Skip to content

Fix deploy issues #1791

Fix deploy issues

Fix deploy issues #1791

Workflow file for this run

name: CI/CD
on: push
env:
DOCKER_BUILDKIT: 1
OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_ENGINEERING_AUTH_TOKEN }}
jobs:
# Code quality check jobs.
check_syntax:
name: Check Syntax
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Load secrets
uses: 1password/load-secrets-action@v1
with:
export-env: true
env:
AWS_ACCESS_KEY_ID: ${{ secrets.OP_AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.OP_AWS_SECRET_ACCESS_KEY }}
- uses: actions/setup-python@v3
- uses: hashicorp/setup-terraform@v2
with:
terraform_version: 0.13.5
- name: Init Terraform in the Infrastructure Folder for Validation
run: cd infrastructure && TF_VAR_user=ci TF_VAR_stage=dev ./init_terraform.sh
- name: Init Terraform in the AMI Folder for Validation
run: cd ami && terraform init
- uses: pre-commit/[email protected]
# Test jobs.
test_affymetrix:
name: Test Affymetrix
env:
IMAGES: migrations affymetrix
needs:
- test_base
runs-on: ubuntu-latest-m
steps:
- uses: actions/checkout@v3
- name: Load secrets
uses: 1password/load-secrets-action@v1
with:
export-env: true
env:
DOCKER_USERNAME: ${{ secrets.OP_DOCKER_USERNAME }}
DOCKER_PASSWORD: ${{ secrets.OP_DOCKER_PASSWORD }}
- name: Login to Packages Container Registry
uses: docker/login-action@v2
with:
username: ${{ env.DOCKER_USERNAME }}
password: ${{ env.DOCKER_PASSWORD }}
- name: Start Postgres
run: scripts/run_postgres.sh
- name: Pause for Initialization
run: sleep 15
- name: Install Database
run: scripts/install_db_docker.sh
- name: Update Models
run: scripts/update_models.sh
- name: Run Affymetrix Tests
run: |
sudo chmod -R a+rw workers/test_volume
.github/scripts/filter_tests.sh -t affymetrix
test_agilent:
name: Test Agilent
env:
IMAGES: migrations affymetrix
needs:
- test_affymetrix
runs-on: ubuntu-latest-m
steps:
- uses: actions/checkout@v3
- name: Load secrets
uses: 1password/load-secrets-action@v1
with:
export-env: true
env:
DOCKER_USERNAME: ${{ secrets.OP_DOCKER_USERNAME }}
DOCKER_PASSWORD: ${{ secrets.OP_DOCKER_PASSWORD }}
- name: Login to Packages Container Registry
uses: docker/login-action@v2
with:
username: ${{ env.DOCKER_USERNAME }}
password: ${{ env.DOCKER_PASSWORD }}
- name: Start Postgres
run: scripts/run_postgres.sh
- name: Pause for Initialization
run: sleep 15
- name: Install Database
run: scripts/install_db_docker.sh
- name: Update Models
run: scripts/update_models.sh
- name: Run Agilent Tests
run: |
sudo -E chown -R $USER:$USER workers/test_volume
.github/scripts/filter_tests.sh -t agilent
test_api:
name: Test API
env:
IMAGES: migrations api_base api_local
needs:
- check_syntax
- test_api_base
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Load secrets
uses: 1password/load-secrets-action@v1
with:
export-env: true
env:
DOCKER_USERNAME: ${{ secrets.OP_DOCKER_USERNAME }}
DOCKER_PASSWORD: ${{ secrets.OP_DOCKER_PASSWORD }}
- name: Login to Packages Container Registry
uses: docker/login-action@v2
with:
username: ${{ env.DOCKER_USERNAME }}
password: ${{ env.DOCKER_PASSWORD }}
- name: Start Postgres
run: scripts/run_postgres.sh
- name: Start Elasticsearch
run: scripts/run_es.sh
- name: Pause for Initialization
run: sleep 15
- name: Install Database
run: scripts/install_db_docker.sh
