ci: Migrate hub to aws actions (#3783)

* ci: Migrate hub to aws actions * Fix typo * Label build steps * Rename yarn build step * Test using entrypoint * Add shebang * Change entrypoint sh path * Make entrypoint executable * Fix build args * Remove waypoint workflows
cardstack · Jan 16, 2024 · 9731c41 · 9731c41
1 parent f2858fe
commit 9731c41
Show file tree

Hide file tree

Showing 4 changed files with 90 additions and 861 deletions.
diff --git a/.github/workflows/manual-hub.yml b/.github/workflows/manual-hub.yml
@@ -20,103 +20,112 @@ permissions:
 
 jobs:
   build:
+    name: Build Docker image
     runs-on: ubuntu-latest
+    outputs:
+      image-server: ${{ steps.build-server.outputs.tag_sha }}
+      image-worker: ${{ steps.build-worker.outputs.tag_sha }}
+      image-event-listener: ${{ steps.build-event-listener.outputs.tag_sha }}
+      image-bot: ${{ steps.build-bot.outputs.tag_sha }}
     steps:
       - uses: actions/checkout@v3
       - uses: ./.github/actions/init
 
-      - name: Build
-        run: yarn build
-        shell: bash
+      - run: yarn build
         working-directory: packages/hub
 
-      - name: Tar artifact
-        run: tar -cvf artifact.tar packages/hub/dist
-        shell: bash
-
-      - uses: actions/upload-artifact@v3
+      - name: Build hub-server
+        uses: cardstack/gh-actions/docker-ecr@main
+        id: build-server
         with:
-          name: hub-${{ github.sha }}
-          path: artifact.tar
-
-  waypoint-build:
-    needs: build
-    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        app: [hub, hub-worker, hub-event-listener]
-    steps:
-      - uses: actions/checkout@v3
-      - uses: ./.github/actions/init
-
-      - uses: actions/download-artifact@v3
+          repository: "hub-server-${{ inputs.environment }}"
+          environment: ${{ inputs.environment }}
+          dockerfile: "packages/hub/Dockerfile"
+          context: "packages/hub"
+          build-args: |
+            hub_command=server
+
+      - name: Build hub-worker
+        uses: cardstack/gh-actions/docker-ecr@main
+        id: build-worker
         with:
-          name: hub-${{ github.sha }}
-
-      - name: Extract artifact
-        run: tar -xvf artifact.tar
-        shell: bash
-
-      - name: Set up env
-        env:
-          INPUT_ENVIRONMENT: ${{ inputs.environment }}
-        run: |
-          if [ "$INPUT_ENVIRONMENT" = "production" ]; then
-            echo "AWS_ROLE_ARN=arn:aws:iam::120317779495:role/waypoint" >> $GITHUB_ENV
-            echo "WAYPOINT_SERVER_TOKEN=${{ secrets.PRODUCTION_WAYPOINT_SERVER_TOKEN }}" >> $GITHUB_ENV
-            echo "WAYPOINT_SERVER_ADDR=${{ secrets.PRODUCTION_WAYPOINT_SERVER_ADDR }}" >> $GITHUB_ENV
-            cp waypoint.prod.hcl waypoint.hcl
-          elif [ "$INPUT_ENVIRONMENT" = "staging" ]; then
-            echo "AWS_ROLE_ARN=arn:aws:iam::680542703984:role/waypoint" >> $GITHUB_ENV
-            echo "WAYPOINT_SERVER_TOKEN=${{ secrets.STAGING_WAYPOINT_SERVER_TOKEN }}" >> $GITHUB_ENV
-            echo "WAYPOINT_SERVER_ADDR=${{ secrets.STAGING_WAYPOINT_SERVER_ADDR }}" >> $GITHUB_ENV
-          else
-            echo "unrecognized environment"
-            exit 1;
-          fi
-
-      - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@v2.0.0
+          repository: "hub-worker-${{ inputs.environment }}"
+          environment: ${{ inputs.environment }}
+          dockerfile: "packages/hub/Dockerfile"
+          context: "packages/hub"
+          build-args: |
+            hub_command=worker
+
+      - name: Build hub-event-listener
+        uses: cardstack/gh-actions/docker-ecr@main
+        if: ${{ inputs.environment == 'production' }}
+        id: build-event-listener
         with:
-          role-to-assume: ${{ env.AWS_ROLE_ARN }}
-          aws-region: us-east-1
-
-      - uses: lucasmelin/setup-waypoint@v1
+          repository: "hub-event-listener-${{ inputs.environment }}"
+          environment: ${{ inputs.environment }}
+          dockerfile: "packages/hub/Dockerfile"
+          context: "packages/hub"
+          build-args: |
+            hub_command=event-listener
+
+      - name: Build hub-bot
+        uses: cardstack/gh-actions/docker-ecr@main
+        if: ${{ false }}
+        id: build-bot
         with:
-          version: "0.11.3"
-
-      - name: Build ${{ matrix.app }}
-        run: waypoint build -app=${{ matrix.app }} -plain -push
-        env:
-          WAYPOINT_SERVER_TLS: "1"
-
-  deploy:
-    name: Deploy hub
-    needs: [waypoint-build]
-    uses: cardstack/gh-actions/.github/workflows/waypoint-deploy.yml@main
+          repository: "hub-bot-${{ inputs.environment }}"
+          environment: ${{ inputs.environment }}
+          dockerfile: "packages/hub/Dockerfile"
+          context: "packages/hub"
+          build-args: |
+            hub_command=bot
+
+  deploy-server:
+    needs: [build]
+    name: Deploy hub-server to AWS ECS
+    uses: cardstack/gh-actions/.github/workflows/ecs-deploy.yml@main
     secrets: inherit
     with:
-      app: "hub"
+      container-name: "hub-server"
+      service-name: "hub-server-${{ inputs.environment }}"
       environment: ${{ inputs.environment }}
-      init: false
+      cluster: ${{ inputs.environment }}
+      image: ${{ needs.build.outputs.image-server }}
 
