Allow only the allocator to trigger ssa endpoint #134
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Staging CI/CD | |
| on: | |
| push: | |
| branches: [ "main" ] | |
| env: | |
| CARGO_TERM_COLOR: always | |
| jobs: | |
| end_to_end_tests: | |
| name: Perform end-to-end tests | |
| runs-on: ubuntu-latest | |
| environment: staging | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Run tests | |
| env: | |
| GH_PRIVATE_KEY: ${{ secrets.GH_PRIVATE_KEY }} | |
| DB_URL: ${{secrets.DB_URL}} | |
| run: cargo test -- --nocapture | |
| deploy_to_staging: | |
| name: Deploy to staging | |
| needs: end_to_end_tests | |
| runs-on: ubuntu-latest | |
| environment: staging | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v2 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: us-east-1 | |
| - name: Login to Amazon ECR Public | |
| id: login-ecr-public | |
| uses: aws-actions/amazon-ecr-login@v1 | |
| with: | |
| mask-password: 'true' | |
| registry-type: public | |
| - name: Build and tag Docker image | |
| run: | | |
| echo "Building Docker image..." | |
| docker build -t "public.ecr.aws/b3c4u5n1/filecoin-core-api:${{ github.ref_name }}" . | |
| - name: Push Docker image to ECR | |
| run: | | |
| echo "Pushing Docker image to ECR..." | |
| docker push "public.ecr.aws/b3c4u5n1/filecoin-core-api:${{ github.ref_name }}" | |
| - name: Deploy to Lightsail Container Service | |
| run: | | |
| # Define containers.json with desired settings | |
| echo '{ | |
| "filplus-core": { | |
| "image": "public.ecr.aws/b3c4u5n1/filecoin-core-api:${{ github.ref_name }}", | |
| "ports": { | |
| "8080": "HTTP" | |
| }, | |
| "environment": { | |
| "GH_PRIVATE_KEY": "${{secrets.GH_PRIVATE_KEY}}", | |
| "DB_URL": "${{secrets.DB_URL}}", | |
| "GITHUB_APP_ID": "${{vars.GH_APP_ID}}", | |
| "GITHUB_INSTALLATION_ID": "${{vars.GH_INSTALLATION_ID}}", | |
| "FILPLUS_ENV": "staging", | |
| "RUST_LOG": "debug", | |
| "BOT_USER": "${{vars.BOT_USER}}", | |
| "BACKEND_URL": "${{vars.BACKEND_URL}}", | |
| "DB_URL": "${{secrets.DB_URL}}", | |
| "GLIF_NODE_URL": "${{vars.GLIF_NODE_URL}}", | |
| "ALLOCATOR_GOVERNANCE_OWNER": "${{vars.ALLOCATOR_GOVERNANCE_OWNER}}", | |
| "ALLOCATOR_GOVERNANCE_REPO": "${{vars.ALLOCATOR_GOVERNANCE_REPO}}", | |
| "ALLOCATOR_TEMPLATE_OWNER": "${{vars.ALLOCATOR_TEMPLATE_OWNER}}", | |
| "ALLOCATOR_TEMPLATE_REPO": "${{vars.ALLOCATOR_TEMPLATE_REPO}}" | |
| } | |
| } | |
| }' > containers.json | |
| # Define public-endpoint.json | |
| echo '{ | |
| "containerName": "filplus-core", | |
| "containerPort": 8080, | |
| "healthCheck": { | |
| "healthyThreshold": 3, | |
| "unhealthyThreshold": 3, | |
| "timeoutSeconds": 5, | |
| "intervalSeconds": 60, | |
| "path": "/health", | |
| "successCodes": "200" | |
| } | |
| }' > public-endpoint.json | |
| # Deploy to Lightsail Container Service | |
| aws lightsail create-container-service-deployment \ | |
| --service-name fp-core \ | |
| --region us-east-1 \ | |
| --containers file://containers.json \ | |
| --public-endpoint file://public-endpoint.json |