feat: Update Caddyfile for CORS headers and preflight response; chang… #25
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy Infrastructure and Services | |
| on: | |
| push: | |
| branches: | |
| - main | |
| workflow_dispatch: | |
| env: | |
| AWS_REGION: us-east-1 | |
| S3_BUCKET: elasticbeanstalk-us-east-1-036027635110 | |
| jobs: | |
| deploy: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - service: control-broker | |
| path: control_broker | |
| application: "controll server" | |
| environment: "Controllserver-env" | |
| deployer: elasticbeanstalk | |
| - service: stream-cleaner | |
| path: stream_cleaner | |
| application: "Stream-cleaner" | |
| environment: "Stream-cleaner-env" | |
| deployer: elasticbeanstalk | |
| - service: visual-controller | |
| path: visual_controller | |
| application: "visual-controller" | |
| environment: "Visual-controller-env" | |
| deployer: elasticbeanstalk | |
| - service: media-relay | |
| path: infra/terraform/media_relay | |
| deployer: terraform | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Create AWS credentials file | |
| shell: bash | |
| run: | | |
| mkdir -p ~/.aws | |
| echo "${{ secrets.AWS_CREDENTIALS_B64 }}" | base64 -d > ~/.aws/credentials | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-region: ${{ env.AWS_REGION }} | |
| env: | |
| AWS_SHARED_CREDENTIALS_FILE: ~/.aws/credentials | |
| - name: Set up Terraform | |
| if: ${{ matrix.deployer == 'terraform' }} | |
| uses: hashicorp/setup-terraform@v3 | |
| with: | |
| terraform_version: 1.7.5 | |
| - name: Build visual controller frontend | |
| if: ${{ matrix.service == 'visual-controller' }} | |
| shell: bash | |
| run: | | |
| python scripts/build_frontend.py | |
| - name: Compute package suffix | |
| id: suffix | |
| shell: bash | |
| run: | | |
| SHORT_SHA="${GITHUB_SHA::7}" | |
| TIMESTAMP="$(date +%Y%m%d%H%M%S)" | |
| echo "value=${SHORT_SHA}-${TIMESTAMP}" >> "$GITHUB_OUTPUT" | |
| - name: Package service | |
| id: package | |
| working-directory: ${{ matrix.path }} | |
| shell: bash | |
| if: ${{ matrix.deployer == 'elasticbeanstalk' }} | |
| run: | | |
| ZIP_NAME="${{ matrix.service }}-${{ steps.suffix.outputs.value }}.zip" | |
| shopt -s dotglob | |
| zip -r "../${ZIP_NAME}" . -x "*/__pycache__/*" -x "*.pyc" | |
| echo "zip-name=${ZIP_NAME}" >> "$GITHUB_OUTPUT" | |
| - name: Upload package to S3 | |
| id: upload | |
| env: | |
| ZIP_NAME: ${{ steps.package.outputs.zip-name }} | |
| shell: bash | |
| if: ${{ matrix.deployer == 'elasticbeanstalk' }} | |
| run: | | |
| S3_KEY="deployments/${{ matrix.service }}/${ZIP_NAME}" | |
| aws s3 cp "${ZIP_NAME}" "s3://${{ env.S3_BUCKET }}/${S3_KEY}" | |
| echo "s3-key=${S3_KEY}" >> "$GITHUB_OUTPUT" | |
| - name: Create Elastic Beanstalk application version | |
| id: version | |
| env: | |
| VERSION_LABEL: ${{ matrix.service }}-${{ steps.suffix.outputs.value }} | |
| shell: bash | |
| if: ${{ matrix.deployer == 'elasticbeanstalk' }} | |
| run: | | |
| aws elasticbeanstalk create-application-version \ | |
| --application-name "${{ matrix.application }}" \ | |
| --version-label "${VERSION_LABEL}" \ | |
| --source-bundle S3Bucket=${{ env.S3_BUCKET }},S3Key=${{ steps.upload.outputs.s3-key }} \ | |
| --process | |
| echo "version-label=${VERSION_LABEL}" >> "$GITHUB_OUTPUT" | |
| - name: Update Elastic Beanstalk environment | |
| shell: bash | |
| if: ${{ matrix.deployer == 'elasticbeanstalk' }} | |
| run: | | |
| aws elasticbeanstalk update-environment \ | |
| --environment-name "${{ matrix.environment }}" \ | |
| --version-label "${{ steps.version.outputs.version-label }}" | |
| - name: Write terraform.tfvars from secret | |
| if: ${{ matrix.deployer == 'terraform' }} | |
| working-directory: ${{ matrix.path }} | |
| env: | |
| TFVARS_B64: ${{ secrets.MEDIA_RELAY_TFVARS_B64 }} | |
| shell: bash | |
| run: | | |
| if [[ -z "$TFVARS_B64" ]]; then | |
| echo "MEDIA_RELAY_TFVARS_B64 secret is not set" >&2 | |
| exit 1 | |
| fi | |
| echo "$TFVARS_B64" | base64 -d > terraform.tfvars | |
| - name: Terraform init | |
| if: ${{ matrix.deployer == 'terraform' }} | |
| working-directory: ${{ matrix.path }} | |
| shell: bash | |
| env: | |
| TF_IN_AUTOMATION: 1 | |
| run: | | |
| terraform init -input=false | |
| - name: Terraform destroy existing instance | |
| if: ${{ matrix.deployer == 'terraform' }} | |
| working-directory: ${{ matrix.path }} | |
| shell: bash | |
| env: | |
| TF_IN_AUTOMATION: 1 | |
| run: | | |
| terraform destroy -input=false -auto-approve -target=aws_instance.mediamtx || true | |
| terraform destroy -input=false -auto-approve -target=aws_eip_association.mediamtx || true | |
| - name: Terraform apply | |
| if: ${{ matrix.deployer == 'terraform' }} | |
| working-directory: ${{ matrix.path }} | |
| shell: bash | |
| env: | |
| TF_IN_AUTOMATION: 1 | |
| run: | | |
| terraform apply -input=false -auto-approve | |