Skip to content

Commit

Permalink
Update how we perform deployments to set environment variables
Browse files Browse the repository at this point in the history
Previously we didn't define any environment variables at deploy time;
instead we set them manually. A configuration change when we moved from
Python 3.9 to 3.11 caused SAM to redefine the infrastructure, and this
in turn caused a all existing environment variables to be wiped,
bringing down the staging ingester.

This PR moves to defining the environment variables in the
`template.yml` file which is used by SAM. The exact values are passed in
at deploy time by GitHub Actions as part of configuring the
infrastructure.

Variables are stored in GitHub environments.
  • Loading branch information
jacksonj04 committed Oct 16, 2023
1 parent f7e06d1 commit dd33c27
Show file tree
Hide file tree
Showing 3 changed files with 63 additions and 48 deletions.
18 changes: 17 additions & 1 deletion .github/workflows/deploy-production.yml
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ on:
jobs:
build-deploy:
runs-on: ubuntu-latest
environment: production
steps:
- uses: actions/checkout@v4
- name: Run latest-tag
Expand All @@ -19,4 +20,19 @@ jobs:
aws-secret-access-key: ${{ secrets.AWS_PRODUCTION_SECRET_ACCESS_KEY }}
aws-region: eu-west-2
- run: sam build --use-container -m requirements/base.txt
- run: sam deploy --no-confirm-changeset --no-fail-on-empty-changeset --stack-name ds-caselaw-ingester --s3-bucket tna-caselaw-ingester-deploy --capabilities CAPABILITY_IAM --region eu-west-2
- run: >
sam deploy --no-confirm-changeset --no-fail-on-empty-changeset --stack-name ds-caselaw-ingester --s3-bucket tna-caselaw-ingester-deploy --capabilities CAPABILITY_IAM --region eu-west-2 --parameter-overrides
AwsBucketName=${{ vars.AWS_BUCKET_NAME }}
EditorialUiBaseUrl=${{ vars.EDITORIAL_UI_BASE_URL }}
MarklogicHost=${{ secrets.MARKLOGIC_HOST }}
MarklogicPassword=${{ secrets.MARKLOGIC_PASSWORD }}
MarklogicUser=${{ secrets.MARKLOGIC_USER }}
MaxRetries=${{ vars.MAX_RETRIES }}
NotifyApiKey=${{ secrets.NOTIFY_API_KEY }}
NotifyEditorialAddress=${{ vars.NOTIFY_EDITORIAL_ADDRESS }}
NotifyNewJudgmentTemplateId=${{ vars.NOTIFY_NEW_JUDGMENT_TEMPLATE_ID }}
NotifyUpdatedJudgmentTemplateId=${{ vars.NOTIFY_UPDATED_JUDGMENT_TEMPLATE_ID }}
PublicAssetBucket=${{ vars.PUBLIC_ASSET_BUCKET }}
RollbarEnv=${{ vars.ROLLBAR_ENV }}
RollbarToken=${{ secrets.ROLLBAR_TOKEN }}
SqsQueueUrl=${{ vars.SQS_QUEUE_URL }}
37 changes: 18 additions & 19 deletions .github/workflows/deploy.yml
Original file line number Diff line number Diff line change
@@ -1,9 +1,8 @@
name: Deploy lambda to AWS

