From d41f506f64f4f868ec3d0ed2b96f6bbba9cc9567 Mon Sep 17 00:00:00 2001 From: John Brunton <1276413+jbrunton@users.noreply.github.com> Date: Sun, 15 Sep 2024 16:29:21 +0100 Subject: [PATCH] feat: pulumi preview (#217) --- .github/workflows/build.yml | 114 +++++++++++---------------- .github/workflows/deploy-dev.yml | 50 +++--------- .github/workflows/pulumi-deploy.yml | 59 ++++++++++++++ .github/workflows/pulumi-preview.yml | 52 ++++++++++++ pulumi/index.ts | 1 + 5 files changed, 165 insertions(+), 111 deletions(-) create mode 100644 .github/workflows/pulumi-deploy.yml create mode 100644 .github/workflows/pulumi-preview.yml diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 10da7676..4b37eab8 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -143,7 +143,6 @@ jobs: build-api: needs: [test-e2e] - if: github.ref == 'refs/heads/main' uses: jbrunton/workflows/.github/workflows/build-image.yml@v1 with: repo-name: jbrunton/chat-demo-api @@ -157,81 +156,56 @@ jobs: docker-username: jbrunton cache-image: jbrunton/chat-demo-api-cache-image:latest run-image: jbrunton/run-google-22 + skip-build: ${{ github.ref != 'refs/heads/main' }} secrets: docker-access-token: ${{ secrets.DOCKER_ACCESS_TOKEN }} - deploy-staging: - environment: - name: Staging - url: https://chat-demo.staging.jbrunton-aws.com + preview-staging: + if: github.ref != 'refs/heads/main' concurrency: staging needs: [build-api] + uses: ./.github/workflows/pulumi-preview.yml + with: + api-tag: ${{ needs.build-api.outputs.tag }} + stack-name: staging + api-url: https://chat-demo-api.staging.jbrunton-aws.com + client-url: https://chat-demo.staging.jbrunton-aws.com + secrets: inherit + + deploy-staging: if: github.ref == 'refs/heads/main' - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - uses: actions/setup-node@v4 - with: - node-version-file: "package.json" - - uses: pnpm/action-setup@v4 - - name: Build Client - env: - VITE_API_URL: https://chat-demo-api.staging.jbrunton-aws.com - run: | - pnpm --filter client install - pnpm --filter client run build - - run: pnpm install --ignore-workspace - working-directory: pulumi - - uses: pulumi/actions@v3 - with: - command: up - stack-name: staging - upsert: true - work-dir: pulumi - comment-on-pr: true - github-token: ${{ secrets.CI_MINION_PAT }} - env: - PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - AWS_REGION: us-east-1 - API_TAG: ${{ needs.build-api.outputs.tag }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + concurrency: staging + needs: [build-api] + uses: ./.github/workflows/pulumi-deploy.yml + with: + api-tag: ${{ needs.build-api.outputs.tag }} + environment: Staging + stack-name: staging + api-url: https://chat-demo-api.staging.jbrunton-aws.com + client-url: https://chat-demo.staging.jbrunton-aws.com + secrets: inherit + + preview-production: + if: github.ref != 'refs/heads/main' + concurrency: staging + needs: [build-api, preview-staging] + uses: ./.github/workflows/pulumi-preview.yml + with: + api-tag: ${{ needs.build-api.outputs.tag }} + stack-name: production + api-url: https://chat-demo-api.jbrunton-aws.com + client-url: https://chat-demo.jbrunton-aws.com + secrets: inherit deploy-production: - environment: - name: Production - url: https://chat-demo.jbrunton-aws.com - concurrency: production - needs: [build-api, deploy-staging] if: github.ref == 'refs/heads/main' - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - uses: actions/setup-node@v4 - with: - node-version-file: "package.json" - - uses: pnpm/action-setup@v4 - - name: build - env: - VITE_API_URL: https://chat-demo-api.jbrunton-aws.com - run: | - pnpm --filter client install - pnpm --filter client run build - - run: pnpm install --ignore-workspace - working-directory: pulumi - - uses: pulumi/actions@v3 - with: - command: up - stack-name: production - upsert: true - work-dir: pulumi - comment-on-pr: true - github-token: ${{ secrets.CI_MINION_PAT }} - env: - PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - AWS_REGION: us-east-1 - API_TAG: ${{ needs.build-api.outputs.tag }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + concurrency: staging + needs: [build-api, deploy-staging] + uses: ./.github/workflows/pulumi-deploy.yml + with: + api-tag: ${{ needs.build-api.outputs.tag }} + environment: Production + stack-name: production + api-url: https://chat-demo-api.jbrunton-aws.com + client-url: https://chat-demo.jbrunton-aws.com + secrets: inherit diff --git a/.github/workflows/deploy-dev.yml b/.github/workflows/deploy-dev.yml index cc893e07..ec1401de 100644 --- a/.github/workflows/deploy-dev.yml +++ b/.github/workflows/deploy-dev.yml @@ -23,45 +23,13 @@ jobs: secrets: