cloud-deployment #1169
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy to cloud | |
| on: | |
| repository_dispatch: | |
| types: cloud-deployment | |
| jobs: | |
| # Workflow supports pre-pnpm (3.21 and below) and pnpm. First we need to determine what to use | |
| # TODO Remove these ifs when 3.21 is dropped | |
| determine-build: | |
| runs-on: ubuntu-22.04 | |
| outputs: | |
| use-pnpm: ${{ steps.check-version.outputs.use-pnpm }} | |
| steps: | |
| - name: Check version | |
| id: check-version | |
| run: | | |
| VERSION="${{ github.event.client_payload.ref }}" | |
| MAJOR=$(echo "$VERSION" | cut -d. -f1) | |
| MINOR=$(echo "$VERSION" | cut -d. -f2) | |
| if [ "$MAJOR" -gt 3 ] || ([ "$MAJOR" -eq 3 ] && [ "$MINOR" -ge 22 ]); then | |
| echo "use-pnpm=true" >> $GITHUB_OUTPUT | |
| else | |
| echo "use-pnpm=false" >> $GITHUB_OUTPUT | |
| fi | |
| build: | |
| needs: determine-build | |
| runs-on: ubuntu-22.04 | |
| permissions: | |
| id-token: write # needed by aws-actions/configure-aws-credentials | |
| contents: read | |
| env: | |
| ## backward compatibility for older versions | |
| APPS_MARKETPLACE_API_URI: "https://apps.saleor.io/api/v2/saleor-apps" | |
| ## backward compatibility for older versions | |
| API_URI: /graphql/ | |
| API_URL: /graphql/ | |
| APP_MOUNT_URI: /dashboard/ | |
| STATIC_URL: /dashboard/static/ | |
| SENTRY_ORG: saleor | |
| SENTRY_PROJECT: dashboard | |
| SENTRY_URL_PREFIX: "~/dashboard/static" | |
| ENVIRONMENT: ${{ github.event.client_payload.deployment_name }} | |
| REGION: ${{ github.event.client_payload.region }} | |
| SENTRY_DSN: ${{ secrets.SENTRY_DSN }} | |
| SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} | |
| APPS_MARKETPLACE_API_URL: "https://apps.saleor.io/api/v2/saleor-apps" | |
| EXTENSIONS_API_URL: "https://apps.saleor.io/api/v1/extensions" | |
| IS_CLOUD_INSTANCE: true | |
| POSTHOG_KEY: ${{ secrets.POSTHOG_KEY }} | |
| POSTHOG_HOST: ${{ secrets.POSTHOG_HOST }} | |
| POSTHOG_EXCLUDED_DOMAINS: ${{ vars.POSTHOG_EXCLUDED_DOMAINS }} | |
| ENABLED_SERVICE_NAME_HEADER: true | |
| ONBOARDING_USER_JOINED_DATE_THRESHOLD: ${{ vars.CLOUD_ONBOARDING_USER_JOINED_DATE_THRESHOLD }} | |
| steps: | |
| - name: Check region | |
| if: ${{ !contains(fromJSON('["eu", "us"]'), env.REGION) }} | |
| run: echo 'Unknown region provided' >&2; exit 1 | |
| - uses: actions/checkout@v2 | |
| with: | |
| ref: ${{ github.event.client_payload.ref }} | |
| - uses: pnpm/action-setup@fe02b34f77f8bc703788d5817da081398fad5dd2 # v4.0.0 | |
| if: needs.determine-build.outputs.use-pnpm == 'true' | |
| - name: Setup Node (PNPM) | |
| if: needs.determine-build.outputs.use-pnpm == 'true' | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version-file: ".nvmrc" | |
| cache: "pnpm" | |
| - name: Setup Node (Legacy NPM) | |
