-
Notifications
You must be signed in to change notification settings - Fork 1
248 lines (214 loc) · 10.2 KB
/
deploy.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
name: Deploy
on:
push:
branches:
- main
paths-ignore:
- '.github/workflows/**'
- '!.github/workflows/deploy.yml'
- '*.md'
- 'docs/**'
- 'renovate.json'
repository_dispatch:
jobs:
deploy:
runs-on: ubuntu-latest
timeout-minutes: 10
env:
NO_D1_WARNING: true
CLOUDFLARE_API_TOKEN: ${{ secrets.CF_API_TOKEN }}
CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CF_ACCOUNT_ID }}
steps:
- name: Ensure CF_DEPLOY_DOMAIN and CF_ZONE_ID are defined
run: |
if [ -z "$CF_ZONE_ID" ]
then
echo "CF_ZONE_ID not defined"
exit 1
fi
if [ -z "$CF_DEPLOY_DOMAIN" ]
then
echo "CF_DEPLOY_DOMAIN not defined"
exit 1
fi
env:
CF_ZONE_ID: ${{ vars.CF_ZONE_ID }}
CF_DEPLOY_DOMAIN: ${{ vars.CF_DEPLOY_DOMAIN }}
# this is needed to get the lowercase version of the repository_owner name
# and being able to override the suffix when mutliple instances are hosted
# by the same GitHub account.
- name: Set name suffix
run: |
if [ -z "$OVERRIDE_NAME_SUFFIX" ]
then
echo $GH_OWNER | awk '{ print "NAME_SUFFIX=" tolower($0) }' >> ${GITHUB_ENV}
else
echo $OVERRIDE_NAME_SUFFIX | awk '{ print "NAME_SUFFIX=" tolower($0) }' >> ${GITHUB_ENV}
fi
env:
GH_OWNER: ${{ github.repository_owner }}
OVERRIDE_NAME_SUFFIX: ${{ vars.OVERRIDE_NAME_SUFFIX }}
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
- uses: hashicorp/setup-terraform@a1502cd9e758c50496cc9ac5308c4843bcd56d36 # v3
- uses: pnpm/action-setup@v2
with:
version: 8
- uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v4
with:
node-version-file: .node-version
cache: pnpm
- name: Install packages
run: pnpm install
- name: Configure Cloudflare Images variants
run: |
curl -XPOST https://api.cloudflare.com/client/v4/accounts/${{ secrets.CF_ACCOUNT_ID }}/images/v1/variants \
-d '{
"id": "avatar",
"options": {
"metadata": "copyright",
"width": 400,
"height": 400
}
}' \
-H 'Authorization: Bearer ${{ secrets.CF_API_TOKEN }}'
curl -XPOST https://api.cloudflare.com/client/v4/accounts/${{ secrets.CF_ACCOUNT_ID }}/images/v1/variants \
-d '{
"id": "header",
"options": {
"metadata": "copyright",
"width": 1500,
"height": 500
}
}' \
-H 'Authorization: Bearer ${{ secrets.CF_API_TOKEN }}'
curl -XPOST https://api.cloudflare.com/client/v4/accounts/${{ secrets.CF_ACCOUNT_ID }}/images/v1/variants \
-d '{
"id": "usercontent",
"options": {
"metadata": "copyright"
}
}' \
-H 'Authorization: Bearer ${{ secrets.CF_API_TOKEN }}'
- name: Check D1 database
run: |
alpha_exists=$(npx wrangler d1 list --json | jq -r '.[] | select(.name == "wildebeest-${{ env.NAME_SUFFIX }}" and .version == "alpha") | .name')
beta_exists=$(npx wrangler d1 list --json | jq -r '.[] | select(.name == "wildebeest-${{ env.NAME_SUFFIX }}-v1" and .version == "beta") | .name')
