stage #2784
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy Happy | |
| on: deployment | |
| env: | |
| DOCKER_BUILDKIT: 1 | |
| COMPOSE_DOCKER_CLI_BUILD: 1 | |
| DOCKER_REPO: ${{ secrets.ECR_REPO }}/ | |
| permissions: | |
| id-token: write | |
| contents: write | |
| deployments: write | |
| jobs: | |
| upgrade: | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: "20.10.0" | |
| - name: Configure AWS Prod Credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| if: github.event.deployment.environment == 'prod' | |
| with: | |
| aws-region: us-west-2 | |
| role-to-assume: ${{ secrets.AWS_PROD_ROLE_TO_ASSUME }} | |
| role-duration-seconds: 2700 | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| if: github.event.deployment.environment != 'prod' | |
| with: | |
| aws-region: us-west-2 | |
| role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }} | |
| role-duration-seconds: 2700 | |
| # Login to ECR needed solely to be able to retrieve cached layers | |
| - name: Login to Prod ECR | |
| uses: docker/login-action@v3 | |
| if: github.event.deployment.environment == 'prod' | |
| with: | |
| registry: ${{ secrets.ECR_REPO_PROD }} | |
| - name: Login to ECR | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ secrets.ECR_REPO }} | |
| - uses: actions/checkout@v2 | |
| with: | |
| ref: ${{ github.event.deployment.sha }} | |
| fetch-depth: 1 | |
| - uses: avakar/set-deployment-status@v1 | |
| with: | |
| state: in_progress | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Update deployment | |
| uses: chanzuckerberg/github-actions/.github/actions/deploy-happy-stack@deploy-happy-stack-v1.7.2 | |
| with: | |
| tfe-token: ${{ secrets.TFE_TOKEN }} | |
| stack-name: ${{ github.event.deployment.environment }}stack | |
| operation: update | |
| tag: ${{ github.event.deployment.payload.tag }} | |
| env: ${{ github.event.deployment.environment }} | |
| happy_version: "0.92.0" | |
| - name: Invalidate CloudFront | |
| env: | |
| DEPLOYMENT_STAGE: ${{ github.event.deployment.environment }} | |
| run: | | |
| if [ "${DEPLOYMENT_STAGE}" == "stage" ]; then | |
| DOMAIN_NAME=frontend.stage.single-cell.czi.technology | |
| ALIAS=cellxgene.staging.single-cell.czi.technology | |
| elif [ "${DEPLOYMENT_STAGE}" == "prod" ]; then | |
| DOMAIN_NAME=frontend.production.single-cell.czi.technology | |
| ALIAS=cellxgene.cziscience.com | |
| else | |
| DOMAIN_NAME=frontend.${DEPLOYMENT_STAGE}.single-cell.czi.technology | |
| ALIAS=cellxgene.${DEPLOYMENT_STAGE}.single-cell.czi.technology | |
| fi | |
| DISTRIBUTION_ID=$(aws cloudfront list-distributions --query "DistributionList.Items[*].{id:Id,domain_name:Origins.Items[*].DomainName,alias:Aliases.Items[0]}[?contains(domain_name,'${DOMAIN_NAME}')&&alias=='${ALIAS}'].id" --output text) | |
| aws cloudfront create-invalidation --distribution-id ${DISTRIBUTION_ID} --paths /index.html | |
| ### Need to write success failure way because Github API doesn't allow doing | |
| ### "if: always(), state: ${{ success() }}: | |
| - name: Set deployment status to failure if errors | |
| uses: avakar/set-deployment-status@v1 | |
| if: failure() | |
| with: | |
| state: failure | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - uses: 8398a7/action-slack@v3 | |
| with: | |
| status: ${{ job.status }} | |
| fields: repo,commit,author,eventName,workflow,job,mention | |
| mention: "subteam^S02K38PMTTQ" | |
| if_mention: "always" | |
| env: | |
| SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }} | |
| if: failure() && github.ref == 'refs/heads/main' | |
| github-tag-and-release: | |
| runs-on: ubuntu-22.04 | |
| if: github.event.deployment.environment == 'prod' | |
| needs: | |
| - upgrade | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event.deployment.sha }} | |
| fetch-tags: true | |
| - name: Get most recent tag | |
| id: "fetch_tag" | |
| run: | | |
| git config user.name github-actions | |
| git config user.email github-actions@github.com | |
| echo "PREVIOUS_TAG=$(git describe --tags $(git rev-list --tags=sha\* --max-count=1))" >> $GITHUB_OUTPUT | |
| cat $GITHUB_OUTPUT | |
| - name: Push Tag with latest prod commit SHA | |
| uses: rickstaa/action-create-tag@v1 | |
| id: "tag_create" | |
| with: | |
| tag: ${{ github.event.deployment.payload.tag }} | |
| tag_exists_error: false | |
| - name: Build Changelog | |
| id: build_changelog | |
| uses: mikepenz/release-changelog-builder-action@v4 | |
| with: | |
| fromTag: ${{ steps.fetch_tag.outputs.PREVIOUS_TAG }} | |
| - name: Produce Github Release for Prod Deployments | |
| uses: softprops/action-gh-release@v2 | |
| if: steps.tag_create.outputs.tag_exists == 'false' | |
| with: | |
| tag_name: ${{ github.event.deployment.payload.tag }} | |
| body: ${{steps.build_changelog.outputs.changelog}} | |
