Provision #10
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Provision environment | |
| run-name: Provision ${{ github.event.inputs.environment }} | |
| on: | |
| push: | |
| branches: | |
| - playbook-cleanup | |
| workflow_dispatch: | |
| inputs: | |
| environment: | |
| type: choice | |
| description: Machine to provision | |
| default: qa | |
| required: true | |
| options: | |
| - staging | |
| - qa | |
| - production | |
| jobs: | |
| provision: | |
| environment: ${{ github.event.inputs.environment }} | |
| runs-on: ubuntu-20.04 | |
| outputs: | |
| outcome: ${{ steps.deploy.outcome }} | |
| timeout-minutes: 60 | |
| strategy: | |
| matrix: | |
| node-version: [16.20.0] | |
| steps: | |
| - name: Clone country config resource package | |
| uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 | |
| path: './${{ github.event.repository.name }}' | |
| - name: Set environment type ENV_TYPE | |
| run: | | |
| if [ "${{ github.event.inputs.environment }}" == "production" ]; then | |
| echo "ENV_TYPE=production" >> "$GITHUB_ENV" | |
| else | |
| echo "ENV_TYPE=qa" >> "$GITHUB_ENV" | |
| fi | |
| - name: Setup PEM file | |
| # Secret didn't work directly in the if condition | |
| env: | |
| SSH_KEY: ${{ secrets.SSH_KEY }} | |
| if: ${{ env.SSH_KEY }} | |
| run: | | |
| echo "${{ secrets.SSH_KEY }}" > /tmp/server.pem | |
| chmod 600 /tmp/server.pem | |
| # | |
| # Uncomment if using VPN | |
| # | |
| #- name: Install openconnect ppa | |
| # run: sudo add-apt-repository ppa:dwmw2/openconnect -y && sudo apt update | |
| #- name: Install openconnect | |
| # run: sudo apt install -y openconnect | |
| #- name: Connect to VPN | |
| # run: | | |
| # echo "${{ secrets.VPN_PWD }}" | sudo openconnect -u ${{ secrets.VPN_USER }} --passwd-on-stdin --protocol=${{ secrets.VPN_PROTOCOL }} ${{ secrets.VPN_HOST }}:${{ secrets.VPN_PORT }} --servercert ${{ secrets.VPN_SERVERCERT }} --background | |
| #- name: Test if IP is reachable | |
| # run: | | |
| # ping -c4 ${{ secrets.SSH_HOST }} | |
| - name: Set variables for ansible in production environments | |
| id: ansible-production-variables | |
| if: env.ENV_TYPE == 'production' | |
| run: | | |
| JSON_WITH_NEWLINES=$(cat<<EOF | |
| ${{ toJSON(env) }} | |
| EOF) | |
| JSON_WITHOUT_NEWLINES=$(echo $JSON_WITH_NEWLINES | jq -R -c .) | |
| echo "EXTRA_VARS=$JSON_WITHOUT_NEWLINES" >> $GITHUB_OUTPUT | |
| env: | |
| encrypted_disk_size: ${{ vars.DISK_SPACE }} | |
| disk_encryption_key: ${{ secrets.ENCRYPTION_KEY }} | |
| dockerhub_username: ${{ secrets.DOCKER_USERNAME }} | |
| dockerhub_password: ${{ secrets.DOCKER_TOKEN }} | |
| mongodb_admin_username: ${{ secrets.MONGODB_ADMIN_USER }} | |
| mongodb_admin_password: ${{ secrets.MONGODB_ADMIN_PASSWORD }} | |
| elasticsearch_superuser_password: ${{ secrets.ELASTICSEARCH_SUPERUSER_PASSWORD }} | |
| external_backup_server_remote_directory: ${{ vars.BACKUP_DIRECTORY }} | |
| external_backup_server_user: ${{ secrets.SSH_USER }} | |