- name: Update Models
run: scripts/update_models.sh
- name: Rebuild the Elasticsearch Index
run: scripts/rebuild_es_index.sh
- name: Run API Tests
run: |
mkdir -p test_volume
sudo chmod -R a+rw test_volume
api/run_tests.sh
.github/scripts/prepare_test_coverage.sh api
- name: Upload Test Coverage to Codecov
uses: codecov/codecov-action@v3
with:
files: ./test_volume/api_coverage.xml
name: API Tests
test_api_base:
name: Test API Base
env:
IMAGES: migrations api_base
needs:
- test_base
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Load secrets
uses: 1password/load-secrets-action@v1
with:
export-env: true
env:
DOCKER_USERNAME: ${{ secrets.OP_DOCKER_USERNAME }}
DOCKER_PASSWORD: ${{ secrets.OP_DOCKER_PASSWORD }}
- name: Login to Packages Container Registry
uses: docker/login-action@v2
with:
username: ${{ env.DOCKER_USERNAME }}
password: ${{ env.DOCKER_PASSWORD }}
- name: Start Postgres
run: scripts/run_postgres.sh
- name: Start Elasticsearch
run: scripts/run_es.sh
- name: Pause for Initialization
run: sleep 15
- name: Install Database
run: scripts/install_db_docker.sh
- name: Update Models
run: scripts/update_models.sh
- name: Build the Docker Image
run: scripts/prepare_image.sh -i api_base -s api
test_base:
name: Test Base
env:
IMAGES: base
needs:
- check_syntax
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Load secrets
uses: 1password/load-secrets-action@v1
with:
export-env: true
env:
DOCKER_USERNAME: ${{ secrets.OP_DOCKER_USERNAME }}
DOCKER_PASSWORD: ${{ secrets.OP_DOCKER_PASSWORD }}
- name: Login to Packages Container Registry
uses: docker/login-action@v2
with:
username: ${{ env.DOCKER_USERNAME }}
password: ${{ env.DOCKER_PASSWORD }}
- name: Build the Docker Image
run: scripts/prepare_image.sh -i base -s common
test_common:
name: Test Common
env:
IMAGES: migrations common_tests
needs:
- test_api
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Load secrets
uses: 1password/load-secrets-action@v1
with:
export-env: true
env:
DOCKER_USERNAME: ${{ secrets.OP_DOCKER_USERNAME }}
DOCKER_PASSWORD: ${{ secrets.OP_DOCKER_PASSWORD }}
- name: Login to Packages Container Registry
uses: docker/login-action@v2
with:
username: ${{ env.DOCKER_USERNAME }}
password: ${{ env.DOCKER_PASSWORD }}
- name: Start Postgres
run: scripts/run_postgres.sh
- name: Start Elasticsearch
run: scripts/run_es.sh
- name: Pause for Initialization
run: sleep 15
- name: Install Database
run: scripts/install_db_docker.sh
- name: Update Models
run: scripts/update_models.sh
- name: Rebuild the Elasticsearch Index
run: scripts/rebuild_es_index.sh
- name: Run Common Tests
run: |
mkdir -p workers/test_volume
sudo chmod -R a+rw workers/test_volume
common/run_tests.sh
.github/scripts/prepare_test_coverage.sh common
- name: Upload Test Coverage to Codecov
uses: codecov/codecov-action@v3
with:
files: ./test_volume/common_coverage.xml
name: Common Tests
test_downloaders_no_op:
name: Test Downloaders and No-Op
env:
IMAGES: migrations api_base api_local downloaders foreman
needs:
- test_base
runs-on: ubuntu-latest-m
steps:
- uses: actions/checkout@v3
- name: Load secrets
uses: 1password/load-secrets-action@v1
with:
export-env: true
env:
DOCKER_USERNAME: ${{ secrets.OP_DOCKER_USERNAME }}
DOCKER_PASSWORD: ${{ secrets.OP_DOCKER_PASSWORD }}