on:
push:
branches:
- main
branches:
- main

jobs:
build-deploy:
Expand All @@ -19,19 +18,19 @@ jobs:
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: eu-west-2
- run: sam build --use-container -m requirements/base.txt
- run:
sam deploy --no-confirm-changeset --no-fail-on-empty-changeset --stack-name ds-caselaw-ingester --s3-bucket ingester-test-2 --capabilities CAPABILITY_IAM --region eu-west-2 --parameter-overrides \
ParameterKey=AWS_BUCKET_NAME,ParameterValue=${{ vars.AWS_BUCKET_NAME }} \
ParameterKey=EDITORIAL_UI_BASE_URL,ParameterValue=${{ vars.EDITORIAL_UI_BASE_URL }} \
ParameterKey=MARKLOGIC_HOST,ParameterValue=${{ secrets.MARKLOGIC_HOST }} \
ParameterKey=MARKLOGIC_PASSWORD,ParameterValue=${{ secrets.MARKLOGIC_PASSWORD }} \
ParameterKey=MARKLOGIC_USER,ParameterValue=${{ secrets.MARKLOGIC_USER }} \
ParameterKey=MAX_RETRIES,ParameterValue=${{ vars.MAX_RETRIES }} \
ParameterKey=NOTIFY_API_KEY,ParameterValue=${{ secrets.NOTIFY_API_KEY }} \
ParameterKey=NOTIFY_EDITORIAL_ADDRESS,ParameterValue=${{ vars.NOTIFY_EDITORIAL_ADDRESS }} \
ParameterKey=NOTIFY_NEW_JUDGMENT_TEMPLATE_ID,ParameterValue=${{ vars.NOTIFY_NEW_JUDGMENT_TEMPLATE_ID }} \
ParameterKey=NOTIFY_UPDATED_JUDGMENT_TEMPLATE_ID,ParameterValue=${{ vars.NOTIFY_UPDATED_JUDGMENT_TEMPLATE_ID }} \
ParameterKey=PUBLIC_ASSET_BUCKET,ParameterValue=${{ vars.PUBLIC_ASSET_BUCKET }} \
ParameterKey=ROLLBAR_ENV,ParameterValue=${{ vars.ROLLBAR_ENV }} \
ParameterKey=ROLLBAR_TOKEN,ParameterValue=${{ secrets.ROLLBAR_TOKEN }} \
ParameterKey=SQS_QUEUE_URL,ParameterValue=${{ vars.SQS_QUEUE_URL }}
- run: >
sam deploy --no-confirm-changeset --no-fail-on-empty-changeset --stack-name ds-caselaw-ingester --s3-bucket ingester-test-2 --capabilities CAPABILITY_IAM --region eu-west-2 --parameter-overrides
AwsBucketName=${{ vars.AWS_BUCKET_NAME }}
EditorialUiBaseUrl=${{ vars.EDITORIAL_UI_BASE_URL }}
MarklogicHost=${{ secrets.MARKLOGIC_HOST }}
MarklogicPassword=${{ secrets.MARKLOGIC_PASSWORD }}
MarklogicUser=${{ secrets.MARKLOGIC_USER }}
MaxRetries=${{ vars.MAX_RETRIES }}
NotifyApiKey=${{ secrets.NOTIFY_API_KEY }}
NotifyEditorialAddress=${{ vars.NOTIFY_EDITORIAL_ADDRESS }}
NotifyNewJudgmentTemplateId=${{ vars.NOTIFY_NEW_JUDGMENT_TEMPLATE_ID }}
NotifyUpdatedJudgmentTemplateId=${{ vars.NOTIFY_UPDATED_JUDGMENT_TEMPLATE_ID }}
PublicAssetBucket=${{ vars.PUBLIC_ASSET_BUCKET }}
RollbarEnv=${{ vars.ROLLBAR_ENV }}
RollbarToken=${{ secrets.ROLLBAR_TOKEN }}
SqsQueueUrl=${{ vars.SQS_QUEUE_URL }}
56 changes: 28 additions & 28 deletions template.yml
Original file line number Diff line number Diff line change
Expand Up @@ -11,46 +11,46 @@ Globals:
Timeout: 3

