generated from pokt-network/repo-template
-
Notifications
You must be signed in to change notification settings - Fork 8
101 lines (92 loc) · 4.57 KB
/
production-ap-east-1.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
# .github/workflows: DO NOT MODIFY HERE BUT RATHER REFER TO THEIR CORRESPONDING
# TEMPLATE IN THE POCKET-GATEWWAY FOLDER OTHERWISE YOUR CHANGES WILL BE OVERWRITTEN
name: Terraform Production Deployment ap-east-1
on:
push:
branches: [master, eth-altruist]
jobs:
deploy:
name: Gateway
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ap-east-1
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1
- name: Make envfile ap-east-1
uses: SpicyPizza/create-envfile@v1
with:
envkey_GATEWAY_CLIENT_PRIVATE_KEY: ${{ secrets.POCKET_NETWORK_PRODUCTION_CLIENT_PRIVATE_KEY }}
envkey_GATEWAY_CLIENT_PASSPHRASE: ${{ secrets.POCKET_NETWORK_PRODUCTION_CLIENT_PASSPHRASE }}
envkey_REDIS_LOCAL_TTL_FACTOR: ${{ secrets.REDIS_LOCAL_TTL_FACTOR }}
envkey_BLOCKED_ADDRESSES_URL: ${{ secrets.BLOCKED_ADDRESSES_URL }}
envkey_PHD_BASE_URL: ${{ secrets.PHD_BASE_URL }}
envkey_PHD_API_KEY: ${{ secrets.PHD_API_KEY_SERVICE_PRODUCTION }}
envkey_DATABASE_ENCRYPTION_KEY: ${{ secrets.DATABASE_PRODUCTION_ENCRYPTION_KEY }}
envkey_DISPATCH_URL: ${{ secrets.DISPATCH_URL }}
envkey_ALTRUISTS: ${{ secrets.POCKET_NETWORK_PRODUCTION_ALTRUISTS }}
envkey_REDIRECTS: ${{ secrets.POCKET_NETWORK_PRODUCTION_REDIRECTS }}
envkey_LOCAL_REDIS_ENDPOINT: 172.17.0.1:6379
envkey_REDIS_PORT: 6379
envkey_POCKET_SESSION_BLOCK_FREQUENCY: 4
envkey_POCKET_BLOCK_TIME: 1038000
envkey_POCKET_RELAY_RETRIES: 0
envkey_DEFAULT_SYNC_ALLOWANCE: 5
envkey_DEFAULT_LOG_LIMIT_BLOCKS: 10000
envkey_AAT_PLAN: premium
envkey_NODE_ENV: production
envkey_PSQL_CONNECTION: ${{ secrets.PSQL_CONNECTION }}
envkey_PSQL_CERTIFICATE: https://s3.amazonaws.com/rds-downloads/rds-ca-2019-root.pem
envkey_LOG_TO_CLOUDWATCH: false
envkey_AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
envkey_AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
envkey_COMMIT_HASH: ${{ github.sha }}
envkey_ARCHIVAL_CHAINS: 0022,0028,0010,000A,000B,000C
envkey_LOG_TO_LOKI: ${{ secrets.LOG_TO_LOKI }}
envkey_LOKI_BASIC_AUTH: ${{ secrets.LOKI_BASIC_AUTH }}
envkey_LOKI_HOST: ${{ secrets.LOKI_HOST }}
envkey_ALWAYS_REDIRECT_TO_ALTRUISTS: ${{ secrets.ALWAYS_REDIRECT_TO_ALTRUISTS }}
envkey_SILENT_LOGGING: true
envkey_LOG_CHERRY_PICKER_STATS: ${{ secrets.LOG_CHERRY_PICKER_STATS }}
envkey_RATE_LIMITER_URL: ${{ secrets.RATE_LIMITER_URL }}
envkey_RATE_LIMITER_TOKEN: ${{ secrets.RATE_LIMITER_TOKEN }}
envkey_INFLUX_URLS: ${{ secrets.INFLUX_URLS }}
envkey_INFLUX_TOKENS: ${{ secrets.INFLUX_TOKENS }}
envkey_INFLUX_ORGS: ${{ secrets.INFLUX_ORGS }}
envkey_ALTRUIST_ONLY_CHAINS: ${{ secrets.ALTRUIST_ONLY_CHAINS }}
envkey_GATEWAY_HOST: ${{ secrets.GATEWAY_HOST }}
envkey_REMOTE_REDIS_ENDPOINT: gateway-prod-redis.hmerc8.clustercfg.ape1.cache.amazonaws.com
envkey_REGION: 'ap-east-1'
envkey_REGION_NAME: 'ap-east-1'
file_name: .env
- name: Build, tag, and push image to Amazon ECR
id: build-image
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
ECR_REPOSITORY: gateway-prod
IMAGE_TAG: latest
run: |
docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
echo "::set-output name=image::$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG"
- name: Fill in the new image ID / ap-east-1 - gateway
id: task-def-ap-east-1-gateway
uses: aws-actions/amazon-ecs-render-task-definition@master
with:
task-definition: pocket-gateway/tasks/production/ecs-task-definition.json
container-name: gateway
image: ${{ steps.build-image.outputs.image }}
- name: Deploy / ap-east-1
uses: aws-actions/amazon-ecs-deploy-task-definition@v1
with:
task-definition: ${{ steps.task-def-ap-east-1-gateway.outputs.task-definition }}
service: gateway-prod
cluster: gateway-prod
wait-for-service-stability: true