Skip to content
Back to pull request #6044

gha fix #2264

Sign in to view logs

gha fix

gha fix #2264

Workflow file for this run

.github/workflows/deploy-happy-stack.yml at 8835cc7
name: Deploy Happy
# TODO: Reinstate. This is for temporarily testing mirroring job
#on: deployment
# TODO: Remove. This is for temporarily testing mirroring job
on:
push:
branches:
- atol/5480-mirror-data-to-staging-on-deploy
env:
DOCKER_BUILDKIT: 1
COMPOSE_DOCKER_CLI_BUILD: 1
DOCKER_REPO: ${{ secrets.ECR_REPO }}/
permissions:
id-token: write
contents: write
deployments: write
jobs:
mirror-prod-rds-data-to-staging:
runs-on: ubuntu-22.04
# TODO: Reinstate. This is for temporarily testing mirroring job
# if: github.event.deployment.environment == 'staging'
steps:
- name: install requirements
run: |
pip install awscli==1.29.1
- name:
uses: aws-actions/configure-aws-credentials@v2
with:
aws-region: us-west-2
role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
role-duration-seconds: 2700
- name: Install aws cli
uses: unfor19/install-aws-cli-action@v1
with:
version: "2"
- name: Dump from prod # TODO: Add actual mirroring command as ECS task execution
run: echo TODO
- name: Load to staging # TODO: Add actual mirroring command as ECS task execution
run: echo TODO
mirror-prod-s3-data-to-staging:
runs-on: ubuntu-22.04
# TODO: Reinstate. This is for temporarily testing mirroring job
# if: github.event.deployment.environment == 'staging'
steps:
- name: install requirements
run: |
pip install awscli==1.29.1
- name:
uses: aws-actions/configure-aws-credentials@v2
with:
aws-region: us-west-2
role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
role-duration-seconds: 2700
- name: Install aws cli
uses: unfor19/install-aws-cli-action@v1
with:
version: "2"
- name: Run S3 mirroring # TODO: Add actual mirroring command as ECS task execution
run: echo TODO
upgrade:
runs-on: ubuntu-22.04
if: false # TODO: Remove. This is for temporarily testing mirroring job, above, avoiding the deploy
steps:
- uses: actions/setup-node@v2
with:
node-version: 15
- name: Configure AWS Prod Credentials
uses: aws-actions/configure-aws-credentials@v2
if: github.event.deployment.environment == 'prod'
with:
aws-region: us-west-2
role-to-assume: ${{ secrets.AWS_PROD_ROLE_TO_ASSUME }}
role-duration-seconds: 2700
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v2
if: github.event.deployment.environment != 'prod'
with:
aws-region: us-west-2
role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
role-duration-seconds: 2700
# Login to ECR needed solely to be able to retrieve cached layers
- name: Login to Prod ECR
uses: docker/login-action@v1
if: github.event.deployment.environment == 'prod'
with:
registry: ${{ secrets.ECR_REPO_PROD }}
- name: Login to ECR
uses: docker/login-action@v1
with:
registry: ${{ secrets.ECR_REPO }}
- uses: actions/checkout@v2
with:
ref: ${{ github.event.deployment.sha }}
fetch-depth: 1
- uses: avakar/set-deployment-status@v1
with:
state: in_progress
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Update deployment
uses: chanzuckerberg/github-actions/.github/actions/deploy-happy-stack@deploy-happy-stack-v1.7.2
with:
tfe-token: ${{ secrets.TFE_TOKEN }}
stack-name: ${{ github.event.deployment.environment }}stack
operation: update
tag: ${{ github.event.deployment.payload.tag }}
env: ${{ github.event.deployment.environment }}
happy_version: "0.92.0"
- name: Invalidate CloudFront
env:
DEPLOYMENT_STAGE: ${{ github.event.deployment.environment }}