Parameters:
AWS_BUCKET_NAME:
AwsBucketName:
Description: "AWS_BUCKET_NAME"
Type: "String"
EDITORIAL_UI_BASE_URL:
EditorialUiBaseUrl:
Description: "EDITORIAL_UI_BASE_URL"
Type: "String"
MARKLOGIC_HOST:
MarklogicHost:
Description: "MARKLOGIC_HOST"
Type: "String"
MARKLOGIC_PASSWORD:
MarklogicPassword:
Description: "MARKLOGIC_PASSWORD"
Type: "String"
MARKLOGIC_USER:
MarklogicUser:
Description: "MARKLOGIC_USER"
Type: "String"
MAX_RETRIES:
MaxRetries:
Description: "MAX_RETRIES"
Type: "String"
NOTIFY_API_KEY:
NotifyApiKey:
Description: "NOTIFY_API_KEY"
Type: "String"
NOTIFY_EDITORIAL_ADDRESS:
NotifyEditorialAddress:
Description: "NOTIFY_EDITORIAL_ADDRESS"
Type: "String"
NOTIFY_NEW_JUDGMENT_TEMPLATE_ID:
NotifyNewJudgmentTemplateId:
Description: "NOTIFY_NEW_JUDGMENT_TEMPLATE_ID"
Type: "String"
NOTIFY_UPDATED_JUDGMENT_TEMPLATE_ID:
NotifyUpdatedJudgmentTemplateId:
Description: "NOTIFY_UPDATED_JUDGMENT_TEMPLATE_ID"
Type: "String"
PUBLIC_ASSET_BUCKET:
PublicAssetBucket:
Description: "PUBLIC_ASSET_BUCKET"
Type: "String"
ROLLBAR_ENV:
RollbarEnv:
Description: "ROLLBAR_ENV"
Type: "String"
ROLLBAR_TOKEN:
RollbarToken:
Description: "ROLLBAR_TOKEN"
Type: "String"
SQS_QUEUE_URL:
SqsQueueUrl:
Description: "SQS_QUEUE_URL"
Type: "String"

Expand All @@ -65,20 +65,20 @@ Resources:
- x86_64
Environment:
Variables:
AWS_BUCKET_NAME: !Ref AWS_BUCKET_NAME
EDITORIAL_UI_BASE_URL: !Ref EDITORIAL_UI_BASE_URL
MARKLOGIC_HOST: !Ref MARKLOGIC_HOST
MARKLOGIC_PASSWORD: !Ref MARKLOGIC_PASSWORD
MARKLOGIC_USER: !Ref MARKLOGIC_USER
MAX_RETRIES: !Ref MAX_RETRIES
NOTIFY_API_KEY: !Ref NOTIFY_API_KEY
NOTIFY_EDITORIAL_ADDRESS: !Ref NOTIFY_EDITORIAL_ADDRESS
NOTIFY_NEW_JUDGMENT_TEMPLATE_ID: !Ref NOTIFY_NEW_JUDGMENT_TEMPLATE_ID
NOTIFY_UPDATED_JUDGMENT_TEMPLATE_ID: !Ref NOTIFY_UPDATED_JUDGMENT_TEMPLATE_ID
PUBLIC_ASSET_BUCKET: !Ref PUBLIC_ASSET_BUCKET
ROLLBAR_ENV: !Ref ROLLBAR_ENV
ROLLBAR_TOKEN: !Ref ROLLBAR_TOKEN
SQS_QUEUE_URL: !Ref SQS_QUEUE_URL
AWS_BUCKET_NAME: !Ref AwsBucketName
EDITORIAL_UI_BASE_URL: !Ref EditorialUiBaseUrl
MARKLOGIC_HOST: !Ref MarklogicHost
MARKLOGIC_PASSWORD: !Ref MarklogicPassword
MARKLOGIC_USER: !Ref MarklogicUser
MAX_RETRIES: !Ref MaxRetries
NOTIFY_API_KEY: !Ref NotifyApiKey
NOTIFY_EDITORIAL_ADDRESS: !Ref NotifyEditorialAddress
NOTIFY_NEW_JUDGMENT_TEMPLATE_ID: !Ref NotifyNewJudgmentTemplateId
NOTIFY_UPDATED_JUDGMENT_TEMPLATE_ID: !Ref NotifyUpdatedJudgmentTemplateId
PUBLIC_ASSET_BUCKET: !Ref PublicAssetBucket
ROLLBAR_ENV: !Ref RollbarEnv
ROLLBAR_TOKEN: !Ref RollbarToken
SQS_QUEUE_URL: !Ref SqsQueueUrl

Outputs:
# ServerlessRestApi is an implicit API created out of Events key under Serverless::Function
Expand Down

0 comments on commit dd33c27

Please sign in to comment.