| if: needs.determine-build.outputs.use-pnpm == 'false' | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version-file: ".nvmrc" | |
| cache: "npm" | |
| - name: Set sentry release | |
| run: | | |
| HASH=$(git rev-parse --short HEAD) | |
| CURRENT_VERSION=$(jq -r .version package.json) | |
| RELEASE="${CURRENT_VERSION}-${HASH}" | |
| echo "SENTRY_RELEASE=${RELEASE}" >> $GITHUB_ENV | |
| - name: Package | |
| timeout-minutes: 15 | |
| run: | | |
| pnpm install || npm ci | |
| - name: Build | |
| run: | | |
| pnpm run build || npm run build | |
| - name: Configure AWS Credentials | |
| if: env.REGION == 'eu' | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: arn:aws:iam::${{ secrets.AWS_PROD_ACCOUNT_ID }}:role/${{ secrets.AWS_DASHBOARD_EU_CICD_ROLE_NAME }} | |
| aws-region: eu-west-1 | |
| - name: Configure AWS Credentials | |
| if: env.REGION == 'us' | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: arn:aws:iam::${{ secrets.AWS_PROD_ACCOUNT_ID }}:role/${{ secrets.AWS_DASHBOARD_US_CICD_ROLE_NAME }} | |
| aws-region: us-east-1 | |
| - name: Deploy | |
| if: env.REGION == 'eu' | |
| run: | | |
| aws s3 sync build/dashboard "s3://${DEPLOYMENT_BUCKET}/${ENVIRONMENT}/static/" | |
| aws s3 cp build/dashboard/index.html "s3://${DEPLOYMENT_BUCKET}/${ENVIRONMENT}/" | |
| IFS=',' read -ra DISTRIBUTIONS_ARRAY <<< "${CDN_DISTRIBUTIONS}" | |
| for DISTRIBUTION in "${DISTRIBUTIONS_ARRAY[@]}"; do | |
| echo "::add-mask::$DISTRIBUTION" | |
| for i in {1..3}; do aws cloudfront create-invalidation --distribution-id "$DISTRIBUTION" --paths "/dashboard*" && break || sleep 5; done | |
| done | |
| env: | |
| DEPLOYMENT_BUCKET: ${{ secrets.AWS_CLOUD_EU_DEPLOYMENT_BUCKET }} | |
| CDN_DISTRIBUTIONS: ${{ secrets.AWS_CLOUD_EU_CDN_DISTRIBUTIONS }} | |
| - name: Deploy | |
| if: env.REGION == 'us' | |
| run: | | |
| aws s3 sync build/dashboard "s3://${DEPLOYMENT_BUCKET}/${ENVIRONMENT}/static/" | |
| aws s3 cp build/dashboard/index.html "s3://${DEPLOYMENT_BUCKET}/${ENVIRONMENT}/" | |
| IFS=',' read -ra DISTRIBUTIONS_ARRAY <<< "${CDN_DISTRIBUTIONS}" | |
| for DISTRIBUTION in "${DISTRIBUTIONS_ARRAY[@]}"; do | |
| echo "::add-mask::$DISTRIBUTION" | |
| for i in {1..3}; do aws cloudfront create-invalidation --distribution-id "$DISTRIBUTION" --paths "/dashboard*" && break || sleep 5; done | |
| done | |
| env: | |
| DEPLOYMENT_BUCKET: ${{ secrets.AWS_CLOUD_US_DEPLOYMENT_BUCKET }} | |
| CDN_DISTRIBUTIONS: ${{ secrets.AWS_CLOUD_US_CDN_DISTRIBUTIONS }} | |
| - name: Notify Slack | |
| if: ${{ always() }} | |
| env: | |
| JOB_DEPLOYMENT_KIND: production | |
| JOB_STATUS: ${{ job.status }} | |
| SLACK_WEBHOOK_URL: ${{ secrets.SLACK_CLOUD_DEPLOYMENTS_WEBHOOK_URL }} | |
| SLACK_MENTION_GROUP_ID: ${{ secrets.SLACK_DASHBOARD_GROUP_ID }} | |
| JOB_TITLE: "Dashboard deployment to ${{ env.ENVIRONMENT }}" | |
| run: | | |
| python3 ./.github/workflows/notify/notify-slack.py |