Deploy #33
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # The default GitHub runner image comes with a bunch of software preinstalled. | |
| # Typically this doesn't matter, however with Cargo it appears to interfere, | |
| # hence the `rm -rf ~/.cargo/` steps. | |
| name: Deploy | |
| on: | |
| workflow_run: | |
| workflows: Check | |
| branches: master | |
| types: completed | |
| jobs: | |
| deploy: | |
| name: Deploy | |
| if: github.event.workflow_run.conclusion == 'success' | |
| runs-on: ubuntu-latest | |
| env: | |
| AWS_DEFAULT_REGION: us-west-2 | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - uses: cachix/install-nix-action@v22 | |
| - name: Build | |
| # Docker is preinstalled. | |
| run: nix build .#dockerImage && ./result | docker load | |
| - name: Push | |
| run: | | |
| nix develop .#ops -c \ | |
| aws ecr get-login-password | docker login -u AWS --password-stdin "$REPO" | |
| docker tag mercury "$REPO":${{ github.sha }} | |
| docker tag mercury "$REPO":latest | |
| docker push --all-tags "$REPO" | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID_PUSHER }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY_PUSHER }} | |
| REPO: 060568373025.dkr.ecr.us-west-2.amazonaws.com/mercury | |
| - name: Deploy | |
| run: | | |
| # Force a new deployment, implicitly utilising the new image on the | |
| # same `latest` image tag. | |
| nix develop .#ops -c \ | |
| aws ecs update-service --no-cli-pager \ | |
| --cluster shared-cluster-staging \ | |
| --service mercury-service \ | |
| --force-new-deployment | |
| nix develop .#ops -c \ | |
| aws ecs wait services-stable \ | |
| --cluster shared-cluster-staging \ | |
| --services mercury-service | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID_DEPLOYER }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY_DEPLOYER }} | |
| # This (emphasis on `--fail-with-body`) acts as a sort of final E2E test. | |
| - name: Notify (Test) | |
| run: | | |
| curl https://mercury.proxy.unsplash.com/api/v1/slack --fail-with-body -X POST \ | |
| --oauth2-bearer '${{ secrets.MERCURY_SLACK_TOKEN }}' \ | |
| -d channel=playground \ | |
| -d title='🚀 Mercury' \ | |
| -d desc='A new deployment has succeeded.' \ | |
| -d link='${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}' | |
| docs: | |
| name: Publish docs | |
| if: github.event.workflow_run.conclusion == 'success' | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| id-token: write | |
| pages: write | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - run: rm -rf ~/.cargo/ | |
| - uses: cachix/install-nix-action@v22 | |
| - run: | | |
| nix develop -c cargo doc --no-deps | |
| rm ./target/doc/.lock | |
| echo '<meta http-equiv="refresh" content="0; url=mercury">' > ./target/doc/index.html | |
| - uses: actions/upload-pages-artifact@v1 | |
| with: | |
| path: ./target/doc/ | |
| - uses: actions/deploy-pages@v2 |