[[ -n "$alpha_exists" && -z "$beta_exists" ]] && echo "Error: There is an alpha version of D1 but no corresponding beta version." && exit 1 || exit 0
- name: Create D1 database
continue-on-error: true
run: npx wrangler d1 create wildebeest-${{ env.NAME_SUFFIX }}-v1
- name: retrieve D1 database
run: npx wrangler d1 list --json | jq -r '.[] | select(.name == "wildebeest-${{ env.NAME_SUFFIX }}-v1" and .version == "beta") | .uuid' | awk '{print "d1_id="$1}' >> $GITHUB_ENV
- name: migrate D1 database
run: |
echo -e "[[d1_databases]]\nbinding=\"DATABASE\"\ndatabase_name=\"wildebeest-${{ env.NAME_SUFFIX }}-v1\"\ndatabase_id=\"${{ env.d1_id }}\"" >> wrangler.toml
npx wrangler d1 migrations apply wildebeest-${{ env.NAME_SUFFIX }}-v1
- name: retrieve Zero Trust organization
run: |
auth_domain=$(curl https://api.cloudflare.com/client/v4/accounts/${{ secrets.CF_ACCOUNT_ID }}/access/organizations \
-H 'Authorization: Bearer ${{ secrets.CF_API_TOKEN }}' | jq -r '.result.auth_domain')
printf "auth_domain=$auth_domain" >> $GITHUB_ENV
- name: retrieve Terraform state KV namespace
run: |
npx wrangler kv:namespace list | jq -r '.[] | select( .title == "wildebeest-terraform-${{ env.NAME_SUFFIX }}-state" ) | .id' | awk '{print "tfstate_kv="$1}' >> $GITHUB_ENV
- name: Init
run: terraform init
working-directory: ./tf
- name: download Terraform state
if: ${{ env.tfstate_kv != '' }}
run: |
npx wrangler kv:key get --namespace-id=${{ env.tfstate_kv }} terraform.tfstate > ./tf/terraform.tfstate
chmod 777 ./tf/terraform.tfstate
- name: download VAPID keys
if: ${{ env.tfstate_kv != '' }}
continue-on-error: true
run: npx wrangler kv:key get --namespace-id=${{ env.tfstate_kv }} vapid_jwk | jq . > ./tf/vapid_jwk
- name: generate VAPID keys if needed
run: |
sudo chmod 777 ./tf/vapid_jwk || true
if [ ! -s ./tf/vapid_jwk ]
then
node ./scripts/generate-vapid-keys.mjs > ./tf/vapid_jwk
echo "VAPID keys generated"
fi
- name: Publish DO
run: |
pnpm --dir do install
npx wrangler deploy --config do/wrangler.toml
- name: Retrieve DO namespace
run: |
curl https://api.cloudflare.com/client/v4/accounts/${{ secrets.CF_ACCOUNT_ID }}/workers/durable_objects/namespaces \
-H 'Authorization: Bearer ${{ secrets.CF_API_TOKEN }}' \
| jq -r '.result[] | select( .script == "wildebeest-do" ) | .id' | awk '{print "do_cache_id="$1}' >> $GITHUB_ENV
- name: Configure
run: terraform plan && terraform apply -auto-approve
working-directory: ./tf
env:
TF_VAR_cloudflare_account_id: ${{ secrets.CF_ACCOUNT_ID }}
TF_VAR_cloudflare_api_token: ${{ secrets.CF_API_TOKEN }}
TF_VAR_cloudflare_zone_id: ${{ vars.CF_ZONE_ID }}
TF_VAR_cloudflare_deploy_domain: ${{ vars.CF_DEPLOY_DOMAIN }}
TF_VAR_name_suffix: ${{ env.NAME_SUFFIX }}
TF_VAR_d1_id: ${{ env.d1_id }}
TF_VAR_do_cache_id: ${{ env.do_cache_id }}
