From 0ae710c027152fb17eb72e7f338fd11c25f80b1d Mon Sep 17 00:00:00 2001 From: Nick Tampakas Date: Wed, 11 Sep 2024 14:03:32 +0300 Subject: [PATCH 1/7] Install netcat --- client/Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/client/Dockerfile b/client/Dockerfile index 9a57380..059435a 100644 --- a/client/Dockerfile +++ b/client/Dockerfile @@ -1,4 +1,5 @@ FROM node:21 +RUN apt-get update ; apt-get install -y netcat-openbsd WORKDIR /app From 95babef1f8b86fb4c49e6e58ef845b7e6e5924df Mon Sep 17 00:00:00 2001 From: Nick Tampakas Date: Wed, 11 Sep 2024 14:04:08 +0300 Subject: [PATCH 2/7] Create deployment workflow + aux scripts for build/deploy --- .github/scripts/build.sh | 16 ++++++++++++++++ .github/scripts/deploy.sh | 13 +++++++++++++ .github/workflows/deploy.yml | 37 ++++++++++++++++++++++++++++++++++++ 3 files changed, 66 insertions(+) create mode 100755 .github/scripts/build.sh create mode 100755 .github/scripts/deploy.sh create mode 100644 .github/workflows/deploy.yml diff --git a/.github/scripts/build.sh b/.github/scripts/build.sh new file mode 100755 index 0000000..1e5e2a1 --- /dev/null +++ b/.github/scripts/build.sh @@ -0,0 +1,16 @@ +#!/bin/bash +set -ex + +ISSUER_URL="https://issuer-anon-aadhaar.pse.dev" + +aws ecr get-login-password --region eu-central-1 | docker login --username AWS --password-stdin 490752553772.dkr.ecr.eu-central-1.amazonaws.com + +docker build --build-arg "NEXT_PUBLIC_ISSUER_URL=$ISSUER_URL" -t anon-aadhaar-client -f client/Dockerfile client +docker tag anon-aadhaar-client:latest 490752553772.dkr.ecr.eu-central-1.amazonaws.com/anon-aadhaar-client:latest +docker push 490752553772.dkr.ecr.eu-central-1.amazonaws.com/anon-aadhaar-client:latest + +docker build -t anon-aadhaar-onchain-non-merklized-issuer . +docker tag anon-aadhaar-onchain-non-merklized-issuer:latest 490752553772.dkr.ecr.eu-central-1.amazonaws.com/anon-aadhaar-onchain-non-merklized-issuer:latest +docker push 490752553772.dkr.ecr.eu-central-1.amazonaws.com/anon-aadhaar-onchain-non-merklized-issuer:latest + +exit 0 diff --git a/.github/scripts/deploy.sh b/.github/scripts/deploy.sh new file mode 100755 index 0000000..6cb1462 --- /dev/null +++ b/.github/scripts/deploy.sh @@ -0,0 +1,13 @@ +#!/bin/bash +set -ex + +tasks="anon-aadhaar-client anon-aadhaar-onchain-non-merklized-issuer" +for task in $tasks; do + anon_aadhaar_revision=$(aws ecs describe-task-definition --task-definition $task --query "taskDefinition.revision") + aws ecs update-service --cluster anon-aadhaar --service $task --force-new-deployment --task-definition $task:$anon_aadhaar_revision +done + +for loop in {1..3}; do + [ "$loop" -eq 3 ] && exit 1 + aws ecs wait services-stable --cluster anon-aadhaar --services $tasks && break || continue +done diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml new file mode 100644 index 0000000..a87153b --- /dev/null +++ b/.github/workflows/deploy.yml @@ -0,0 +1,37 @@ +name: Deploy +on: + push: + branches: + - main + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +jobs: + deploy: + runs-on: ubuntu-latest + permissions: + id-token: write + contents: read + + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + persist-credentials: false + + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: arn:aws:iam::490752553772:role/privado-frontend-ecs-deploy-slc + role-duration-seconds: 2700 + aws-region: eu-central-1 + + - name: Build and Push images to ECR + run: | + .github/scripts/build.sh + + - name: Create Deployment + run: | + .github/scripts/deploy.sh From fa47bcd05532f4807fa5ab02588b1b0baf0cb2d6 Mon Sep 17 00:00:00 2001 From: Nick Tampakas Date: Wed, 11 Sep 2024 14:16:05 +0300 Subject: [PATCH 3/7] Change image name/ecr --- .github/scripts/build.