Merge pull request #2278 from metriport/develop #598
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Deploy - PRODUCTION | |
on: | |
push: # a commit to the specified branches, if any | |
branches: | |
- master | |
paths: | |
- "packages/shared/**" | |
- "packages/api/**" | |
- "packages/api-sdk/**" | |
- "packages/commonwell-sdk/**" | |
- "packages/core/**" | |
- "packages/fhir-converter/**" | |
- "packages/ihe-gateway/**" | |
- "packages/ihe-gateway-sdk/**" | |
- "packages/carequality-sdk/**" | |
- "packages/infra/**" | |
- "packages/lambdas/**" | |
workflow_dispatch: # manually executed by a user | |
jobs: | |
files-changed: | |
name: detect changes | |
runs-on: ubuntu-latest | |
timeout-minutes: 3 | |
# Map a step output to a job output | |
outputs: | |
api: ${{ steps.changes.outputs.api }} | |
ihe-gw-server: ${{ steps.changes.outputs.ihe-gw-server }} | |
fhir-converter: ${{ steps.changes.outputs.fhir-converter }} | |
infra-lambdas: ${{ steps.changes.outputs.infra-lambdas }} | |
steps: | |
- name: Login to Docker Hub | |
uses: docker/login-action@v2 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Detect Changes | |
uses: dorny/paths-filter@4067d885736b84de7c414f582ac45897079b0a78 # v2 | |
id: changes | |
with: | |
base: "master" | |
filters: | | |
api: | |
- "packages/shared/**" | |
- "packages/api/**" | |
- "packages/api-sdk/**" | |
- "packages/commonwell-sdk/**" | |
- "packages/ihe-gateway-sdk/**" | |
- "packages/core/**" | |
- "package*.json" | |
ihe-gw-server: | |
- "packages/ihe-gateway/Dockerfile" | |
- "packages/ihe-gateway/entrypoint.sh" | |
- "packages/ihe-gateway/config/**" | |
- "packages/ihe-gateway/server/**" | |
- "packages/ihe-gateway/scripts/**" | |
# Doing them individually because there are other stuff there that we don't want to trigger a deploy b/c of that | |
fhir-converter: | |
- "packages/fhir-converter/Dockerfile" | |
- "packages/fhir-converter/docker-entrypoint.sh" | |
- "packages/fhir-converter/package*.json" | |
- "packages/fhir-converter/mocha-config.json" | |
- "packages/fhir-converter/src/**" | |
- "packages/fhir-converter/test/**" | |
- "packages/fhir-converter/deploy/**" | |
infra-lambdas: | |
- "packages/shared/**" | |
- "packages/core/**" | |
- "packages/infra/**" | |
- "packages/lambdas/**" | |
- "package*.json" | |
api-prod: | |
if: needs.files-changed.outputs.api == 'true' | |
needs: files-changed | |
uses: ./.github/workflows/_deploy-api.yml | |
with: | |
deploy_env: "production" | |
ECR_REPO_URI: ${{ vars.ECR_REPO_URI_PRODUCTION }} | |
ECS_CLUSTER: ${{ vars.ECS_CLUSTER_PRODUCTION }} | |
ECS_SERVICE: ${{ vars.ECS_SERVICE_PRODUCTION }} | |
AWS_REGION: ${{ vars.API_REGION_PRODUCTION }} | |
secrets: | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} | |
SENTRY_ORG: ${{ secrets.SENTRY_ORG }} | |
DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} | |
DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} | |
api-sandbox: | |
uses: ./.github/workflows/_deploy-api.yml | |
needs: [api-prod] | |
if: ${{ !failure() && needs.api-prod.result == 'success' }} | |
with: | |
deploy_env: "sandbox" | |
ECR_REPO_URI: ${{ vars.ECR_REPO_URI_SANDBOX }} | |
ECS_CLUSTER: ${{ vars.ECS_CLUSTER_SANDBOX }} | |
ECS_SERVICE: ${{ vars.ECS_SERVICE_SANDBOX }} | |
AWS_REGION: ${{ vars.API_REGION_SANDBOX }} | |
secrets: | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} | |
SENTRY_ORG: ${{ secrets.SENTRY_ORG }} | |
DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} | |
DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} | |
infra-api-lambdas: | |
uses: ./.github/workflows/_deploy-cdk.yml | |
if: ${{ needs.files-changed.outputs.infra-lambdas == 'true' || needs.files-changed.outputs.fhir-converter == 'true' }} | |
needs: files-changed | |
with: | |
deploy_env: "production" | |
location_services_cdk_stack: ${{ vars.LOCATION_SERVICES_STACK_NAME_PRODUCTION }} | |
cdk_stack: ${{ vars.API_STACK_NAME_PRODUCTION }} | |
AWS_REGION: ${{ vars.API_REGION_PRODUCTION }} | |
