Deploy HydroServer to AWS Cloud Deployment #14
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy HydroServer to AWS Cloud Deployment | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| environment: | |
| description: 'Enter a deployment environment name.' | |
| required: true | |
| version: | |
| description: 'Choose a release tag to deploy, or leave blank to use the latest version.' | |
| required: false | |
| jobs: | |
| deploy-backend: | |
| name: Deploy Backend | |
| runs-on: ubuntu-latest | |
| environment: ${{ github.event.inputs.environment }} | |
| steps: | |
| - name: Checkout backend repo | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: hydroserver2/hydroserver-webapp-back | |
| ref: refs/tags/${{ github.event.inputs.version || '$(curl -sL https://api.github.com/repos/hydroserver2/hydroserver-webapp-back/releases/latest | jq -r ".tag_name")' }} | |
| path: backend | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v1 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: 'us-east-1' | |
| - name: Create backend deployment package | |
| working-directory: ./backend | |
| run: zip -r deploy_package.zip ./ | |
| - name: Upload deployment package to S3 | |
| working-directory: ./backend | |
| run: aws s3 cp deploy_package.zip s3://hydroserver-${{ github.event.inputs.environment }}-backend/deploy_package_${{ github.event.inputs.version }}.zip | |
| - name: Configure Environment Variables | |
| working-directory: ./backend | |
| run: | | |
| cat << EOF > environment.json | |
| [ | |
| { | |
| "Namespace": "aws:elasticbeanstalk:application:environment", | |
| "OptionName": "ADMIN_EMAIL", | |
| "Value": "${{ vars.ADMIN_EMAIL }}" | |
| }, | |
| { | |
| "Namespace": "aws:elasticbeanstalk:application:environment", | |
| "OptionName": "ALLOWED_HOSTS", | |
| "Value": "${{ vars.ALLOWED_HOSTS }}" | |
| }, | |
| { | |
| "Namespace": "aws:elasticbeanstalk:application:environment", | |
| "OptionName": "AWS_ACCESS_KEY_ID", | |
| "Value": "${{ secrets.AWS_ACCESS_KEY_ID }}" | |
| }, | |
| { | |
| "Namespace": "aws:elasticbeanstalk:application:environment", | |
| "OptionName": "AWS_SECRET_ACCESS_KEY", | |
| "Value": "${{ secrets.AWS_SECRET_ACCESS_KEY }}" | |
| }, | |
| { | |
| "Namespace": "aws:elasticbeanstalk:application:environment", | |
| "OptionName": "AWS_STORAGE_BUCKET_NAME", | |
| "Value": "hydroserver-${{ github.event.inputs.environment }}-storage" | |
| }, | |
| { | |
| "Namespace": "aws:elasticbeanstalk:application:environment", | |
| "OptionName": "DATABASE_URL", | |
| "Value": "${{ secrets.DATABASE_URL }}" | |
| }, | |
| { | |
| "Namespace": "aws:elasticbeanstalk:application:environment", | |
| "OptionName": "DEBUG", | |
| "Value": "${{ vars.DEBUG }}" | |
| }, | |
| { | |
| "Namespace": "aws:elasticbeanstalk:application:environment", | |
| "OptionName": "DEPLOYED", | |
| "Value": "True" | |
| }, | |
| { | |
| "Namespace": "aws:elasticbeanstalk:application:environment", | |
| "OptionName": "OAUTH_GOOGLE_CLIENT", | |
| "Value": "${{ secrets.OAUTH_GOOGLE_CLIENT }}" | |
| }, | |
| { | |
| "Namespace": "aws:elasticbeanstalk:application:environment", | |
| "OptionName": "OAUTH_GOOGLE_SECRET", | |
| "Value": "${{ secrets.OAUTH_GOOGLE_SECRET }}" | |
| }, | |
| { | |
| "Namespace": "aws:elasticbeanstalk:application:environment", | |
| "OptionName": "OAUTH_HYDROSHARE_CLIENT", | |
| "Value": "${{ secrets.OAUTH_HYDROSHARE_CLIENT }}" | |
| }, | |
| { | |
| "Namespace": "aws:elasticbeanstalk:application:environment", | |
