Hide KB card #4
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and Deploy atoms-mainbackend | |
| on: | |
| push: | |
| branches: ["main"] | |
| workflow_dispatch: | |
| inputs: | |
| environment: | |
| description: "Environment to deploy" | |
| required: true | |
| type: choice | |
| options: | |
| - dev | |
| - prod | |
| default: "dev" | |
| permissions: | |
| id-token: write | |
| contents: read | |
| jobs: | |
| build-and-push: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| image_tag: ${{ steps.set-vars.outputs.image_tag }} | |
| environment: ${{ steps.set-vars.outputs.environment }} | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set environment and image tag | |
| id: set-vars | |
| run: | | |
| # Determine environment | |
| if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then | |
| ENV="${{ github.event.inputs.environment }}" | |
| else | |
| # Auto-deploy to dev on push to main | |
| ENV="dev" | |
| fi | |
| TAG_SHA="${GITHUB_SHA}" | |
| echo "environment=${ENV}" >> $GITHUB_OUTPUT | |
| echo "image_tag=${TAG_SHA}" >> $GITHUB_OUTPUT | |
| echo "Environment: ${ENV}" | |
| echo "Image Tag: ${TAG_SHA}" | |
| - name: Build image | |
| run: | | |
| docker build -t atoms-mainbackend:latest . | |
| # ============================================ | |
| # PUSH TO ap-south-1 | |
| # ============================================ | |
| - name: Configure AWS credentials (ap-south-1) | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: arn:aws:iam::301490598848:role/smallest-dev-iam-github-eks-role | |
| aws-region: ap-south-1 | |
| - name: Login to ECR (ap-south-1) | |
| uses: aws-actions/amazon-ecr-login@v2 | |
| with: | |
| registries: 301490598848 | |
| - name: Push image to ap-south-1 | |
| env: | |
| ENV: ${{ steps.set-vars.outputs.environment }} | |
| TAG_SHA: ${{ steps.set-vars.outputs.image_tag }} | |
| run: | | |
| REGION="ap-south-1" | |
| IMAGE_URI=301490598848.dkr.ecr.${REGION}.amazonaws.com/${ENV}/atoms-mainbackend | |
| docker tag atoms-mainbackend:latest $IMAGE_URI:$TAG_SHA | |
| docker push $IMAGE_URI:$TAG_SHA | |
| echo "Pushed: $IMAGE_URI:$TAG_SHA" | |
| # ============================================ | |
| # PUSH TO us-west-2 | |
| # ============================================ | |
| - name: Configure AWS credentials (us-west-2) | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: arn:aws:iam::301490598848:role/smallest-dev-iam-github-eks-role | |
| aws-region: us-west-2 | |
| - name: Login to ECR (us-west-2) | |
| uses: aws-actions/amazon-ecr-login@v2 | |
| with: | |
| registries: 301490598848 | |
| - name: Push image to us-west-2 | |
| env: | |
| ENV: ${{ steps.set-vars.outputs.environment }} | |
| TAG_SHA: ${{ steps.set-vars.outputs.image_tag }} | |
| run: | | |
| REGION="us-west-2" | |
| IMAGE_URI=301490598848.dkr.ecr.${REGION}.amazonaws.com/${ENV}/atoms-mainbackend | |
| docker tag atoms-mainbackend:latest $IMAGE_URI:$TAG_SHA | |
| docker push $IMAGE_URI:$TAG_SHA | |
| echo "Pushed: $IMAGE_URI:$TAG_SHA" | |
| # ============================================ | |
| # DEV DEPLOYMENT - Auto-triggered | |
| # ============================================ | |
| deploy-dev: | |
| needs: build-and-push | |
| if: needs.build-and-push.outputs.environment == 'dev' | |
| runs-on: ubuntu-latest | |
| environment: dev | |
| steps: | |
| - name: Generate GitHub App Token | |
| id: app-token | |
| uses: actions/create-github-app-token@v1 | |
| with: | |
| app-id: ${{ secrets.GH_APP_ID }} | |
| private-key: ${{ secrets.GH_APP_PRIVATE_KEY }} | |
| owner: smallest-inc | |
| repositories: smallest-infra | |
| - name: Install yq | |
| uses: mikefarah/yq@master | |