run: |
if [ "${DEPLOYMENT_STAGE}" == "stage" ]; then
DOMAIN_NAME=frontend.stage.single-cell.czi.technology
ALIAS=cellxgene.staging.single-cell.czi.technology
elif [ "${DEPLOYMENT_STAGE}" == "prod" ]; then
DOMAIN_NAME=frontend.production.single-cell.czi.technology
ALIAS=cellxgene.cziscience.com
else
DOMAIN_NAME=frontend.${DEPLOYMENT_STAGE}.single-cell.czi.technology
ALIAS=cellxgene.${DEPLOYMENT_STAGE}.single-cell.czi.technology
fi
DISTRIBUTION_ID=$(aws cloudfront list-distributions --query "DistributionList.Items[*].{id:Id,domain_name:Origins.Items[*].DomainName,alias:Aliases.Items[0]}[?contains(domain_name,'${DOMAIN_NAME}')&&alias=='${ALIAS}'].id" --output text)
aws cloudfront create-invalidation --distribution-id ${DISTRIBUTION_ID} --paths /index.html
### Need to write success failure way because Github API doesn't allow doing
### "if: always(), state: ${{ success() }}:
- name: Set deployment status to failure if errors
uses: avakar/set-deployment-status@v1
if: failure()
with:
state: failure
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- uses: 8398a7/action-slack@v3
with:
status: ${{ job.status }}
fields: repo,commit,author,eventName,workflow,job,mention
mention: "here"
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}
if: failure() && github.ref == 'refs/heads/main'
github-tag-and-release:
runs-on: ubuntu-22.04
if: github.event.deployment.environment == 'prod'
needs:
- upgrade
steps:
- uses: actions/checkout@v2
with:
ref: ${{ github.event.deployment.sha }}
- name: Get most recent tag
id: "fetch_tag"
run: |
git config user.name github-actions
git config user.email github-actions@github.com
echo "PREVIOUS_TAG=$(git describe --tags $(git rev-list --tags=sha\* --max-count=1))" >> $GITHUB_OUTPUT
- name: Push Tag with latest prod commit SHA
uses: rickstaa/action-create-tag@v1
id: "tag_create"
with:
tag: ${{ github.event.deployment.payload.tag }}
tag_exists_error: false
- name: Build Changelog
id: build_changelog
uses: mikepenz/release-changelog-builder-action@v4
with:
fromTag: ${{ steps.fetch_tag.outputs.PREVIOUS_TAG }}
- name: Produce Github Release for Prod Deployments
uses: softprops/action-gh-release@v1
if: steps.tag_create.outputs.tag_exists == 'false'
with:
tag_name: ${{ github.event.deployment.payload.tag }}
body: ${{steps.build_changelog.outputs.changelog}}
e2e-logged-in-test:
timeout-minutes: 30
runs-on: ubuntu-22.04
needs:
- upgrade
- mirror-prod-s3-data-to-staging
- mirror-prod-rds-data-to-staging
steps:
- uses: actions/setup-node@v2
with:
node-version: "16.14.2"
- uses: actions/setup-python@v4
with:
python-version: "3.10"
- uses: actions/checkout@v2
with:
ref: ${{ github.event.deployment.sha }}
fetch-depth: 1
- name: Configure AWS Prod Credentials
uses: aws-actions/configure-aws-credentials@v2
if: github.event.deployment.environment == 'prod'
with:
aws-region: us-west-2
role-to-assume: ${{ secrets.AWS_PROD_ROLE_TO_ASSUME }}
role-duration-seconds: 2700
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v2
if: github.event.deployment.environment != 'prod'
with:
aws-region: us-west-2
role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
role-duration-seconds: 2700
- name: Run E2E Logged In tests
env:
DEPLOYMENT_STAGE: ${{ github.event.deployment.environment }}
### config.js set-up required due to transient test dependencies on API_URL
run: |
if [ "${DEPLOYMENT_STAGE}" == "stage" ]; then
export DEPLOYMENT_STAGE=staging
fi
if [ "${DEPLOYMENT_STAGE}" != "prod" ]; then