| e2e-logged-in-test: | |
| timeout-minutes: 30 | |
| runs-on: ubuntu-22.04 | |
| needs: | |
| - upgrade | |
| steps: | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: "20.10.0" | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.10" | |
| - uses: actions/checkout@v2 | |
| with: | |
| ref: ${{ github.event.deployment.sha }} | |
| fetch-depth: 1 | |
| - name: Configure AWS Prod Credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| if: github.event.deployment.environment == 'prod' | |
| with: | |
| aws-region: us-west-2 | |
| role-to-assume: ${{ secrets.AWS_PROD_ROLE_TO_ASSUME }} | |
| role-duration-seconds: 2700 | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| if: github.event.deployment.environment != 'prod' | |
| with: | |
| aws-region: us-west-2 | |
| role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }} | |
| role-duration-seconds: 2700 | |
| - name: Run e2e Logged In tests | |
| env: | |
| DEPLOYMENT_STAGE: ${{ github.event.deployment.environment }} | |
| ### config.js set-up required due to transient test dependencies on API_URL | |
| run: | | |
| if [ "${DEPLOYMENT_STAGE}" == "stage" ]; then | |
| export DEPLOYMENT_STAGE=staging | |
| fi | |
| if [ "${DEPLOYMENT_STAGE}" != "prod" ]; then | |
| pip3 install -r scripts/smoke_tests/requirements.txt | |
| python3 -m scripts.smoke_tests.setup | |
| fi | |
| cd frontend | |
| npm ci | |
| npx playwright install --with-deps | |
| cp src/configs/${DEPLOYMENT_STAGE}.js src/configs/configs.js | |
| DEBUG=pw:api npm run e2e-${DEPLOYMENT_STAGE}-logged-in | |
| - uses: actions/upload-artifact@v2 | |
| if: always() | |
| with: | |
| name: logged-in-test-results | |
| path: frontend/playwright-report/ | |
| retention-days: 30 | |
| ### Need to write success failure way because Github API doesn't allow doing | |
| ### "if: always(), state: ${{ success() }}: | |
| - name: Set deployment status to success if no errors | |
| uses: avakar/set-deployment-status@v1 | |
| with: | |
| state: success | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Set deployment status to failure if errors | |
| uses: avakar/set-deployment-status@v1 | |
| if: failure() | |
| with: | |
| state: failure | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run-e2e-tests: | |
| timeout-minutes: 30 | |
| name: e2e-tests ${{ matrix.project }} ${{ matrix.shardCurrent }} of ${{ matrix.shardTotal }} | |
| runs-on: ubuntu-22.04 | |
| needs: | |
| - upgrade | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| # Only run Chrome for now, since GHA only has 250 workers and will cancel jobs if it runs out | |
| project: [chromium] | |
| shardCurrent: [1, 2, 3, 4, 5] | |
| shardTotal: [5] | |
| defaults: | |
| run: | |
| working-directory: frontend | |
| steps: | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: "20.10.0" | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-region: us-west-2 | |
| role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }} | |
| role-duration-seconds: 1800 | |
| - name: Login to ECR | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ secrets.ECR_REPO }} | |
| - uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 1 | |
| - name: Install dependencies | |
| run: | | |
| npm ci | |
| npx playwright install --with-deps | |
| cp src/configs/local.js src/configs/configs.js | |
| make retrieve-descendants | |
| # Run e2e tests | |
| - name: Run e2e tests | |
| env: | |
| CI: true | |
| PROJECT: ${{ matrix.project }} | |
| SHARD: ${{ matrix.shardCurrent }}/${{ matrix.shardTotal }} | |
| DEPLOYMENT_STAGE: ${{ github.event.deployment.environment }} | |
| run: | | |
| if [ "${DEPLOYMENT_STAGE}" == "stage" ]; then | |
| export DEPLOYMENT_STAGE=staging | |
| fi | |
| DEBUG=pw:api npm run e2e-${DEPLOYMENT_STAGE}-ci | |
| - name: Upload FE test results as an artifact | |
| if: always() | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: playwright-report ${{ matrix.project }} ${{ matrix.shardCurrent }} of ${{ matrix.shardTotal }} | |
| path: /home/runner/work/single-cell-data-portal/single-cell-data-portal/frontend/playwright-report | |
| retention-days: 14 | |
| - name: Upload blob report to GitHub Actions Artifacts | |
| if: always() | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: all-blob-reports | |
| path: /home/runner/work/single-cell-data-portal/single-cell-data-portal/frontend/blob-report | |
| retention-days: 1 | |
| e2e-test: | |
| if: always() | |
| runs-on: ubuntu-latest | |
| needs: | |
| - run-e2e-tests | |
| steps: | |
| - name: Check result | |
| run: | | |
| passed="${{ needs.run-e2e-tests.result }}" | |
| if [[ $passed == "success" ]]; then | |
| echo "Shards passed" | |
| exit 0 | |
| else | |
| echo "Shards failed" | |
| exit 1 | |
| fi | |
| ### Need to write success failure way because Github API doesn't allow doing | |