| "OptionName": "OAUTH_HYDROSHARE_SECRET", | |
| "Value": "${{ secrets.OAUTH_HYDROSHARE_SECRET }}" | |
| }, | |
| { | |
| "Namespace": "aws:elasticbeanstalk:application:environment", | |
| "OptionName": "OAUTH_ORCID_CLIENT", | |
| "Value": "${{ secrets.OAUTH_ORCID_CLIENT }}" | |
| }, | |
| { | |
| "Namespace": "aws:elasticbeanstalk:application:environment", | |
| "OptionName": "OAUTH_ORCID_SECRET", | |
| "Value": "${{ secrets.OAUTH_ORCID_SECRET }}" | |
| }, | |
| { | |
| "Namespace": "aws:elasticbeanstalk:application:environment", | |
| "OptionName": "PROXY_BASE_URL", | |
| "Value": "${{ vars.PROXY_BASE_URL }}" | |
| }, | |
| { | |
| "Namespace": "aws:elasticbeanstalk:application:environment", | |
| "OptionName": "SECRET_KEY", | |
| "Value": "${{ secrets.DJANGO_SECRET_KEY }}" | |
| } | |
| ] | |
| EOF | |
| - name: Create ElasticBeanstalk Application Version | |
| working-directory: ./backend | |
| run: | | |
| aws elasticbeanstalk create-application-version \ | |
| --application-name hydroserver-${{ github.event.inputs.environment }} \ | |
| --source-bundle S3Bucket="hydroserver-${{ github.event.inputs.environment }}-backend",S3Key="deploy_package_${{ github.event.inputs.version }}.zip" \ | |
| --version-label "${{ github.event.inputs.version }}" \ | |
| --description "HydroServer Version ${{ github.event.inputs.version }}" | |
| - name: Update ElasticBeanstalk Environment | |
| working-directory: ./backend | |
| run: | | |
| aws elasticbeanstalk update-environment \ | |
| --environment-name hydroserver-${{ github.event.inputs.environment }}-env \ | |
| --version-label "${{ github.event.inputs.version }}" \ | |
| --option-settings file://environment.json | |
| deploy-frontend: | |
| name: Build and Deploy Frontend | |
| runs-on: ubuntu-latest | |
| environment: ${{ github.event.inputs.environment }} | |
| steps: | |
| - name: Checkout frontend repo | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: hydroserver2/hydroserver-webapp-front | |
| ref: refs/tags/${{ github.event.inputs.version || '$(curl -sL https://api.github.com/repos/hydroserver2/hydroserver-webapp-front/releases/latest | jq -r ".tag_name")' }} | |
| path: frontend | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v1 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: 'us-east-1' | |
| - name: Setup Node 18.x | |
| uses: actions/setup-node@v3 | |
| with: | |
| node-version: 18.x | |
| cache: npm | |
| cache-dependency-path: frontend/package-lock.json | |
| - name: Install dependencies | |
| working-directory: ./frontend | |
| run: npm ci | |
| - name: Configure Environment Variables | |
| working-directory: ./frontend | |
| run: | | |
| cat << EOF > .env | |
| VITE_APP_VERSION=${{ github.event.inputs.version || '$(curl -sL https://api.github.com/repos/hydroserver2/hydroserver-webapp-front/releases/latest | jq -r ".tag_name")' }} | |
| VITE_APP_GOOGLE_MAPS_API_KEY=${{ secrets.GOOGLE_MAPS_API_KEY }} | |
| VITE_APP_GOOGLE_MAPS_API_ID=${{ secrets.GOOGLE_MAPS_MAP_ID }} | |
| VITE_APP_PROXY_BASE_URL=${{ secrets.PROXY_BASE_URL }} | |
| EOF | |
| - name: Build frontend | |
| working-directory: ./frontend | |
| run: npm run build | |
| - name: Deploy to S3 | |
| working-directory: ./frontend | |
| run: | | |
| aws s3 sync ./dist s3://hydroserver-${{ github.event.inputs.environment }}-web/ --delete | |
| - name: Invalidate CloudFront distribution cache | |
| run: | | |
| aws cloudfront create-invalidation --distribution-id ${{ secrets.CLOUDFRONT_ID }} --paths "/*" |