docker-access-token: ${{ secrets.DOCKER_ACCESS_TOKEN }} - deploy-app: - environment: - name: Development - url: https://chat-demo-${{ github.head_ref || github.ref_name }}.dev.jbrunton-aws.com + deploy-dev: needs: [build-api] - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - uses: pnpm/action-setup@v4 - - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws-region: us-east-1 - - - name: Build Client - env: - VITE_API_URL: https://chat-demo-api-${{ github.head_ref || github.ref_name }}.dev.jbrunton-aws.com - run: | - pnpm --filter client install - pnpm --filter client run build - - - run: pnpm install --ignore-workspace - working-directory: pulumi - - - uses: pulumi/actions@v3 - with: - command: up - stack-name: ${{ github.head_ref || github.ref_name }} - upsert: true - work-dir: pulumi - comment-on-pr: true - github-token: ${{ secrets.CI_MINION_PAT }} - env: - PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - AWS_REGION: us-east-1 - API_TAG: ${{ needs.build-api.outputs.tag }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + uses: ./.github/workflows/pulumi-deploy.yml + with: + api-tag: ${{ needs.build-api.outputs.tag }} + environment: Development + stack-name: ${{ github.head_ref || github.ref_name }} + api-url: https://chat-demo-api-${{ github.head_ref || github.ref_name }}.dev.jbrunton-aws.com + client-url: https://chat-demo-${{ github.head_ref || github.ref_name }}.dev.jbrunton-aws.com + secrets: inherit diff --git a/.github/workflows/pulumi-deploy.yml b/.github/workflows/pulumi-deploy.yml new file mode 100644 index 00000000..d53082e2 --- /dev/null +++ b/.github/workflows/pulumi-deploy.yml @@ -0,0 +1,59 @@ +name: Pulumi Deploy +on: + workflow_call: + inputs: + api-tag: + description: The API tag to deploy + type: string + required: false + environment: + description: The environment to deploy to + type: string + required: true + stack-name: + description: The Pulumi stack + type: string + required: true + api-url: + description: The API URL + type: string + required: true + client-url: + description: The web client URL + type: string + required: true + +jobs: + deploy: + runs-on: ubuntu-latest + environment: + name: ${{ inputs.environment }} + url: ${{ inputs.client-url }} + steps: + - uses: actions/checkout@v4 + - uses: actions/setup-node@v4 + with: + node-version-file: "package.json" + - uses: pnpm/action-setup@v4 + - name: Build Client + env: + VITE_API_URL: ${{ inputs.api-url }} + run: | + pnpm --filter client install + pnpm --filter client run build + - run: pnpm install --ignore-workspace + working-directory: pulumi + - uses: pulumi/actions@v3 + name: Deploy + with: + command: up + stack-name: ${{ inputs.stack-name }} + upsert: true + work-dir: pulumi + env: + PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + AWS_REGION: us-east-1 + API_TAG: ${{ inputs.api-tag }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/pulumi-preview.yml b/.github/workflows/pulumi-preview.yml new file mode 100644 index 00000000..7eacbca0 --- /dev/null +++ b/.github/workflows/pulumi-preview.yml @@ -0,0 +1,52 @@ +name: Pulumi Preview +on: + workflow_call: + inputs: + api-tag: + description: The API tag to deploy + type: string + required: false + stack-name: + description: The Pulumi stack + type: string + required: true + api-url: + description: The API URL + type: string + required: true + client-url: + description: The web client URL + type: string + required: true + +jobs: + preview: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: actions/setup-node@v4 + with: + node-version-file: "package.json" + - uses: pnpm/action-setup@v4 + - name: Build Client + env: + VITE_API_URL: ${{ inputs.api-url }} + run: | + pnpm --filter client install + pnpm --filter client run build + - run: pnpm install --ignore-workspace + working-directory: pulumi + - uses: pulumi/actions@v3 + name: Preview + with: + command: preview + stack-name: ${{ inputs.stack-name }} + upsert: true + work-dir: pulumi + env: + PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + AWS_REGION: us-east-1 + API_TAG: ${{ inputs.api-tag }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/pulumi/index.ts b/pulumi/index.ts index 0ee94b53..0865a4bc 100644 --- a/pulumi/index.ts +++ b/pulumi/index.ts @@ -31,6 +31,7 @@ const result = applyStackConfig(stackConfig); export const webUrl = stackConfig.client.publicUrl; export const apiUrl = stackConfig.services[0].publicUrl; +export const apiTag = stackConfig.services[0].tag; export const apiTaskDefinitionArn = result.outputs["apiTaskDefinitionArn"]; export const apiService = result.outputs["apiService"]; export const cluster = result.outputs["cluster"];