@@ -247,11 +247,104 @@ jobs:
247247 done
248248shell : bash
249249
250- deploy-fe :
251- runs-on : ubuntu-latest
250+ build-fe :
252251 needs : [wait-aws-update]
252+ runs-on : [self-hosted]
253+ permissions :
254+ packages : write
255+ contents : read
256+
253257 steps :
254- - name : Trigger hook
255- if : github.ref == 'refs/heads/main'
258+ - uses : actions/checkout@v4
259+ with :
260+ ref : ${{ github.ref }}
261+ fetch-depth : 0
262+ - name : Configure AWS credentials
263+ uses : aws-actions/configure-aws-credentials@v4
264+ with :
265+ aws-access-key-id : ${{ secrets.aws_access_key_id }}
266+ aws-secret-access-key : ${{ secrets.aws_secret_access_key }}
267+ aws-region : eu-central-1
268+ - name : Get service githash
269+ id : git
270+ run : |
271+ hash=$(git rev-list -1 HEAD -- frontend)
272+ echo "githash=$hash" >> $GITHUB_OUTPUT
273+ name : Check if commit is already on ECR
274+ id : image
256275 run : |
257- curl -X POST ${{ secrets.VERCEL_DEPLOY_HOOK }}
276+ set +e
277+ aws ecr describe-images --repository-name=pythonit/frontend --image-ids=imageTag=${{ steps.git.outputs.githash }}
278+ if [[ $? == 0 ]]; then
279+ echo "image_exists=1" >> $GITHUB_OUTPUT
280+ else
281+ echo "image_exists=0" >> $GITHUB_OUTPUT
282+ fi
283+ name : Set up QEMU dependency
284+ if : ${{ steps.image.outputs.image_exists == 0 }}
285+ uses : docker/setup-qemu-action@v3
286+ - name : Login to GitHub Packages
287+ if : ${{ steps.image.outputs.image_exists == 0 }}
288+ uses : docker/login-action@v3
289+ with :
290+ registry : ghcr.io
291+ username : ${{ github.actor }}
292+ password : ${{ secrets.GITHUB_TOKEN }}
293+ - name : Login to Amazon ECR
294+ if : ${{ steps.image.outputs.image_exists == 0 }}
295+ uses : aws-actions/amazon-ecr-login@v2
296+ - name : Set up Docker Buildx
297+ id : buildx
298+ if : ${{ steps.image.outputs.image_exists == 0 }}
299+ uses : docker/setup-buildx-action@v3
300+ - name : Build and push
301+ if : ${{ steps.image.outputs.image_exists == 0 }}
302+ uses : docker/build-push-action@v6
303+ with :
304+ context : ./frontend
305+ file : ./frontend/Dockerfile
306+ builder : ${{ steps.buildx.outputs.name }}
307+ provenance : false
308+ push : true
309+ tags : ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.eu-central-1.amazonaws.com/pythonit/frontend:${{ steps.git.outputs.githash }}
310+ cache-from : type=local,src=/tmp/.buildx-cache
311+ cache-to : type=local,dest=/tmp/.buildx-cache
312+ platforms : linux/arm64
313+ build-args :
314+ API_URL_SERVER=https://${{ fromJSON('["pastaporto-", ""]')[github.ref == 'refs/heads/main'] }}admin.pycon.it
315+ CMS_HOSTNAME=${{ vars.CMS_HOSTNAME }}
316+ CONFERENCE_CODE=${{ vars.CONFERENCE_CODE }}
317+
318+ deploy-fe :
319+ runs-on : ubuntu-latest
320+ needs : [build-fe]
321+ environment :
322+ name : ${{ fromJSON('["pastaporto", "production"]')[github.ref == 'refs/heads/main'] }}
323+ defaults :
324+ run :
325+ working-directory : ./infrastructure/applications
326+ steps :
327+ - uses : actions/checkout@v4
328+ with :
329+ ref : ${{ github.ref }}
330+ fetch-depth : 0
331+ - uses : hashicorp/setup-terraform@v3
332+ with :
333+ terraform_version : 1.2.4
334+ - name : Terraform Init
335+ run : terraform init
336+ env :
337+ GITHUB_TOKEN : ${{ secrets.GITHUB_TOKEN }}
338+ AWS_ACCESS_KEY_ID : ${{ secrets.AWS_ACCESS_KEY_ID }}
339+ AWS_SECRET_ACCESS_KEY : ${{ secrets.AWS_SECRET_ACCESS_KEY }}
340+ - name : Terraform Validate
341+ id : validate
342+ run : terraform validate -no-color
343+
344+ - name : Terraform apply
345+ run : terraform apply -no-color -auto-approve &> /dev/null
346+ env :
347+ GITHUB_TOKEN : ${{ secrets.GITHUB_TOKEN }}
348+ AWS_ACCESS_KEY_ID : ${{ secrets.AWS_ACCESS_KEY_ID }}
349+ AWS_SECRET_ACCESS_KEY : ${{ secrets.AWS_SECRET_ACCESS_KEY }}
350+ AWS_DEFAULT_REGION : eu-central-1
0 commit comments