Skip to content
Deploy to Integration

build: move the socket path listener rule to increased priority (#85) #115

Sign in to view logs

build: move the socket path listener rule to increased priority (#85)

build: move the socket path listener rule to increased priority (#85) #115

Workflow file for this run

.github/workflows/deploy-integration.yml at 11e9557
name: Deploy to Integration
on:
push:
branches:
- master
paths:
- 'platform/wab/**'
- 'terraform/**'
- '.github/**'
# Allow manual trigger for infrastructure apply
workflow_dispatch:
inputs:
apply_infrastructure:
description: 'Apply infrastructure changes'
required: true
type: boolean
default: false
commit_sha:
description: 'Commit SHA of the plan to apply (from the push event)'
required: true
type: string
run_id:
description: 'Workflow run ID that created the plan (from the push event)'
required: true
type: string
jobs:
build-and-plan:
name: Build Docker Image and Plan Infrastructure
runs-on: ubuntu-latest
# Run on push events only (not manual workflow_dispatch for apply)
if: github.event_name == 'push'
environment: integration
permissions:
contents: read # Read repo contents
id-token: write # Required for AWS OIDC authentication
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
aws-region: ${{ vars.AWS_REGION }}
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
- name: Mask ECR registry URL
run: |
echo "::add-mask::${{ steps.login-ecr.outputs.registry }}"
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build and push Docker image
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
ECR_REPOSITORY: ${{ vars.ECR_REPOSITORY }}
IMAGE_TAG: ${{ github.sha }}
run: |
# Mask sensitive values
echo "::add-mask::$ECR_REGISTRY"
echo "::add-mask::$ECR_REPOSITORY"
# Build the Docker image
docker build \
--platform linux/amd64 \
-t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG \
-f platform/wab/Dockerfile \
platform/
# Push to ECR
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
echo "Pushed image: $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG"
- name: Setup Terraform
uses: hashicorp/setup-terraform@v3
with:
terraform_version: 1.13.4
- name: Plan infrastructure changes
id: plan
env:
AWS_REGION: ${{ vars.AWS_REGION }}
TERRAFORM_STATE_BUCKET: ${{ vars.TERRAFORM_STATE_BUCKET }}
TF_VAR_environment: ${{ vars.ENVIRONMENT }}
TF_VAR_aws_region: ${{ vars.AWS_REGION }}
TF_VAR_hosted_zone_id: ${{ vars.HOSTED_ZONE_ID }}
TF_VAR_hosted_zone_id_host: ${{ vars.HOSTED_ZONE_ID_HOST }}
TF_VAR_parent_domain: ${{ vars.PARENT_DOMAIN || 'storefront.elasticpath.com' }}
TF_VAR_host_parent_domain: ${{ vars.HOST_PARENT_DOMAIN || 'elasticpathdev.com' }}
continue-on-error: true
run: |
# Mask sensitive values for public repo security
echo "::add-mask::$AWS_REGION"
echo "::add-mask::$TERRAFORM_STATE_BUCKET"
# Make script executable
chmod +x .github/scripts/plan-infrastructure.sh
echo "πŸ“‹ Planning infrastructure changes..."
echo "Environment: $TF_VAR_environment"
echo ""
# Run the plan script (exits with code 1 if changes detected)
./.github/scripts/plan-infrastructure.sh $TF_VAR_environment || true
# Check if plan files were created
if [ -d "terraform/plans/$TF_VAR_environment" ]; then
echo "has_changes=true" >> $GITHUB_OUTPUT
else
echo "has_changes=false" >> $GITHUB_OUTPUT
fi
- name: Upload terraform plans
if: steps.plan.outputs.has_changes == 'true'
uses: actions/upload-artifact@v4
with:
name: terraform-plans-${{ github.sha }}
path: terraform/plans/${{ vars.ENVIRONMENT }}/
retention-days: 7
- name: Comment on infrastructure changes
if: steps.plan.outputs.has_changes == 'true'
run: |
echo "### ⚠️ Infrastructure Changes Detected" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "**Environment:** ${{ vars.ENVIRONMENT }}" >> $GITHUB_STEP_SUMMARY
echo "**Commit SHA:** \`${{ github.sha }}\`" >> $GITHUB_STEP_SUMMARY
echo "**Run ID:** \`${{ github.run_id }}\`" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "Terraform plans have been saved as artifacts." >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "**To apply these changes:**" >> $GITHUB_STEP_SUMMARY
echo "1. Review the plan files in the workflow artifacts" >> $GITHUB_STEP_SUMMARY
echo "2. Go to Actions β†’ Deploy to Integration β†’ Run workflow" >> $GITHUB_STEP_SUMMARY
echo "3. Check 'Apply infrastructure changes'" >> $GITHUB_STEP_SUMMARY
echo "4. Enter the Commit SHA and Run ID from above" >> $GITHUB_STEP_SUMMARY
echo "5. Click 'Run workflow'" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
deploy-services:
name: Deploy Services
needs: build-and-plan
runs-on: ubuntu-latest
environment: integration
permissions:
contents: read
id-token: write