| external_backup_server_ssh_port: 22 | |
| external_backup_server_ip: ${{ secrets.BACKUP_HOST }} | |
| manager_production_server_ip: ${{ secrets.SSH_HOST }} | |
| ansible_user: ${{ secrets.SSH_USER }} | |
| # ansible_sudo_pass: ${{ secrets.SUDO_PASSWORD }} in case your user is not root | |
| - name: Set variables for ansible in qa environments | |
| id: ansible-variables | |
| if: env.ENV_TYPE == 'qa' | |
| run: | | |
| JSON_WITH_NEWLINES=$(cat<<EOF | |
| ${{ toJSON(env) }} | |
| EOF) | |
| JSON_WITHOUT_NEWLINES=$(echo $JSON_WITH_NEWLINES | jq -R -c .) | |
| echo "EXTRA_VARS=$JSON_WITHOUT_NEWLINES" >> $GITHUB_OUTPUT | |
| env: | |
| encrypted_disk_size: ${{ vars.DISK_SPACE }} | |
| disk_encryption_key: ${{ secrets.ENCRYPTION_KEY }} | |
| dockerhub_username: ${{ secrets.DOCKER_USERNAME }} | |
| dockerhub_password: ${{ secrets.DOCKER_TOKEN }} | |
| mongodb_admin_username: ${{ secrets.MONGODB_ADMIN_USER }} | |
| mongodb_admin_password: ${{ secrets.MONGODB_ADMIN_PASSWORD }} | |
| elasticsearch_superuser_password: ${{ secrets.ELASTICSEARCH_SUPERUSER_PASSWORD }} | |
| # ansible_sudo_pass: ${{ secrets.SUDO_PASSWORD }} in case your user is not root | |
| - name: Read known hosts | |
| run: | | |
| cd ${{ github.event.repository.name }} | |
| echo "KNOWN_HOSTS<<EOF" >> $GITHUB_ENV | |
| sed -i -e '$a\' ./infrastructure/.known-hosts | |
| cat ./infrastructure/.known-hosts >> $GITHUB_ENV | |
| echo "EOF" >> $GITHUB_ENV | |
| - name: Install SSH Key | |
| uses: shimataro/ssh-key-action@v2 | |
| with: | |
| key: ${{ secrets.SSH_KEY }} | |
| known_hosts: ${{ env.KNOWN_HOSTS }} | |
| - name: Run playbook on 1 replica in qa | |
| uses: dawidd6/action-ansible-playbook@v2 | |
| if: vars.REPLICAS == 1 && env.ENV_TYPE == 'qa' | |
| env: | |
| ANSIBLE_PERSISTENT_COMMAND_TIMEOUT: 30 | |
| ANSIBLE_SSH_TIMEOUT: 30 | |
| ANSIBLE_SSH_RETRIES: 20 | |
| with: | |
| playbook: playbook.yml | |
| directory: ${{ github.event.repository.name }}/infrastructure/server-setup | |
| inventory: | | |
| [docker-manager-first] | |
| ${{ vars.HOSTNAME }} ansible_host="${{ secrets.SSH_HOST }}" data_label=data1 | |
| [docker-workers] | |
| options: | | |
| --verbose | |
| --extra-vars ""${{ steps.ansible-variables.outputs.EXTRA_VARS }}"" | |
| - name: Run playbook on 1 replica in production | |
| uses: dawidd6/action-ansible-playbook@v2 | |
| if: vars.REPLICAS == 1 && env.ENV_TYPE == 'production' | |
| env: | |
| ANSIBLE_PERSISTENT_COMMAND_TIMEOUT: 30 | |
| ANSIBLE_SSH_TIMEOUT: 30 | |
| ANSIBLE_SSH_RETRIES: 20 | |
| with: | |
| playbook: playbook.yml | |
| directory: ${{ github.event.repository.name }}/infrastructure/server-setup | |
| inventory: | | |
| [docker-manager-first] | |
| ${{ vars.HOSTNAME }} ansible_host="${{ secrets.SSH_HOST }}" data_label=data1 | |
| [docker-workers] | |
| options: | | |
| --verbose | |
| --extra-vars ""${{ steps.ansible-production-variables.outputs.EXTRA_VARS }}"" |