Add EC2 provider and EC2 smoke workflow #9306
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: pullpreview | |
| on: | |
| schedule: | |
| - cron: "30 */4 * * *" | |
| pull_request: | |
| types: [labeled, unlabeled, synchronize, closed, reopened, opened] | |
| concurrency: ${{ github.ref }} | |
| permissions: | |
| contents: read # to fetch code (actions/checkout) | |
| pull-requests: write # to remove labels / write PR comments | |
| jobs: | |
| deploy_smoke_1: | |
| runs-on: ubuntu-slim | |
| if: github.event_name == 'schedule' || github.event.label.name == 'pullpreview' || contains(github.event.pull_request.labels.*.name, 'pullpreview') | |
| outputs: | |
| live: ${{ steps.pullpreview.outputs.live }} | |
| timeout-minutes: 35 | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Deploy smoke app (v1) | |
| id: pullpreview | |
| uses: "./" | |
| with: | |
| admins: "@collaborators/push" | |
| app_path: ./examples/workflow-smoke | |
| instance_type: micro | |
| max_domain_length: 30 | |
| # Enable HTTPS preview URL through Caddy + Let's Encrypt. | |
| proxy_tls: web:8080 | |
| # required here because the mysql image is private in GHCR | |
| registries: docker://${{ secrets.GHCR_PAT }}@ghcr.io | |
| # how long this instance will stay alive (each further commit will reset the timer) | |
| ttl: 1h | |
| env: | |
| AWS_ACCESS_KEY_ID: "${{ secrets.AWS_ACCESS_KEY_ID }}" | |
| AWS_SECRET_ACCESS_KEY: "${{ secrets.AWS_SECRET_ACCESS_KEY }}" | |
| - name: Assert deploy v1 and DB seed state | |
| if: steps.pullpreview.outputs.live == 'true' | |
| shell: bash | |
| env: | |
| PREVIEW_URL: ${{ steps.pullpreview.outputs.url }} | |
| run: | | |
| set -euo pipefail | |
| if [[ "${PREVIEW_URL}" != https://* ]]; then | |
| echo "::error::Expected https preview URL when proxy_tls is enabled, got ${PREVIEW_URL}" | |
| exit 1 | |
| fi | |
| response="" | |
| for attempt in $(seq 1 60); do | |
| response="$(curl -fsSL --max-time 15 "${PREVIEW_URL}" || true)" | |
| if printf '%s' "${response}" | grep -q 'Hello World Deploy 1' && \ | |
| printf '%s' "${response}" | grep -q 'seed_count=1' && \ | |
| printf '%s' "${response}" | grep -q 'seed_label=persisted'; then | |
| echo "Smoke v1 checks passed for ${PREVIEW_URL}" | |
| exit 0 | |
| fi | |
| echo "Attempt ${attempt}/60: waiting for v1 response from ${PREVIEW_URL}" | |
| sleep 5 | |
| done | |
| echo "::error::Unexpected response from ${PREVIEW_URL}" | |
| printf '%s\n' "${response}" | |
| exit 1 | |
| deploy_smoke_2: | |
| runs-on: ubuntu-slim | |
| needs: deploy_smoke_1 | |
| if: needs.deploy_smoke_1.result == 'success' && needs.deploy_smoke_1.outputs.live == 'true' | |
| timeout-minutes: 35 | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Update app payload to v2 | |
| shell: bash | |
| run: | | |
| set -euo pipefail | |
| printf '%s\n' 'Hello World Deploy 2' > examples/workflow-smoke/web/message.txt | |
| # This file should be synced, but with persistent DB volume it should not run. | |
| cat > examples/workflow-smoke/dumps/999_should_not_run.sql <<'SQL' | |
| INSERT INTO seed_data (label) VALUES ('should-not-run'); | |
| SQL | |
| - name: Redeploy smoke app (v2) | |
| id: pullpreview | |
| uses: "./" | |
| with: | |
| admins: "@collaborators/push" | |
| app_path: ./examples/workflow-smoke | |
| instance_type: micro | |
| max_domain_length: 30 | |
| proxy_tls: web:8080 | |
| registries: docker://${{ secrets.GHCR_PAT }}@ghcr.io | |
| ttl: 1h | |
| env: | |
| AWS_ACCESS_KEY_ID: "${{ secrets.AWS_ACCESS_KEY_ID }}" | |
| AWS_SECRET_ACCESS_KEY: "${{ secrets.AWS_SECRET_ACCESS_KEY }}" | |
| - name: Assert deploy v2 and DB persistence | |
| if: steps.pullpreview.outputs.live == 'true' | |
| shell: bash | |
| env: | |
| PREVIEW_URL: ${{ steps.pullpreview.outputs.url }} | |