- name: Login to Packages Container Registry
uses: docker/login-action@v2
with:
username: ${{ env.DOCKER_USERNAME }}
password: ${{ env.DOCKER_PASSWORD }}
- name: Start Postgres
run: scripts/run_postgres.sh
- name: Pause for Initialization
run: sleep 15
- name: Install Database
run: scripts/install_db_docker.sh
- name: Update Models
run: scripts/update_models.sh
- name: Run Downloader Tests
run: |
.github/scripts/filter_tests.sh -t downloaders
- name: Run No-Op Tests
run: |
sudo -E chown -R $USER:$USER workers/test_volume
.github/scripts/filter_tests.sh -t no_op
test_foreman:
name: Test Foreman
env:
IMAGES: migrations foreman
needs:
- test_api
runs-on: ubuntu-latest-m
steps:
- uses: actions/checkout@v3
- name: Load secrets
uses: 1password/load-secrets-action@v1
with:
export-env: true
env:
DOCKER_USERNAME: ${{ secrets.OP_DOCKER_USERNAME }}
DOCKER_PASSWORD: ${{ secrets.OP_DOCKER_PASSWORD }}
- name: Login to Packages Container Registry
uses: docker/login-action@v2
with:
username: ${{ env.DOCKER_USERNAME }}
password: ${{ env.DOCKER_PASSWORD }}
- name: Start Postgres
run: scripts/run_postgres.sh
- name: Start Elasticsearch
run: scripts/run_es.sh
- name: Pause for Initialization
run: sleep 15
- name: Install Database
run: scripts/install_db_docker.sh
- name: Update Models
run: scripts/update_models.sh
- name: Rebuild the Elasticsearch Index
run: scripts/rebuild_es_index.sh
- name: Run Foreman Tests
run: |
mkdir -p workers/test_volume
sudo chmod -R a+rw workers/test_volume
foreman/run_tests.sh --exclude-tag=end_to_end
.github/scripts/prepare_test_coverage.sh foreman
- name: Upload Test Coverage to Codecov
uses: codecov/codecov-action@v3
with:
files: ./test_volume/foreman_coverage.xml
name: Foreman Tests
test_illumina:
name: Test Illumina
env:
IMAGES: migrations illumina
needs:
- test_base
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Load secrets
uses: 1password/load-secrets-action@v1
with:
export-env: true
env:
DOCKER_USERNAME: ${{ secrets.OP_DOCKER_USERNAME }}
DOCKER_PASSWORD: ${{ secrets.OP_DOCKER_PASSWORD }}
- name: Login to Packages Container Registry
uses: docker/login-action@v2
with:
username: ${{ env.DOCKER_USERNAME }}
password: ${{ env.DOCKER_PASSWORD }}
- name: Start Postgres
run: scripts/run_postgres.sh
- name: Pause for Initialization
run: sleep 15
- name: Install Database
run: scripts/install_db_docker.sh
- name: Update Models
run: scripts/update_models.sh
- name: Run Illumina Tests
run: |
mkdir -p workers/test_volume
sudo chmod -R a+rw workers/test_volume
.github/scripts/filter_tests.sh -t illumina
.github/scripts/prepare_test_coverage.sh workers
- name: Upload Test Coverage to Codecov
uses: codecov/codecov-action@v3
with:
files: ./workers/test_volume/workers_coverage.xml
name: Illumina Tests
test_salmon:
name: Test Salmon
env:
IMAGES: migrations salmon
needs:
- test_base
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Load secrets
uses: 1password/load-secrets-action@v1
with:
export-env: true
env:
DOCKER_USERNAME: ${{ secrets.OP_DOCKER_USERNAME }}
DOCKER_PASSWORD: ${{ secrets.OP_DOCKER_PASSWORD }}
- name: Login to Packages Container Registry
uses: docker/login-action@v2
with:
username: ${{ env.DOCKER_USERNAME }}
password: ${{ env.DOCKER_PASSWORD }}
- name: Start Postgres
run: scripts/run_postgres.sh
- name: Pause for Initialization