| - name: Checkout smallest-infra repo | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: smallest-inc/smallest-infra | |
| token: ${{ steps.app-token.outputs.token }} | |
| path: smallest-infra | |
| - name: Update image tag in dev helm values | |
| env: | |
| TAG_SHA: ${{ needs.build-and-push.outputs.image_tag }} | |
| run: | | |
| echo "Updating dev image tag to: ${TAG_SHA}" | |
| # Update ap-south-1 | |
| yq -i ".image.tag = \"${TAG_SHA}\"" smallest-infra/helm-charts/atoms-mainbackend/env/dev/ap-south-1.yaml | |
| echo "Updated ap-south-1.yaml" | |
| # Update us-west-2 | |
| yq -i ".image.tag = \"${TAG_SHA}\"" smallest-infra/helm-charts/atoms-mainbackend/env/dev/us-west-2.yaml | |
| echo "Updated us-west-2.yaml" | |
| - name: Commit and push helm values update | |
| env: | |
| TAG_SHA: ${{ needs.build-and-push.outputs.image_tag }} | |
| run: | | |
| cd smallest-infra | |
| git config user.name "github-actions[bot]" | |
| git config user.email "github-actions[bot]@users.noreply.github.com" | |
| git add helm-charts/atoms-mainbackend/env/dev/ | |
| if git diff --staged --quiet; then | |
| echo "No changes to commit" | |
| else | |
| SHORT_SHA="${TAG_SHA:0:7}" | |
| git commit -m "chore(atoms-mainbackend): update dev image tag to ${SHORT_SHA} | |
| Triggered by: ${{ github.repository }}@${TAG_SHA} | |
| Workflow: ${{ github.workflow }} | |
| Actor: ${{ github.actor }}" | |
| git push | |
| echo "Pushed helm values update - ArgoCD will auto-sync" | |
| fi | |
| # ============================================ | |
| # PROD DEPLOYMENT - Manual trigger only | |
| # ============================================ | |
| deploy-prod: | |
| needs: build-and-push | |
| if: needs.build-and-push.outputs.environment == 'prod' | |
| runs-on: ubuntu-latest | |
| environment: prod # Requires manual approval if configured | |
| steps: | |
| - name: Generate GitHub App Token | |
| id: app-token | |
| uses: actions/create-github-app-token@v1 | |
| with: | |
| app-id: ${{ secrets.GH_APP_ID }} | |
| private-key: ${{ secrets.GH_APP_PRIVATE_KEY }} | |
| owner: smallest-inc | |
| repositories: smallest-infra | |
| - name: Install yq | |
| uses: mikefarah/yq@master | |
| - name: Checkout smallest-infra repo | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: smallest-inc/smallest-infra | |
| token: ${{ steps.app-token.outputs.token }} | |
| path: smallest-infra | |
| - name: Update image tag in prod helm values | |
| env: | |
| TAG_SHA: ${{ needs.build-and-push.outputs.image_tag }} | |
| run: | | |
| echo "Updating prod image tag to: ${TAG_SHA}" | |
| # Update ap-south-1 | |
| yq -i ".image.tag = \"${TAG_SHA}\"" smallest-infra/helm-charts/atoms-mainbackend/env/prod/ap-south-1.yaml | |
| echo "Updated ap-south-1.yaml" | |
| # Update us-west-2 | |
| yq -i ".image.tag = \"${TAG_SHA}\"" smallest-infra/helm-charts/atoms-mainbackend/env/prod/us-west-2.yaml | |
| echo "Updated us-west-2.yaml" | |
| - name: Commit and push helm values update | |
| env: | |
| TAG_SHA: ${{ needs.build-and-push.outputs.image_tag }} | |
| run: | | |
| cd smallest-infra | |
| git config user.name "github-actions[bot]" | |
| git config user.email "github-actions[bot]@users.noreply.github.com" | |
| git add helm-charts/atoms-mainbackend/env/prod/ | |
| if git diff --staged --quiet; then | |
| echo "No changes to commit" | |
| else | |
| SHORT_SHA="${TAG_SHA:0:7}" | |
| git commit -m "chore(atoms-mainbackend): update prod image tag to ${SHORT_SHA} | |
| Triggered by: ${{ github.repository }}@${TAG_SHA} | |
| Workflow: ${{ github.workflow }} | |
| Actor: ${{ github.actor }}" | |
| git push | |
| echo "Pushed helm values update - ArgoCD will auto-sync" | |
| fi |