| run: | | |
| set -euo pipefail | |
| if [[ "${PREVIEW_URL}" != https://* ]]; then | |
| echo "::error::Expected https preview URL when proxy_tls is enabled, got ${PREVIEW_URL}" | |
| exit 1 | |
| fi | |
| response="" | |
| for attempt in $(seq 1 60); do | |
| response="$(curl -fsSL --max-time 15 "${PREVIEW_URL}" || true)" | |
| if printf '%s' "${response}" | grep -q 'Hello World Deploy 2' && \ | |
| printf '%s' "${response}" | grep -q 'seed_count=1' && \ | |
| printf '%s' "${response}" | grep -q 'seed_label=persisted'; then | |
| echo "Smoke v2 checks passed for ${PREVIEW_URL}" | |
| exit 0 | |
| fi | |
| echo "Attempt ${attempt}/60: waiting for v2 response from ${PREVIEW_URL}" | |
| sleep 5 | |
| done | |
| echo "::error::Unexpected response from ${PREVIEW_URL}" | |
| printf '%s\n' "${response}" | |
| exit 1 | |
| deploy_smoke_hetzner: | |
| runs-on: ubuntu-slim | |
| if: github.event_name == 'schedule' || github.event.label.name == 'pullpreview' || contains(github.event.pull_request.labels.*.name, 'pullpreview') | |
| timeout-minutes: 35 | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Deploy smoke app on Hetzner | |
| id: pullpreview | |
| uses: "./" | |
| with: | |
| admins: "@collaborators/push" | |
| app_path: ./examples/workflow-smoke | |
| provider: hetzner | |
| region: ash | |
| image: ubuntu-24.04 | |
| dns: rev2.click | |
| instance_type: cpx21 | |
| max_domain_length: 30 | |
| # required here because the mysql image is private in GHCR | |
| registries: docker://${{ secrets.GHCR_PAT }}@ghcr.io | |
| proxy_tls: web:8080 | |
| ttl: 1h | |
| env: | |
| HCLOUD_TOKEN: "${{ secrets.HCLOUD_TOKEN }}" | |
| PULLPREVIEW_CA_KEY: "${{ secrets.PULLPREVIEW_CA_KEY || secrets.HETZNER_CA_KEY }}" | |
| deploy_smoke_ec2: | |
| runs-on: ubuntu-slim | |
| if: github.event_name == 'schedule' || github.event.label.name == 'pullpreview' || contains(github.event.pull_request.labels.*.name, 'pullpreview') | |
| timeout-minutes: 35 | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Deploy smoke app on EC2 | |
| id: pullpreview | |
| uses: "./" | |
| with: | |
| admins: "@collaborators/push" | |
| app_path: ./examples/workflow-smoke | |
| provider: ec2 | |
| region: us-east-1 | |
| image: al2023-ami-2023 | |
| instance_type: t3.small | |
| dns: rev3.click | |
| max_domain_length: 30 | |
| # required here because the mysql image is private in GHCR | |
| registries: docker://${{ secrets.GHCR_PAT }}@ghcr.io | |
| proxy_tls: web:8080 | |
| ttl: 1h | |
| env: | |
| AWS_ACCESS_KEY_ID: "${{ secrets.AWS_ACCESS_KEY_ID }}" | |
| AWS_SECRET_ACCESS_KEY: "${{ secrets.AWS_SECRET_ACCESS_KEY }}" | |
| AWS_REGION: "us-east-1" | |
| PULLPREVIEW_CA_KEY: "${{ secrets.PULLPREVIEW_CA_KEY || secrets.HETZNER_CA_KEY }}" | |
| - name: Assert deploy and seed state on EC2 | |
| if: steps.pullpreview.outputs.live == 'true' | |
| shell: bash | |
| env: | |
| PREVIEW_URL: ${{ steps.pullpreview.outputs.url }} | |
| run: | | |
| set -euo pipefail | |
| if [[ "${PREVIEW_URL}" != https://* ]]; then | |
| echo "::error::Expected https preview URL when proxy_tls is enabled, got ${PREVIEW_URL}" | |
| exit 1 | |
| fi | |
| response="" | |
| for attempt in $(seq 1 60); do | |
| response="$(curl -fsSL --max-time 15 "${PREVIEW_URL}" || true)" | |
| if printf '%s' "${response}" | grep -q 'Hello World Deploy 1' && \ | |
| printf '%s' "${response}" | grep -q 'seed_count=1' && \ | |
| printf '%s' "${response}" | grep -q 'seed_label=persisted'; then | |
| echo "EC2 smoke checks passed for ${PREVIEW_URL}" | |
| exit 0 | |
| fi | |
| echo "Attempt ${attempt}/60: waiting for EC2 smoke response from ${PREVIEW_URL}" | |
| sleep 5 | |
| done | |
| echo "::error::Unexpected response from ${PREVIEW_URL}" | |
| printf '%s\n' "${response}" | |
| exit 1 |