make readme more descriptive #41
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Packer Deploy | |
| on: | |
| push: | |
| branches: | |
| - main | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| python-version: [3.11] | |
| env: | |
| DJANGO_SECRET_KEY: ${{ secrets.DJANGO_SECRET_KEY }} | |
| DB_NAME: ${{ secrets.DB_NAME }} | |
| DB_ENGINE: ${{ secrets.DB_ENGINE }} | |
| DB_HOST: ${{ secrets.DB_HOST }} | |
| DB_USER: ${{ secrets.DB_USER }} | |
| DB_PASSWORD: ${{ secrets.DB_PASSWORD }} | |
| DB_PORT: ${{ secrets.DB_PORT }} | |
| DEBUG: "True" | |
| steps: | |
| - name: Checkout the projects code | |
| uses: actions/checkout@v2 | |
| - name: Set up Python ${{ matrix.python-version }} | |
| uses: actions/setup-python@v2 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| - name: Install system dependencies | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y libpq-dev | |
| - name: Upgrade python system packages | |
| run: pip install -U pip wheel setuptools | |
| - uses: ikalnytskyi/action-setup-postgres@v5 | |
| with: | |
| username: ${{env.DB_USER}} | |
| password: ${{env.DB_PASSWORD}} | |
| database: ${{env.DB_NAME}} | |
| port: ${{env.DB_PORT}} | |
| id: postgres | |
| - name: Install dependencies | |
| run: | | |
| pip install pipenv | |
| pipenv install --system --deploy --ignore-pipfile | |
| - name: Create temp log file for pytest | |
| run: | | |
| sudo mkdir /var/log/app | |
| sudo touch /var/log/app/webapp.log | |
| sudo chown -R $USER:$USER /var/log/app | |
| - name: Run migrations | |
| run: | | |
| python manage.py migrate | |
| - name: Run tests | |
| run: | | |
| pytest | |
| - name: zip unzip | |
| run: | | |
| zip -r csye6225.zip . | |
| - name: Set up GCP credentials | |
| uses: 'google-github-actions/auth@v2' | |
| with: | |
| credentials_json: '${{ secrets.GCP_SA_KEY }}' | |
| - name: Set up Cloud SDK | |
| uses: google-github-actions/setup-gcloud@v2 | |
| - name: Install Packer | |
| uses: hashicorp/setup-packer@main | |
| id: setup | |
| - name: Install packer gcp plugin | |
| run: packer plugins install github.com/hashicorp/googlecompute | |
| - name: Packer build | |
| run: packer build -force -only=googlecompute.centos-csye-deploy -var 'dev_deploy_image_name=centos-dev-deploy-${{ github.sha }}' ./packer_setup/ | |
| - name: Get Secrets from Secret Manager | |
| run: | | |
| SECRET_JSON=$(gcloud secrets versions access latest --secret=project_secrets) | |
| declare -A SECRETS_DICT | |
| while IFS="=" read -r key value | |
| do | |
| SECRETS_DICT["$key"]="$value" | |
| done < <(echo $SECRET_JSON | jq -r "to_entries|map(\"\(.key)=\(.value|tostring)\")|.[]") | |
| echo "DATABASE_HOST=${SECRETS_DICT["DB_HOST"]}" >> $GITHUB_ENV | |
| echo "DATABASE_USER=${SECRETS_DICT["DB_USER"]}" >> $GITHUB_ENV | |
| echo "DATABASE_PASSWORD=${SECRETS_DICT["DB_PASSWORD"]}" >> $GITHUB_ENV | |
| echo "DATABASE_NAME=${SECRETS_DICT["DB_NAME"]}" >> $GITHUB_ENV | |
| echo "DJ_SECRET_KEY=${SECRETS_DICT["DJANGO_SECRET_KEY"]}" >> $GITHUB_ENV | |
| echo "GCP_PROJECT_ID=${SECRETS_DICT["GCP_PROJECT_ID"]}" >> $GITHUB_ENV | |
| echo "GCP_PUBSUB_TOPIC=${SECRETS_DICT["GCP_PUBSUB_TOPIC"]}" >> $GITHUB_ENV | |
| - name: Create new VM template | |
| run: | | |
| gcloud compute instance-templates create csye-webapp-${{github.sha}} \ | |
| --machine-type=e2-medium \ | |
| --boot-disk-auto-delete \ | |
| --image=centos-dev-deploy-${{ github.sha }} \ | |
| --region=us-east4 \ | |
| --network=assignment-tf \ | |
| --subnet=webapp \ | |
| --service-account=service-account-id@csye-6225-419603.iam.gserviceaccount.com \ | |
| --boot-disk-kms-key=projects/csye-6225-419603/locations/us-east4/keyRings/keyring-199ed489/cryptoKeys/vm-key-199ed489 \ | |
| --tags=load-balanced-backend \ | |
| --metadata=startup-script='#!/bin/bash | |
| # Create .env file | |
| touch /opt/app/.env | |
| cat > /opt/app/.env <<EOF | |
| DB_HOST=${{ env.DATABASE_HOST }} | |
| DB_USER=${{ env.DATABASE_USER }} | |
| DB_PASSWORD=${{ env.DATABASE_PASSWORD }} | |
| DB_NAME=${{ env.DATABASE_NAME }} | |
| DJANGO_SECRET_KEY=${{ env.DJ_SECRET_KEY }} | |
| GOOGLE_CLOUD_PROJECT_ID=${{ env.GCP_PROJECT_ID }} | |
| GOOGLE_CLOUD_PUBSUB_TOPIC_NAME=${{ env.GCP_PUBSUB_TOPIC }} | |
| EOF' | |
| - name: Point the instance group to the new template | |
| run: | | |
| gcloud compute instance-groups managed set-instance-template ${{ secrets.INSTANCE_GROUP_NAME }} \ | |
| --template=csye-webapp-${{github.sha}} \ | |
| --zone=us-east4-a | |
| - name: Re-create instances in instance group | |
| run: | | |
| gcloud compute instance-groups managed rolling-action start-update ${{ secrets.INSTANCE_GROUP_NAME }} \ | |
| --version=template=csye-webapp-${{github.sha}} \ | |
| --zone=us-east4-a | |
| - name: Check the status of the rolling update | |
| run: | | |
| gcloud compute instance-groups managed wait-until ${{ secrets.INSTANCE_GROUP_NAME }} \ | |
| --version-target-reached --zone=us-east4-a |