pip3 install -r scripts/smoke_tests/requirements.txt
python3 -m scripts.smoke_tests.setup
fi
cd frontend
npm ci
npx playwright install --with-deps
cp src/configs/${DEPLOYMENT_STAGE}.js src/configs/configs.js
DEBUG=pw:api npm run e2e-${DEPLOYMENT_STAGE}-logged-in
- uses: actions/upload-artifact@v2
if: always()
with:
name: logged-in-test-results
path: frontend/playwright-report/
retention-days: 30
### Need to write success failure way because Github API doesn't allow doing
### "if: always(), state: ${{ success() }}:
- name: Set deployment status to success if no errors
uses: avakar/set-deployment-status@v1
with:
state: success
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Set deployment status to failure if errors
uses: avakar/set-deployment-status@v1
if: failure()
with:
state: failure
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run-e2e-tests:
timeout-minutes: 30
name: e2e-tests ${{ matrix.project }} ${{ matrix.shardCurrent }} of ${{ matrix.shardTotal }}
runs-on: ubuntu-22.04
needs:
- upgrade
- mirror-prod-s3-data-to-staging
- mirror-prod-rds-data-to-staging
strategy:
fail-fast: false
matrix:
# Only run Chrome for now, since GHA only has 250 workers and will cancel jobs if it runs out
project: [chromium]
shardCurrent: [1, 2, 3, 4, 5, 6, 7, 8, 9, 10]
shardTotal: [10]
defaults:
run:
working-directory: frontend
steps:
- uses: actions/setup-node@v3
with:
node-version: "16.14.2"
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v2
with:
aws-region: us-west-2
role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
role-duration-seconds: 1800
- name: Login to ECR
uses: docker/login-action@v2
with:
registry: ${{ secrets.ECR_REPO }}
- uses: actions/checkout@v3
with:
fetch-depth: 1
- name: Install dependencies
run: |
npm ci
npx playwright install --with-deps
cp src/configs/local.js src/configs/configs.js
# Run E2E tests
- name: Run E2E tests
env:
CI: true
PROJECT: ${{ matrix.project }}
SHARD: ${{ matrix.shardCurrent }}/${{ matrix.shardTotal }}
DEPLOYMENT_STAGE: ${{ github.event.deployment.environment }}
run: |
if [ "${DEPLOYMENT_STAGE}" == "stage" ]; then
export DEPLOYMENT_STAGE=staging
fi
DEBUG=pw:api npm run e2e-${DEPLOYMENT_STAGE}-ci
- name: Upload FE test results as an artifact
if: always()
uses: actions/upload-artifact@v3
with:
name: playwright-report ${{ matrix.project }} ${{ matrix.shardCurrent }} of ${{ matrix.shardTotal }}
path: /home/runner/work/single-cell-data-portal/single-cell-data-portal/frontend/playwright-report
retention-days: 14
- name: Upload blob report to GitHub Actions Artifacts
if: always()
uses: actions/upload-artifact@v3
with:
name: all-blob-reports
path: /home/runner/work/single-cell-data-portal/single-cell-data-portal/frontend/blob-report
retention-days: 1
e2e-test:
if: always()
runs-on: ubuntu-latest
needs:
- run-e2e-tests
steps:
- name: Check result
run: |
passed="${{ needs.run-e2e-tests.result }}"
if [[ $passed == "success" ]]; then
echo "Shards passed"
exit 0
else
echo "Shards failed"
exit 1
fi
### Need to write success failure way because Github API doesn't allow doing
### "if: always(), state: ${{ success() }}:
- name: Set deployment status to success if no errors
uses: avakar/set-deployment-status@v1
with:
state: success
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Set deployment status to failure if errors
uses: avakar/set-deployment-status@v1
if: failure()
with:
state: failure
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
functional-test:
runs-on: ubuntu-22.04