-  deploy-hub-worker:
-    name: Deploy hub-worker
-    needs: [waypoint-build]
-    uses: cardstack/gh-actions/.github/workflows/waypoint-deploy.yml@main
+  deploy-worker:
+    needs: [build]
+    name: Deploy hub-worker to AWS ECS
+    uses: cardstack/gh-actions/.github/workflows/ecs-deploy.yml@main
     secrets: inherit
     with:
-      app: "hub-worker"
+      container-name: "hub-worker"
+      service-name: "hub-worker-${{ inputs.environment }}"
       environment: ${{ inputs.environment }}
-      init: false
-
-  deploy-hub-event-lister:
-    name: Deploy hub-event-listener
-    needs: [waypoint-build]
-    uses: cardstack/gh-actions/.github/workflows/waypoint-deploy.yml@main
+      cluster: ${{ inputs.environment }}
+      image: ${{ needs.build.outputs.image-worker }}
+
+  deploy-event-listener:
+    needs: [build]
+    if: ${{ inputs.environment == 'production' }}
+    name: Deploy hub-event-listener to AWS ECS
+    uses: cardstack/gh-actions/.github/workflows/ecs-deploy.yml@main
+    secrets: inherit
+    with:
+      container-name: "hub-event-listener"
+      service-name: "hub-event-listener-${{ inputs.environment }}"
+      environment: ${{ inputs.environment }}
+      cluster: ${{ inputs.environment }}
+      image: ${{ needs.build.outputs.image-event-listener }}
+
+  deploy-bot:
+    needs: [build]
+    if: ${{ false }}
+    name: Deploy hub-bot to AWS ECS
+    uses: cardstack/gh-actions/.github/workflows/ecs-deploy.yml@main
     secrets: inherit
-    if: ${{ inputs.environment != 'staging' }}
     with:
-      app: "hub-event-listener"
+      container-name: "hub-bot"
+      service-name: "hub-bot-${{ inputs.environment }}"
       environment: ${{ inputs.environment }}
-      init: false
+      cluster: ${{ inputs.environment }}
+      image: ${{ needs.build.outputs.image-bot }}
diff --git a/.github/workflows/push-main.yml b/.github/workflows/push-main.yml
@@ -32,33 +32,6 @@ jobs:
       - uses: ./.github/actions/init
       - run: yarn lint
 
-  check_secrets:
-    name: Check Secret Access
-    needs: update-cache
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-      - uses: ./.github/actions/init
-
-      - name: Configure staging AWS credentials
-        uses: aws-actions/configure-aws-credentials@v2.0.0
-        with:
-          role-to-assume: arn:aws:iam::680542703984:role/waypoint
-          aws-region: us-east-1
-      - name: Check access to secrets specified in waypoint.hcl
-        uses: ./.github/actions/check-secrets
-        with:
-          waypoint_config_file: waypoint.hcl
-      - name: Configure prod AWS credentials
-        uses: aws-actions/configure-aws-credentials@v2.0.0
-        with:
-          role-to-assume: arn:aws:iam::120317779495:role/waypoint
-          aws-region: us-east-1
-      - name: Check access to secrets specified in waypoint.prod.hcl
-        uses: ./.github/actions/check-secrets
-        with:
-          waypoint_config_file: waypoint.prod.hcl
-
   test_node_packages:
     needs: lint
     runs-on: ubuntu-latest
@@ -160,7 +133,6 @@ jobs:
               - '.github/workflows/push-main.yml'
               - '.github/actions/deploy-hub/**'
               - 'yarn.lock'
-              - 'waypoint.hcl'
             web_client:
               - 'packages/web-client/**'
               - 'packages/boxel/**'
@@ -182,7 +154,6 @@ jobs:
               - '.github/workflows/push-main.yml'
               - '.github/workflows/manual-ssr-web.yml'
               - 'yarn.lock'
-              - 'waypoint.hcl'
             safe-tools-client:
               - 'packages/safe-tools-client/**'
               - 'packages/boxel/**'
@@ -191,8 +162,8 @@ jobs:
               - '.github/actions/deploy-safe-tools-client/**'
               - 'yarn.lock'
 
-  deploy-hub-staging:
-    name: Deploy hub to staging cluster via waypoint
+  deploy-hub:
+    name: Deploy hub to staging
     needs: change_check
     if: ${{ needs.change_check.outputs.hub == 'true' }}
     uses: ./.github/workflows/manual-hub.yml