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
aws-region: ${{ vars.AWS_REGION }}
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
- name: Setup Terraform
uses: hashicorp/setup-terraform@v3
with:
terraform_version: 1.13.4
- name: Deploy services
env:
AWS_REGION: ${{ vars.AWS_REGION }}
TERRAFORM_STATE_BUCKET: ${{ vars.TERRAFORM_STATE_BUCKET }}
TF_VAR_environment: ${{ vars.ENVIRONMENT }}
TF_VAR_aws_region: ${{ vars.AWS_REGION }}
TF_VAR_container_image: ${{ steps.login-ecr.outputs.registry }}/${{ vars.ECR_REPOSITORY }}:${{ github.sha }}
TF_VAR_log_level: ${{ vars.LOG_LEVEL || 'info' }}
TF_VAR_admin_emails: ${{ secrets.ADMIN_EMAILS || '[]' }}
TF_VAR_skip_grant_revoke_emails: ${{ vars.SKIP_GRANT_REVOKE_EMAILS || 'true' }}
TF_VAR_generic_worker_pool_size: ${{ vars.GENERIC_WORKER_POOL_SIZE || '2' }}
TF_VAR_loader_worker_pool_size: ${{ vars.LOADER_WORKER_POOL_SIZE || '4' }}
run: |
# Mask sensitive values for public repo security
echo "::add-mask::$AWS_REGION"
echo "::add-mask::$TERRAFORM_STATE_BUCKET"
echo "::add-mask::$TF_VAR_container_image"
# Make script executable
chmod +x .github/scripts/deploy-services.sh
echo "πŸš€ Deploying services with image tag: ${{ github.sha }}"
echo "Environment: $TF_VAR_environment"
echo "Container image: $TF_VAR_container_image"
echo ""
# Run the deploy-services script
./.github/scripts/deploy-services.sh $TF_VAR_environment
echo "βœ… Services deployed successfully!"
- name: Deployment summary
if: success()
run: |
echo "### βœ… Services Deployment Successful" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "**Environment:** ${{ vars.ENVIRONMENT }}" >> $GITHUB_STEP_SUMMARY
echo "**Image Tag:** \`${GITHUB_SHA:0:8}\`" >> $GITHUB_STEP_SUMMARY
echo "**Full SHA:** \`${{ github.sha }}\`" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "**Deployed Services:**" >> $GITHUB_STEP_SUMMARY
echo "- Socket Backend" >> $GITHUB_STEP_SUMMARY
echo "- WAB" >> $GITHUB_STEP_SUMMARY
echo "- Codegen" >> $GITHUB_STEP_SUMMARY
echo "- Data" >> $GITHUB_STEP_SUMMARY
echo "- Image Optimizer" >> $GITHUB_STEP_SUMMARY
echo "- Copilot (disabled)" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
- name: Notify on failure
if: failure()
run: |
echo "### ❌ Services Deployment Failed" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "**Environment:** ${{ vars.ENVIRONMENT }}" >> $GITHUB_STEP_SUMMARY
echo "**Commit:** \`${GITHUB_SHA:0:8}\`" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "Check the workflow logs for details."
apply-infrastructure:
name: Apply Infrastructure Changes
runs-on: ubuntu-latest
# Only run on manual workflow_dispatch with apply_infrastructure=true
if: github.event_name == 'workflow_dispatch' && github.event.inputs.apply_infrastructure == 'true'
environment: integration
permissions:
contents: read
id-token: write
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
ref: ${{ github.event.inputs.commit_sha }}
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
aws-region: ${{ vars.AWS_REGION }}
- name: Setup Terraform
uses: hashicorp/setup-terraform@v3
with:
terraform_version: 1.13.4
- name: Download terraform plans
uses: actions/download-artifact@v4
with:
name: terraform-plans-${{ github.event.inputs.commit_sha }}
path: terraform/plans/${{ vars.ENVIRONMENT }}/
github-token: ${{ secrets.GITHUB_TOKEN }}
run-id: ${{ github.event.inputs.run_id }}
- name: Apply infrastructure changes
env:
AWS_REGION: ${{ vars.AWS_REGION }}
TERRAFORM_STATE_BUCKET: ${{ vars.TERRAFORM_STATE_BUCKET }}
TF_VAR_environment: ${{ vars.ENVIRONMENT }}
TF_VAR_aws_region: ${{ vars.AWS_REGION }}
run: |
# Mask sensitive values for public repo security
echo "::add-mask::$AWS_REGION"
echo "::add-mask::$TERRAFORM_STATE_BUCKET"
# Make script executable
chmod +x .github/scripts/apply-infrastructure.sh
echo "πŸš€ Applying infrastructure changes..."
echo "Environment: $TF_VAR_environment"
echo ""
# Run the apply script
./.github/scripts/apply-infrastructure.sh $TF_VAR_environment
echo "βœ… Infrastructure applied successfully!"
- name: Deployment summary
if: success()
run: |
echo "### βœ… Infrastructure Apply Successful" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "**Environment:** ${{ vars.ENVIRONMENT }}" >> $GITHUB_STEP_SUMMARY
echo "**Commit SHA:** \`${{ github.event.inputs.commit_sha }}\`" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
- name: Notify on failure
if: failure()
run: |
echo "### ❌ Infrastructure Apply Failed" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "**Environment:** ${{ vars.ENVIRONMENT }}" >> $GITHUB_STEP_SUMMARY
echo "**Commit SHA:** \`${{ github.event.inputs.commit_sha }}\`" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "Check the workflow logs for details."