timeout-minutes: 30
needs:
- upgrade
- mirror-prod-s3-data-to-staging
- mirror-prod-rds-data-to-staging
steps:
- name: Configure AWS Prod Credentials
uses: aws-actions/configure-aws-credentials@v2
if: github.event.deployment.environment == 'prod'
with:
aws-region: us-west-2
role-to-assume: ${{ secrets.AWS_PROD_ROLE_TO_ASSUME }}
role-duration-seconds: 2700
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v2
if: github.event.deployment.environment != 'prod'
with:
aws-region: us-west-2
role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
role-duration-seconds: 2700
- uses: actions/checkout@v2
with:
ref: ${{ github.event.deployment.sha }}
fetch-depth: 1
- uses: actions/setup-python@v4
with:
python-version: "3.10"
- name: Run functional test
env:
TFE_TOKEN: ${{ secrets.TFE_TOKEN }}
DEPLOYMENT_STAGE: ${{ github.event.deployment.environment }}
if: github.event.deployment.environment != 'prod'
run: |
if [ "${DEPLOYMENT_STAGE}" == "stage" ]; then
export DEPLOYMENT_STAGE=staging
fi
echo DEPLOYMENT_STAGE ${DEPLOYMENT_STAGE}
pip3 install -r tests/functional/requirements.txt
make functional-test
### Need to write success failure way because Github API doesn't allow doing
### "if: always(), state: ${{ success() }}:
- name: Set deployment status to success if no errors
uses: avakar/set-deployment-status@v1
with:
state: success
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Set deployment status to failure if errors
uses: avakar/set-deployment-status@v1
if: failure()
with:
state: failure
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
performance-test:
runs-on: ubuntu-22.04
timeout-minutes: 30
needs:
- upgrade
- mirror-prod-s3-data-to-staging
- mirror-prod-rds-data-to-staging
steps:
- name: Configure AWS Prod Credentials
uses: aws-actions/configure-aws-credentials@v2
if: github.event.deployment.environment == 'prod'
with:
aws-region: us-west-2
role-to-assume: ${{ secrets.AWS_PROD_ROLE_TO_ASSUME }}
role-duration-seconds: 2700
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v2
if: github.event.deployment.environment != 'prod'
with:
aws-region: us-west-2
role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
role-duration-seconds: 2700
# Login to ECR needed solely to be able to retrieve cached layers
- name: Login to Prod ECR
uses: docker/login-action@v1
if: github.event.deployment.environment == 'prod'
with:
registry: ${{ secrets.ECR_REPO_PROD }}
- name: Login to ECR
uses: docker/login-action@v1
with:
registry: ${{ secrets.ECR_REPO }}
- uses: actions/checkout@v2
with:
ref: ${{ github.event.deployment.sha }}
fetch-depth: 1
- name: Run performance test
env:
TFE_TOKEN: ${{ secrets.TFE_TOKEN }}
DEPLOYMENT_STAGE: ${{ github.event.deployment.environment }}
if: github.event.deployment.environment == 'prod'
run: |
echo "DOCKER_REPO=${DOCKER_REPO}" > .env.ecr
echo DEPLOYMENT_STAGE ${DEPLOYMENT_STAGE}
make prod-performance-test
status:
runs-on: ubuntu-22.04
if: ${{ always() }} # Ensures status is run after post-deploy tests, even if they fail
needs:
- performance-test
- e2e-logged-in-test
- e2e-test
- functional-test
steps:
- uses: martialonline/workflow-status@v4
id: check
- uses: 8398a7/action-slack@v3
with:
status: ${{ steps.check.outputs.status }}
fields: repo,commit,author,eventName,workflow,job,mention
mention: "here"
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}
if: steps.check.outputs.status == 'failure' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/staging' || github.ref == 'refs/heads/prod')