run: sleep 15
- name: Install Database
run: scripts/install_db_docker.sh
- name: Update Models
run: scripts/update_models.sh
- name: Run Salmon Tests
run: |
sudo chmod -R a+rw workers/test_volume
.github/scripts/filter_tests.sh -t salmon
.github/scripts/prepare_test_coverage.sh workers
- name: Upload Test Coverage to Codecov
uses: codecov/codecov-action@v3
with:
files: ./workers/test_volume/workers_coverage.xml
name: Salmon Tests
test_smasher:
name: Test Smasher
env:
IMAGES: migrations smasher
needs:
- test_base
runs-on: ubuntu-latest-m
steps:
- uses: actions/checkout@v3
- name: Load secrets
uses: 1password/load-secrets-action@v1
with:
export-env: true
env:
DOCKER_USERNAME: ${{ secrets.OP_DOCKER_USERNAME }}
DOCKER_PASSWORD: ${{ secrets.OP_DOCKER_PASSWORD }}
- name: Login to Packages Container Registry
uses: docker/login-action@v2
with:
username: ${{ env.DOCKER_USERNAME }}
password: ${{ env.DOCKER_PASSWORD }}
- name: Start Postgres
run: scripts/run_postgres.sh
- name: Pause for Initialization
run: sleep 15
- name: Install Database
run: scripts/install_db_docker.sh
- name: Update Models
run: scripts/update_models.sh
- name: Run Smasher Tests
run: |
mkdir -p workers/test_volume
sudo chmod -R a+rw workers/test_volume
.github/scripts/filter_tests.sh -t smasher
.github/scripts/prepare_test_coverage.sh workers
- name: Run Janitor Tests
run: |
sudo -E chown -R $USER:$USER workers/test_volume
.github/scripts/filter_tests.sh -t janitor
.github/scripts/prepare_test_coverage.sh workers
- name: Upload Test Coverage to Codecov
uses: codecov/codecov-action@v3
with:
files: ./workers/test_volume/workers_coverage.xml
name: Janitor Tests
- name: Run Compendia Tests
run: |
sudo -E chown -R $USER:$USER workers/test_volume
.github/scripts/filter_tests.sh -t compendia
.github/scripts/prepare_test_coverage.sh workers
- name: Upload Test Coverage to Codecov
uses: codecov/codecov-action@v3
with:
files: ./workers/test_volume/workers_coverage.xml
name: Compendia Tests
- name: Run QN Tests
run: |
sudo -E chown -R $USER:$USER workers/test_volume
.github/scripts/filter_tests.sh -t qn
.github/scripts/prepare_test_coverage.sh workers
- name: Upload Test Coverage to Codecov
uses: codecov/codecov-action@v3
with:
files: ./workers/test_volume/workers_coverage.xml
name: QN Tests
test_transcriptome:
name: Test Transcriptome
env:
DOCKER_BUILDKIT: 1
IMAGES: migrations transcriptome
needs:
- test_base
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Load secrets
uses: 1password/load-secrets-action@v1
with:
export-env: true
env:
DOCKER_USERNAME: ${{ secrets.OP_DOCKER_USERNAME }}
DOCKER_PASSWORD: ${{ secrets.OP_DOCKER_PASSWORD }}
- name: Login to Packages Container Registry
uses: docker/login-action@v2
with:
username: ${{ env.DOCKER_USERNAME }}
password: ${{ env.DOCKER_PASSWORD }}
- name: Start Postgres
run: scripts/run_postgres.sh
- name: Pause for Initialization
run: sleep 15
- name: Install Database
run: scripts/install_db_docker.sh
- name: Update Models
run: scripts/update_models.sh
- name: Run Transcriptome Tests
run: |
mkdir -p workers/test_volume
sudo chmod -R a+rw workers/test_volume
.github/scripts/filter_tests.sh -t transcriptome
.github/scripts/prepare_test_coverage.sh workers
- name: Upload Test Coverage to Codecov
uses: codecov/codecov-action@v3
with:
files: ./workers/test_volume/workers_coverage.xml
name: Transcriptome Tests
# Deploy jobs.
deploy:
name: Deploy
env:
CI_USERNAME: ${{ github.actor }}
if: startsWith(github.ref, 'refs/tags/v') && ! endsWith(github.ref, '-hotfix')
needs:
- determine_branch
- test_affymetrix
- test_agilent
- test_api
- test_common
- test_downloaders_no_op
- test_foreman
- test_illumina
- test_salmon
- test_smasher
- test_transcriptome
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Load secrets
uses: 1password/load-secrets-action@v1
with:
export-env: true
env:
DEPLOY_BOX_SSH_PRIVATE_KEY: ${{ secrets.OP_DEPLOY_BOX_SSH_PRIVATE_KEY }}
SSH_PUBLIC_KEY: ${{ secrets.OP_SSH_PUBLIC_KEY }}
AWS_ACCESS_KEY_ID: ${{ secrets.OP_AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.OP_AWS_SECRET_ACCESS_KEY }}
DEPLOY_BOX_IP: ${{ secrets.OP_DEPLOY_BOX_IP }}
DOCKER_USERNAME: ${{ secrets.OP_DOCKER_USERNAME }}
DOCKER_PASSWORD: ${{ secrets.OP_DOCKER_PASSWORD }}
SENTRY_DSN: ${{ secrets.OP_SENTRY_DSN }}
SLACK_WEBHOOK_URL: ${{ secrets.OP_SLACK_WEBHOOK_URL }}
STAGING_DATABASE_PASSWORD: ${{ secrets.OP_STAGING_DATABASE_PASSWORD }}
STAGING_DJANGO_SECRET_KEY: ${{ secrets.OP_STAGING_DJANGO_SECRET_KEY }}
PRODUCTION_DATABASE_PASSWORD: ${{ secrets.OP_PRODUCTION_DATABASE_PASSWORD }}
PRODUCTION_DJANGO_SECRET_KEY: ${{ secrets.OP_PRODUCTION_DJANGO_SECRET_KEY }}
- name: Set the $BRANCH and $CI_TAG Environment Variables
run: |
. scripts/common.sh
echo "BRANCH=$(get_deploy_branch ${GITHUB_REF#refs/tags/})" >> $GITHUB_ENV
# Remove /ref/tags/ from the beginning of the tag name
echo "CI_TAG=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV
- name: Set Staging Specific Environment Variables
if: ${{needs.determine_branch.outputs.branch == 'dev'}}
run: |
echo "DATABASE_PASSWORD=${STAGING_DATABASE_PASSWORD}" >> $GITHUB_ENV
echo "DJANGO_SECRET_KEY=${STAGING_DJANGO_SECRET_KEY}" >> $GITHUB_ENV
echo "SENTRY_DSN=${SENTRY_DSN}" >> $GITHUB_ENV
# Staging doesn't notify the engagementbot, so overwrite this to be blank.
echo "SLACK_WEBHOOK_URL=" >> $GITHUB_ENV
- name: Set Production Specific Environment Variables
if: ${{needs.determine_branch.outputs.branch == 'master'}}
run: |
echo "DATABASE_PASSWORD=${PRODUCTION_DATABASE_PASSWORD}" >> $GITHUB_ENV
echo "DJANGO_SECRET_KEY=${PRODUCTION_DJANGO_SECRET_KEY}" >> $GITHUB_ENV
echo "SENTRY_DSN=${SENTRY_DSN}" >> $GITHUB_ENV
echo "SLACK_WEBHOOK_URL=${SLACK_WEBHOOK_URL}" >> $GITHUB_ENV
- name: Deploy
run: .github/scripts/remote_deploy.sh
- name: Cleanup Deploy
run: .github/scripts/post_deploy_cleanup.sh
timeout-minutes: 1440
deploy_hotfix:
name: Deploy Hotfix
env:
CI_USERNAME: ${{ github.actor }}
if: startsWith(github.ref, 'refs/tags/v') && endsWith(github.ref, '-hotfix')