TF_VAR_access_auth_domain: ${{ env.auth_domain }}
TF_VAR_wd_instance_title: ${{ vars.INSTANCE_TITLE }}
TF_VAR_wd_admin_email: ${{ vars.ADMIN_EMAIL }}
TF_VAR_wd_instance_description: ${{ vars.INSTANCE_DESCR }}
TF_VAR_sentry_dsn: ${{ secrets.SENTRY_DSN }}
TF_VAR_sentry_access_client_id: ${{ secrets.SENTRY_ACCESS_CLIENT_ID }}
TF_VAR_sentry_access_client_secret: ${{ secrets.SENTRY_ACCESS_CLIENT_SECRET }}
- name: retrieve Terraform state KV namespace
if: ${{ env.tfstate_kv == '' }}
run: npx wrangler kv:namespace list | jq -r '.[] | select( .title == "wildebeest-terraform-${{ env.NAME_SUFFIX }}-state" ) | .id' | awk '{print "tfstate_kv="$1}' >> $GITHUB_ENV
- name: store VAPID keys state
run: npx wrangler kv:key put --namespace-id=${{ env.tfstate_kv }} vapid_jwk --path=./tf/vapid_jwk
- name: store Terraform state
run: npx wrangler kv:key put --namespace-id=${{ env.tfstate_kv }} terraform.tfstate --path=./tf/terraform.tfstate
- name: Create Queue
continue-on-error: true
run: npx wrangler queues create wildebeest-${{ env.NAME_SUFFIX }}
- name: Publish consumer
run: |
echo "*** pre commands ***"
echo -e "name = \"wildebeest-consumer-${{ env.NAME_SUFFIX }}\"\n" >> consumer/wrangler.toml
echo -e "[[queues.consumers]]\n" >> consumer/wrangler.toml
echo -e "max_batch_size = 10\n" >> consumer/wrangler.toml
echo -e "max_batch_timeout = 30\n" >> consumer/wrangler.toml
echo -e "max_retries = 10\n" >> consumer/wrangler.toml
echo -e "queue = \"wildebeest-${{ env.NAME_SUFFIX }}\"\n" >> consumer/wrangler.toml
echo -e "[[d1_databases]]\nbinding=\"DATABASE\"\ndatabase_name=\"wildebeest-${{ env.NAME_SUFFIX }}-v1\"\ndatabase_id=\"${{ env.d1_id }}\"\n" >> consumer/wrangler.toml
echo -e "[durable_objects]\n" >> consumer/wrangler.toml
echo -e "bindings=[" >> consumer/wrangler.toml
echo -e "{name=\"DO_CACHE\",class_name=\"WildebeestCache\",script_name=\"wildebeest-do\"}," >> consumer/wrangler.toml
echo -e "]" >> consumer/wrangler.toml
echo -e "[vars]\n" >> consumer/wrangler.toml
echo -e "DOMAIN=\"${{ vars.CF_DEPLOY_DOMAIN }}\"\n" >> consumer/wrangler.toml
echo -e "ADMIN_EMAIL=\"${{ vars.ADMIN_EMAIL }}\"\n" >> consumer/wrangler.toml
pnpm --dir consumer install
echo "******"
npx wrangler deploy --config consumer/wrangler.toml
- name: add Queue producer to Pages
run: |
curl https://api.cloudflare.com/client/v4/accounts/${{ secrets.CF_ACCOUNT_ID }}/pages/projects/wildebeest-${{ env.NAME_SUFFIX }} \
-XPATCH \
-H 'Authorization: Bearer ${{ secrets.CF_API_TOKEN }}' \
-d '{
"deployment_configs": {
"production": {
"queue_producers": {
"QUEUE": {
"name": "wildebeest-${{ env.NAME_SUFFIX }}"
}
}
}
}
}' > /dev/null
- name: Publish
env:
COMMIT_HASH: ${{ github.sha }}
run: |
echo "*** pre commands ***"
pnpm build
echo "******"
npx wrangler pages deploy --project-name=wildebeest-${{ env.NAME_SUFFIX }} frontend/dist