| application: "visual-controller" | |
| environment: "Visual-controller-env" | |
| deployer: elasticbeanstalk | |
| - service: media-relay | |
| path: infra/terraform/media_relay | |
| deployer: terraform | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Create AWS credentials file | |
| shell: bash | |
| run: | | |
| mkdir -p ~/.aws | |
| echo "${{ secrets.AWS_CREDENTIALS_B64 }}" | base64 -d > ~/.aws/credentials | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-region: ${{ env.AWS_REGION }} | |
| env: | |
| AWS_SHARED_CREDENTIALS_FILE: ~/.aws/credentials | |
| - name: Set up Terraform | |
| if: ${{ matrix.deployer == 'terraform' }} | |
| uses: hashicorp/setup-terraform@v3 | |
| with: | |
| terraform_version: 1.7.5 | |
| - name: Build visual controller frontend | |
| if: ${{ matrix.service == 'visual-controller' }} | |
| shell: bash | |
| run: | | |
| python scripts/build_frontend.py | |
| - name: Compute package suffix | |
| id: suffix | |
| shell: bash | |
| run: | | |
| SHORT_SHA="${GITHUB_SHA::7}" | |
| TIMESTAMP="$(date +%Y%m%d%H%M%S)" | |
| echo "value=${SHORT_SHA}-${TIMESTAMP}" >> "$GITHUB_OUTPUT" | |
| - name: Package service | |
| id: package | |
| working-directory: ${{ matrix.path }} | |
| shell: bash | |
| if: ${{ matrix.deployer == 'elasticbeanstalk' }} | |
| run: | | |
| ZIP_NAME="${{ matrix.service }}-${{ steps.suffix.outputs.value }}.zip" | |
| shopt -s dotglob | |
| zip -r "../${ZIP_NAME}" . -x "*/__pycache__/*" -x "*.pyc" | |
| echo "zip-name=${ZIP_NAME}" >> "$GITHUB_OUTPUT" | |
| - name: Upload package to S3 | |
| id: upload | |
| env: | |
| ZIP_NAME: ${{ steps.package.outputs.zip-name }} | |
| shell: bash | |
| if: ${{ matrix.deployer == 'elasticbeanstalk' }} | |
| run: | | |
| S3_KEY="deployments/${{ matrix.service }}/${ZIP_NAME}" | |
| aws s3 cp "${ZIP_NAME}" "s3://${{ env.S3_BUCKET }}/${S3_KEY}" | |
| echo "s3-key=${S3_KEY}" >> "$GITHUB_OUTPUT" | |
| - name: Create Elastic Beanstalk application version | |
| id: version | |
| env: | |
| VERSION_LABEL: ${{ matrix.service }}-${{ steps.suffix.outputs.value }} | |
| shell: bash | |
| if: ${{ matrix.deployer == 'elasticbeanstalk' }} | |
| run: | | |
| aws elasticbeanstalk create-application-version \ | |
| --application-name "${{ matrix.application }}" \ | |
| --version-label "${VERSION_LABEL}" \ | |
| --source-bundle S3Bucket=${{ env.S3_BUCKET }},S3Key=${{ steps.upload.outputs.s3-key }} \ | |
| --process | |
| echo "version-label=${VERSION_LABEL}" >> "$GITHUB_OUTPUT" | |
| - name: Update Elastic Beanstalk environment | |
| shell: bash | |
| if: ${{ matrix.deployer == 'elasticbeanstalk' }} | |
| run: | | |
| aws elasticbeanstalk update-environment \ | |
| --environment-name "${{ matrix.environment }}" \ | |
| --version-label "${{ steps.version.outputs.version-label }}" | |
| - name: Write terraform.tfvars from secret | |
| if: ${{ matrix.deployer == 'terraform' }} | |
| working-directory: ${{ matrix.path }} | |
| env: | |
| TFVARS_B64: ${{ secrets.MEDIA_RELAY_TFVARS_B64 }} | |
| shell: bash | |
| run: | | |
| if [[ -z "$TFVARS_B64" ]]; then | |
| echo "MEDIA_RELAY_TFVARS_B64 secret is not set" >&2 | |
| exit 1 | |
| fi | |
| echo "$TFVARS_B64" | base64 -d > terraform.tfvars | |
| - name: Terraform init | |
| if: ${{ matrix.deployer == 'terraform' }} | |
| working-directory: ${{ matrix.path }} | |
| shell: bash | |
| env: | |
| TF_IN_AUTOMATION: 1 | |
| run: | | |
| terraform init -input=false | |
| - name: Terraform apply | |
| if: ${{ matrix.deployer == 'terraform' }} | |
| working-directory: ${{ matrix.path }} | |
| shell: bash | |
| env: | |
| TF_IN_AUTOMATION: 1 | |
| run: | | |
| terraform apply -input=false -auto-approve | |