| ### "if: always(), state: ${{ success() }}: | |
| - name: Set deployment status to success if no errors | |
| uses: avakar/set-deployment-status@v1 | |
| with: | |
| state: success | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Set deployment status to failure if errors | |
| uses: avakar/set-deployment-status@v1 | |
| if: failure() | |
| with: | |
| state: failure | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| functional-test: | |
| runs-on: ubuntu-22.04 | |
| timeout-minutes: 30 | |
| needs: | |
| - upgrade | |
| steps: | |
| - name: Configure AWS Prod Credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| if: github.event.deployment.environment == 'prod' | |
| with: | |
| aws-region: us-west-2 | |
| role-to-assume: ${{ secrets.AWS_PROD_ROLE_TO_ASSUME }} | |
| role-duration-seconds: 2700 | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| if: github.event.deployment.environment != 'prod' | |
| with: | |
| aws-region: us-west-2 | |
| role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }} | |
| role-duration-seconds: 2700 | |
| - uses: actions/checkout@v2 | |
| with: | |
| ref: ${{ github.event.deployment.sha }} | |
| fetch-depth: 1 | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.10" | |
| - name: Run functional test | |
| env: | |
| TFE_TOKEN: ${{ secrets.TFE_TOKEN }} | |
| DEPLOYMENT_STAGE: ${{ github.event.deployment.environment }} | |
| if: github.event.deployment.environment != 'prod' | |
| run: | | |
| if [ "${DEPLOYMENT_STAGE}" == "stage" ]; then | |
| export DEPLOYMENT_STAGE=staging | |
| fi | |
| echo DEPLOYMENT_STAGE ${DEPLOYMENT_STAGE} | |
| pip3 install -r tests/functional/requirements.txt | |
| make functional-test | |
| ### Need to write success failure way because Github API doesn't allow doing | |
| ### "if: always(), state: ${{ success() }}: | |
| - name: Set deployment status to success if no errors | |
| uses: avakar/set-deployment-status@v1 | |
| with: | |
| state: success | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Set deployment status to failure if errors | |
| uses: avakar/set-deployment-status@v1 | |
| if: failure() | |
| with: | |
| state: failure | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| performance-test: | |
| runs-on: ubuntu-22.04 | |
| timeout-minutes: 30 | |
| needs: | |
| - upgrade | |
| steps: | |
| - name: Configure AWS Prod Credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| if: github.event.deployment.environment == 'prod' | |
| with: | |
| aws-region: us-west-2 | |
| role-to-assume: ${{ secrets.AWS_PROD_ROLE_TO_ASSUME }} | |
| role-duration-seconds: 2700 | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| if: github.event.deployment.environment != 'prod' | |
| with: | |
| aws-region: us-west-2 | |
| role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }} | |
| role-duration-seconds: 2700 | |
| # Login to ECR needed solely to be able to retrieve cached layers | |
| - name: Login to Prod ECR | |
| uses: docker/login-action@v3 | |
| if: github.event.deployment.environment == 'prod' | |
| with: | |
| registry: ${{ secrets.ECR_REPO_PROD }} | |
| - name: Login to ECR | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ secrets.ECR_REPO }} | |
| - uses: actions/checkout@v2 | |
| with: | |
| ref: ${{ github.event.deployment.sha }} | |
| fetch-depth: 1 | |
| - name: Run performance test | |
| env: | |
| TFE_TOKEN: ${{ secrets.TFE_TOKEN }} | |
| DEPLOYMENT_STAGE: ${{ github.event.deployment.environment }} | |
| if: github.event.deployment.environment == 'prod' | |
| run: | | |
| echo "DOCKER_REPO=${DOCKER_REPO}" > .env.ecr | |
| echo DEPLOYMENT_STAGE ${DEPLOYMENT_STAGE} | |
| make prod-performance-test | |
| status: | |
| runs-on: ubuntu-22.04 | |
| if: ${{ always() }} # Ensures status is run after post-deploy tests, even if they fail | |
| needs: | |
| - performance-test | |
| - e2e-logged-in-test | |
| - e2e-test | |
| - functional-test | |
| steps: | |
| - uses: martialonline/workflow-status@v4 | |
| id: check | |
| - uses: 8398a7/action-slack@v3 | |
| with: | |
| status: ${{ steps.check.outputs.status }} | |
| fields: repo,commit,author,eventName,workflow,job,mention | |
| mention: "subteam^S02KZL4SQM6,subteam^S03MNFMGD0F" | |
| if_mention: "always" | |
| env: | |
| SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }} | |
| if: github.ref == 'refs/heads/prod' | |
| - uses: 8398a7/action-slack@v3 | |
| with: | |
| status: ${{ steps.check.outputs.status }} | |
| fields: repo,commit,author,eventName,workflow,job,mention | |
| mention: "subteam^S02K38PMTTQ" | |
| if_mention: "always" | |
| env: | |
| SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }} | |
| if: steps.check.outputs.status == 'failure' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/staging') |