needs:
- determine_branch
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Load secrets
uses: 1password/load-secrets-action@v1
with:
export-env: true
env:
DEPLOY_BOX_SSH_PRIVATE_KEY: ${{ secrets.OP_DEPLOY_BOX_SSH_PRIVATE_KEY }}
SSH_PUBLIC_KEY: ${{ secrets.OP_SSH_PUBLIC_KEY }}
AWS_ACCESS_KEY_ID: ${{ secrets.OP_AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.OP_AWS_SECRET_ACCESS_KEY }}
DEPLOY_BOX_IP: ${{ secrets.OP_DEPLOY_BOX_IP }}
DOCKER_USERNAME: ${{ secrets.OP_DOCKER_USERNAME }}
DOCKER_PASSWORD: ${{ secrets.OP_DOCKER_PASSWORD }}
SENTRY_DSN: ${{ secrets.OP_SENTRY_DSN }}
SLACK_WEBHOOK_URL: ${{ secrets.OP_SLACK_WEBHOOK_URL }}
STAGING_DATABASE_PASSWORD: ${{ secrets.OP_STAGING_DATABASE_PASSWORD }}
STAGING_DJANGO_SECRET_KEY: ${{ secrets.OP_STAGING_DJANGO_SECRET_KEY }}
PRODUCTION_DATABASE_PASSWORD: ${{ secrets.OP_PRODUCTION_DATABASE_PASSWORD }}
PRODUCTION_DJANGO_SECRET_KEY: ${{ secrets.OP_PRODUCTION_DJANGO_SECRET_KEY }}
- name: Set the $BRANCH and $CI_TAG Environment Variables
run: |
. scripts/common.sh
echo "BRANCH=$(get_deploy_branch ${GITHUB_REF#refs/tags/})" >> $GITHUB_ENV
# Remove /ref/tags/ from the beginning of the tag name
echo "CI_TAG=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV
- name: Set Staging Specific Environment Variables
if: ${{needs.determine_branch.outputs.branch == 'dev'}}
run: |
echo "DATABASE_PASSWORD=${STAGING_DATABASE_PASSWORD}" >> $GITHUB_ENV
echo "DJANGO_SECRET_KEY=${STAGING_DJANGO_SECRET_KEY}" >> $GITHUB_ENV
echo "SENTRY_DSN=${SENTRY_DSN}" >> $GITHUB_ENV
# Staging doesn't notify the engagementbot, so overwrite this to be blank.
echo "SLACK_WEBHOOK_URL=" >> $GITHUB_ENV
- name: Set Production Specific Environment Variables
if: ${{needs.determine_branch.outputs.branch == 'master'}}
run: |
echo "DATABASE_PASSWORD=${PRODUCTION_DATABASE_PASSWORD}" >> $GITHUB_ENV
echo "DJANGO_SECRET_KEY=${PRODUCTION_DJANGO_SECRET_KEY}" >> $GITHUB_ENV
echo "SENTRY_DSN=${SENTRY_DSN}" >> $GITHUB_ENV
echo "SLACK_WEBHOOK_URL=${SLACK_WEBHOOK_URL}" >> $GITHUB_ENV
- name: Deploy
run: .github/scripts/remote_deploy.sh
- name: Cleanup Deploy
run: .github/scripts/post_deploy_cleanup.sh
timeout-minutes: 1440
determine_branch:
name: Determene Branch
# As far as I can tell, this is the only way to use the output of
# a script in a github conditional.
if: startsWith(github.ref, 'refs/tags/v')
runs-on: ubuntu-latest
outputs:
branch: ${{ steps.set_branch.outputs.branch }}
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
- id: set_branch
name: Set the $CI_TAG Environment Variable
run: |
. scripts/common.sh
echo "branch=$(get_deploy_branch ${GITHUB_REF#refs/tags/})" >> $GITHUB_OUTPUT