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/scripts/build.sh b/.github/scripts/build.sh index 1e5e2a1..b0d948b 100755 --- a/.github/scripts/build.sh +++ b/.github/scripts/build.sh @@ -9,8 +9,8 @@ docker build --build-arg "NEXT_PUBLIC_ISSUER_URL=$ISSUER_URL" -t anon-aadhaar-cl docker tag anon-aadhaar-client:latest 490752553772.dkr.ecr.eu-central-1.amazonaws.com/anon-aadhaar-client:latest docker push 490752553772.dkr.ecr.eu-central-1.amazonaws.com/anon-aadhaar-client:latest -docker build -t anon-aadhaar-onchain-non-merklized-issuer . -docker tag anon-aadhaar-onchain-non-merklized-issuer:latest 490752553772.dkr.ecr.eu-central-1.amazonaws.com/anon-aadhaar-onchain-non-merklized-issuer:latest -docker push 490752553772.dkr.ecr.eu-central-1.amazonaws.com/anon-aadhaar-onchain-non-merklized-issuer:latest +docker build -t anon-aadhaar-issuer . +docker tag anon-aadhaar-issuer:latest 490752553772.dkr.ecr.eu-central-1.amazonaws.com/anon-aadhaar-issuer:latest +docker push 490752553772.dkr.ecr.eu-central-1.amazonaws.com/anon-aadhaar-issuer:latest exit 0 From 10e38ea8e20350e3db9569d858a9b325a75cdffd Mon Sep 17 00:00:00 2001 From: Nick Tampakas Date: Wed, 11 Sep 2024 14:31:21 +0300 Subject: [PATCH 4/7] Change service name --- .github/scripts/deploy.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/scripts/deploy.sh b/.github/scripts/deploy.sh index 6cb1462..2a77640 100755 --- a/.github/scripts/deploy.sh +++ b/.github/scripts/deploy.sh @@ -1,7 +1,7 @@ #!/bin/bash set -ex -tasks="anon-aadhaar-client anon-aadhaar-onchain-non-merklized-issuer" +tasks="anon-aadhaar-client anon-aadhaar-issuer" for task in $tasks; do anon_aadhaar_revision=$(aws ecs describe-task-definition --task-definition $task --query "taskDefinition.revision") aws ecs update-service --cluster anon-aadhaar --service $task --force-new-deployment --task-definition $task:$anon_aadhaar_revision From 2d488e87ea4b901d541575d6102145d81e25e33f Mon Sep 17 00:00:00 2001 From: Nick Tampakas Date: Wed, 11 Sep 2024 14:36:50 +0300 Subject: [PATCH 5/7] Change step name --- .github/workflows/deploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index a87153b..68b40d3 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -32,6 +32,6 @@ jobs: run: | .github/scripts/build.sh - - name: Create Deployment + - name: Trigger ECS Deployment run: | .github/scripts/deploy.sh From 5448579d767452f3339aa2524c0024f5b53917a7 Mon Sep 17 00:00:00 2001 From: Nick Tampakas Date: Thu, 12 Sep 2024 11:35:50 +0300 Subject: [PATCH 6/7] Workflows replaced by a single one that builds / pushes / deployes new images --- .github/workflows/push-backend-erc.yaml | 57 ---------------------- .github/workflows/push-frontend-erc.yaml | 60 ------------------------ 2 files changed, 117 deletions(-) delete mode 100644 .github/workflows/push-backend-erc.yaml delete mode 100644 .github/workflows/push-frontend-erc.yaml diff --git a/.github/workflows/push-backend-erc.yaml b/.github/workflows/push-backend-erc.yaml deleted file mode 100644 index 03246bf..0000000 --- a/.github/workflows/push-backend-erc.yaml +++ /dev/null @@ -1,57 +0,0 @@ -name: Push onchain non merklized backend to AWS ECR - -on: - workflow_dispatch: - push: - branches: - - main - -env: - AWS_ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID_PRIVADO_ID }} - AWS_DEFAULT_REGION: ${{ secrets.AWS_REGION_PRIVADO_ID }} - ECR_REPOSITORY: onchain_non_merklized_issuer_backend_demo - -jobs: - deploy: - environment: - name: ${{ github.ref_name }} - name: Build and deploy ochain non merklized issuer backend to AWS ECR - runs-on: ubuntu-latest - permissions: - id-token: write - contents: write - steps: - - name: Checkout - uses: actions/checkout@v4 - - - uses: actions/setup-node@v4 - with: - node-version: 16 - - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - aws-region: ${{ env.AWS_DEFAULT_REGION }} - role-to-assume: arn:aws:iam::${{ env.AWS_ACCOUNT_ID }}:role/PolygonIDActionsRole - role-session-name: GitHubActionsSession - - - name: Login to Amazon ECR - uses: aws-actions/amazon-ecr-login@v2 - id: login-ecr - - - name: Get version - run: echo "::set-output name=VERSION::$(git rev-parse --short HEAD)" - id: version - - - name: Build with tag and push image - env: - ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} - ECR_REPOSITORY: ${{ env.ECR_REPOSITORY }} - IMAGE_TAG: ${{ steps.version.outputs.VERSION }} - run: | - docker build \ - -t ${{ env.ECR_REGISTRY }}/${{ env.ECR_REPOSITORY }}:latest \ - -t ${{ env.ECR_REGISTRY }}/${{ env.ECR_REPOSITORY }}:${{ env.IMAGE_TAG }} . - - docker push ${{ env.ECR_REGISTRY }}/${{ env.ECR_REPOSITORY }}:${{ env.IMAGE_TAG }} - docker push ${{ env.ECR_REGISTRY }}/${{ env.ECR_REPOSITORY }}:latest \ No newline at end of file diff --git a/.github/workflows/push-frontend-erc.yaml b/.github/workflows/push-frontend-erc.yaml deleted file mode 100644 index 80c7a05..0000000 --- a/.github/workflows/push-frontend-erc.yaml +++ /dev/null @@ -1,60 +0,0 @@ -name: Push onchain non merklized frontend to AWS ECR - -on: - workflow_dispatch: - push: - branches: - - main - -env: - AWS_ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID_PRIVADO_ID }} - AWS_DEFAULT_REGION: ${{ secrets.AWS_REGION_PRIVADO_ID }} - ECR_REPOSITORY: onchain_non_merklized_issuer_frontend_demo - NEXT_PUBLIC_ISSUER_URL: ${{ vars.NEXT_PUBLIC_ISSUER_URL }} - -jobs: - deploy: - environment: - name: ${{ github.ref_name }} - name: Build and deploy ochain non merklized issuer frontend to AWS ECR - runs-on: ubuntu-latest - permissions: - id-token: write - contents: write - steps: - - name: Checkout - uses: actions/checkout@v4 - - - uses: actions/setup-node@v4 - with: - node-version: 16 - - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - aws-region: ${{ env.AWS_DEFAULT_REGION }} - role-to-assume: arn:aws:iam::${{ env.AWS_ACCOUNT_ID }}:role/PolygonIDActionsRole - role-session-name: GitHubActionsSession - - - name: Login to Amazon ECR - uses: aws-actions/amazon-ecr-login@v2 - id: login-ecr - - - name: Get version - run: echo "::set-output name=VERSION::$(git rev-parse --short HEAD)" - id: version - - - name: Build with tag and push image - env: - ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} - ECR_REPOSITORY: ${{ env.ECR_REPOSITORY }} - IMAGE_TAG: ${{ steps.version.outputs.VERSION }} - run: | - docker build \ - -t ${{ env.ECR_REGISTRY }}/${{ env.ECR_REPOSITORY }}:latest \ - -t ${{ env.ECR_REGISTRY }}/${{ env.ECR_REPOSITORY }}:${{ env.IMAGE_TAG }} \ - --build-arg="NEXT_PUBLIC_ISSUER_URL=${{ env.NEXT_PUBLIC_ISSUER_URL }}" \ - -f client/Dockerfile client - - docker push ${{ env.ECR_REGISTRY }}/${{ env.ECR_REPOSITORY }}:${{ env.IMAGE_TAG }} - docker push ${{ env.ECR_REGISTRY }}/${{ env.ECR_REPOSITORY }}:latest \ No newline at end of file From c97b4dbc8d3e7b686158a7a637f85e860bf1ffe4 Mon Sep 17 00:00:00 2001 From: Nick Tampakas Date: Thu, 12 Sep 2024 17:12:29 +0300 Subject: [PATCH 7/7] Change issuer URL --- .github/scripts/build.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/scripts/build.sh b/.github/scripts/build.sh index b0d948b..d6031e9 100755 --- a/.github/scripts/build.sh +++ b/.github/scripts/build.sh @@ -1,7 +1,7 @@ #!/bin/bash set -ex -ISSUER_URL="https://issuer-anon-aadhaar.pse.dev" +ISSUER_URL="https://issuer.anon-aadhaar.pse.dev" aws ecr get-login-password --region eu-central-1 | docker login --username AWS --password-stdin 490752553772.dkr.ecr.eu-central-1.amazonaws.com