secrets: | |
SERVICE_PAT: ${{ secrets.SERVICE_PAT }} | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} | |
SENTRY_ORG: ${{ secrets.SENTRY_ORG }} | |
DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} | |
DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} | |
infra-api-lambdas-sandbox: | |
uses: ./.github/workflows/_deploy-cdk.yml | |
needs: [infra-api-lambdas] | |
if: ${{ !failure() && needs.infra-api-lambdas.result == 'success' }} | |
with: | |
deploy_env: "sandbox" | |
cdk_stack: ${{ vars.API_STACK_NAME_SANDBOX }} | |
AWS_REGION: ${{ vars.API_REGION_SANDBOX }} | |
secrets: | |
SERVICE_PAT: ${{ secrets.SERVICE_PAT }} | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} | |
SENTRY_ORG: ${{ secrets.SENTRY_ORG }} | |
DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} | |
DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} | |
infra-ihe-gw: | |
uses: ./.github/workflows/_deploy-cdk-ihe-gw.yml | |
if: ${{ needs.files-changed.outputs.infra-lambdas == 'true' }} | |
needs: files-changed | |
with: | |
deploy_env: "production" | |
cdk_stack: ${{ vars.IHE_STACK_NAME }} | |
AWS_REGION: ${{ vars.API_REGION_PRODUCTION }} | |
IHE_GW_CONFIG_BUCKET_NAME: ${{ vars.IHE_GW_CONFIG_BUCKET_NAME }} | |
secrets: | |
SERVICE_PAT: ${{ secrets.SERVICE_PAT }} | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} | |
SENTRY_ORG: ${{ secrets.SENTRY_ORG }} | |
DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} | |
DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} | |
IHE_GW_KEYSTORE_STOREPASS: ${{ secrets.IHE_GW_KEYSTORE_STOREPASS_PRODUCTION }} | |
IHE_GW_KEYSTORE_KEYPASS: ${{ secrets.IHE_GW_KEYSTORE_KEYPASS_PRODUCTION }} | |
ihe-gw-server: | |
if: needs.files-changed.outputs.ihe-gw-server == 'true' | |
needs: files-changed | |
uses: ./.github/workflows/_deploy-ihe-gw.yml | |
with: | |
deploy_env: "production" | |
ECR_REPO_URI: ${{ vars.IHE_ECR_REPO_URI_PRODUCTION }} | |
ECS_CLUSTER: ${{ vars.IHE_ECS_CLUSTER_PRODUCTION }} | |
IHE_INBOUND_ECS_SERVICE: ${{ vars.IHE_INBOUND_ECS_SERVICE_PRODUCTION }} | |
IHE_OUTBOUND_ECS_SERVICE: ${{ vars.IHE_OUTBOUND_ECS_SERVICE_PRODUCTION }} | |
AWS_REGION: ${{ vars.IHE_REGION_PRODUCTION }} | |
IHE_GW_ARTIFACT_URL: ${{ vars.IHE_GW_ARTIFACT_URL }} | |
IHE_GW_KEYSTORE_NAME: ${{ vars.IHE_GW_KEYSTORE_NAME_PRODUCTION }} | |
IHE_GW_ZULUKEY: ${{ vars.IHE_GW_ZULUKEY }} | |
IHE_GW_CONFIG_BUCKET_NAME: ${{ vars.IHE_GW_CONFIG_BUCKET_NAME }} | |
IHE_GW_FULL_BACKUP_LOCATION: ${{ vars.IHE_GW_FULL_BACKUP_LOCATION }} | |
secrets: | |
SERVICE_PAT: ${{ secrets.SERVICE_PAT }} | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} | |
DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} | |
IHE_GW_KEYSTORE_STOREPASS: ${{ secrets.IHE_GW_KEYSTORE_STOREPASS_PRODUCTION }} | |
IHE_GW_KEYSTORE_KEYPASS: ${{ secrets.IHE_GW_KEYSTORE_KEYPASS_PRODUCTION }} | |
e2e-tests: | |
uses: ./.github/workflows/_e2e-tests.yml | |
needs: [api-sandbox, infra-api-lambdas-sandbox, infra-ihe-gw, ihe-gw-server] | |
# run even if one of the dependencies didn't | |
# can't use ${{ ! failure() && success() }} because `success()` "Returns true when none of the previous steps have failed or been canceled." | |
# can't use ${{ ! failure() && contains(needs.*.result, 'success') }} because if anything that came before succeeded, even if not a direct dependency, it will run | |
if: ${{ !failure() && (needs.api-sandbox.result == 'success' || needs.infra-api-lambdas-sandbox.result == 'success' || needs.infra-ihe-gw.result == 'success' || needs.ihe-gw-server.result == 'success') }} | |
with: | |
deploy_env: "production" | |
api_url: ${{ vars.API_URL_PRODUCTION }} | |
fhir_url: ${{ vars.FHIR_SERVER_URL_PRODUCTION }} | |
secrets: | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
TEST_API_KEY: ${{ secrets.TEST_API_KEY_PRODUCTION }} | |
DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} | |
DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} | |
NGROK_AUTHTOKEN: ${{ secrets.NGROK_AUTHTOKEN }} |