adding security groups #716
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: AWS deploy | |
on: | |
push: | |
branches: | |
- main | |
pull_request: | |
branches: | |
- main | |
workflow_dispatch: | |
inputs: | |
skip_tests: | |
description: 'Skip tests' | |
default: false | |
type: boolean | |
permissions: | |
id-token: write | |
contents: read | |
checks: write | |
pull-requests: write | |
env: | |
DJANGO_ENVIRONMENT: DEVELOPMENT | |
jobs: | |
linters: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set up Python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: "3.12" | |
cache: 'pip' | |
- name: Install Dependencies | |
run: pip install -r requirements.DEVELOPMENT.txt | |
- name: Run linters | |
uses: pre-commit/[email protected] | |
tests: | |
runs-on: ubuntu-latest | |
env: | |
DJANGO_ALLOW_ASYNC_UNSAFE: true | |
services: | |
postgres: | |
# Docker Hub image | |
image: postgres:15.5 | |
# Provide the password for postgres | |
env: | |
POSTGRES_PASSWORD: aiarena | |
POSTGRES_USER: aiarena | |
POSTGRES_DATABASE: test_aiarena | |
POSTGRES_ROOT_PASSWORD: aiarena | |
# Set health checks to wait until postgres has started | |
options: >- | |
--health-cmd pg_isready | |
--health-interval 10s | |
--health-timeout 5s | |
--health-retries 5 | |
ports: | |
# Maps tcp port 5432 on service container to the host | |
- 5432:5432 | |
steps: | |
- name: Checkout repository and submodules | |
uses: actions/checkout@v4 | |
- uses: shogo82148/actions-setup-redis@v1 | |
with: | |
redis-version: '6.x' | |
- run: redis-cli ping | |
- name: Set up Python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: "3.12" | |
cache: 'pip' | |
- name: Install Dependencies | |
run: pip install -r requirements.DEVELOPMENT.txt | |
- name: Grant aiarena user full access | |
env: | |
PORT: ${{ job.services.postgres.ports[5432] }} | |
run: | | |
PGPASSWORD="aiarena" psql -Uaiarena --host="127.0.0.1" --port "$PORT" -c "ALTER DATABASE aiarena OWNER TO aiarena; GRANT ALL PRIVILEGES ON DATABASE aiarena TO aiarena;"; | |
- name: Run Tests | |
if: ${{ !inputs.skip_tests }} | |
env: | |
NOFAKE_REDIS: 1 | |
run: pytest -m 'not playwright' -n auto --junit-xml test-results/pytest-regular.xml | |
- name: Publish Test Results | |
uses: EnricoMi/publish-unit-test-result-action@c8a70fdde92689bf574202595e1322d3a4de0987 | |
if: always() | |
with: | |
check_name: "Test Report" | |
fail_on: "nothing" | |
files: | | |
test-results/pytest-regular.xml | |
tests-playwright: | |
runs-on: ubuntu-latest | |
env: | |
DJANGO_ALLOW_ASYNC_UNSAFE: true | |
services: | |
postgres: | |
# Docker Hub image | |
image: postgres:15.5 | |
# Provide the password for postgres | |
env: | |
POSTGRES_PASSWORD: aiarena | |
POSTGRES_USER: aiarena | |
POSTGRES_DATABASE: test_aiarena | |
POSTGRES_ROOT_PASSWORD: aiarena | |
# Set health checks to wait until postgres has started | |
options: >- | |
--health-cmd pg_isready | |
--health-interval 10s | |
--health-timeout 5s | |
--health-retries 5 | |
ports: | |
# Maps tcp port 5432 on service container to the host | |
- 5432:5432 | |
steps: | |
- name: Checkout repository and submodules | |
uses: actions/checkout@v4 | |
- uses: shogo82148/actions-setup-redis@v1 | |
with: | |
redis-version: '6.x' | |
- run: redis-cli ping | |
- name: Set up Python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: "3.12" | |
cache: 'pip' | |
- name: Install Dependencies | |
run: pip install -r requirements.DEVELOPMENT.txt | |
- name: Install Playwrighgt browsers | |
run: playwright install --with-deps | |
- name: Grant aiarena user full access | |
env: | |
PORT: ${{ job.services.postgres.ports[5432] }} | |
run: | | |
PGPASSWORD="aiarena" psql -Uaiarena --host="127.0.0.1" --port "$PORT" -c "ALTER DATABASE aiarena OWNER TO aiarena; GRANT ALL PRIVILEGES ON DATABASE aiarena TO aiarena;"; | |
- name: Run Tests | |
if: ${{ !inputs.skip_tests }} | |
env: | |
NOFAKE_REDIS: 1 | |
run: pytest -m playwright --tracing retain-on-failure --junit-xml test-results/pytest-playwright.xml | |
- name: Publish Test Results | |
uses: EnricoMi/publish-unit-test-result-action@c8a70fdde92689bf574202595e1322d3a4de0987 | |
if: always() | |
with: | |
check_name: "Playwright test Report" | |
fail_on: "nothing" | |
files: | | |
test-results/pytest-playwright.xml | |
- name: Upload failure traces | |
uses: actions/upload-artifact@v4 | |
if: failure() | |
with: | |
name: playwright-failures | |
path: test-results | |
retention-days: 30 | |
prepare-images: | |
if: github.event_name != 'pull_request' | |
name: Build and push production image to ECR | |
runs-on: ubuntu-latest | |
outputs: | |
status_message_id: ${{ steps.slack.outputs.message_id }} | |
images: ${{ steps.prepare_images.outputs.images }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
role-to-assume: arn:aws:iam::315513665747:role/aiarena-DeployRole-NUZWXPWHC0MZ | |
aws-region: eu-central-1 | |
- name: Confirm AWS identity | |
run: aws sts get-caller-identity | |
- name: Setup python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: '3.12' | |
cache: 'pip' | |
- name: Install Dependencies | |
run: | | |
pip install -r ./requirements.LOCAL.txt | |
- name: Prepare image | |
id: prepare_images | |
env: | |
BUILD_NUMBER: ${{ github.run_number }} | |
MAINTENANCE_MODE: ${{ vars.MAINTENANCE_MODE }} | |
run: ./run.py prepare-images | |
deploy: | |
if: github.event_name != 'pull_request' | |
name: Deploy to ECS | |
runs-on: ubuntu-latest | |
needs: [ linters, tests, tests-playwright, prepare-images ] | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Setup python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: '3.12' | |
cache: 'pip' | |
- name: Install Dependencies | |
run: | | |
pip install -r ./requirements.LOCAL.txt | |
- name: Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
role-to-assume: arn:aws:iam::315513665747:role/aiarena-DeployRole-NUZWXPWHC0MZ | |
aws-region: eu-central-1 | |
- name: Deploy | |
env: | |
BUILD_NUMBER: ${{ github.run_number }} | |
PREPARED_IMAGES: ${{ needs.prepare-images.outputs.images }} | |
MAINTENANCE_MODE: ${{ vars.MAINTENANCE_MODE }} | |
run: ./run.py ecs | |
- name: Monitor deployment | |
run: ./run.py monitor-ecs |