search

avniproject / avni-infra

Other
0 stars 0 forks source link

Modify CircelCI deploys to be done using AWS Roles and AWS OIDC Context #27

Closed himeshr closed 6 months ago

himeshr commented 6 months ago

Acceptance criteria

Modify CircelCI deploys to be done using AWS Roles and AWS OIDC Context. We do not want to make use of openchs-infra.pem file for circle-ci config deploys anymore. Refer to the way we have done this for RWB Staging and Prod environments deploy in avni-server. https://github.com/avniproject/avni-server/blob/master/.circleci/config.yml

Changes have to be done for following repo deployments

Excerpts from ciconfig file with changes done for RWB staging deploy

Sample role config:

  RWB_STAGING_deploy:
    docker:
      - image: cimg/deploy:2023.09-node
    working_directory: ~/
    steps:
      - aws-cli/setup:
          role_arn: "arn:aws:iam::730335671779:role/avni_circleci_instance_connect"
          region: "ap-south-1"
      - setup_server_access:
          instance-id: "i-00b50ac6e8413fdca"
          availability-zone: "ap-south-1b"
      - deploy_ansible:
          env: "rwb-staging"

Sample Context config:

      - RWB_STAGING_deploy:
          context:
            - RWB_AWS_OIDC
            - non-prod-deploy
          requires:
            - RWB_STAGING_approve
Balamuruganjeevi commented 6 months ago

@himeshr I did the modification of circle-ci config for avni-webapp can you please validate it, after that i will do it for the remaining repo's.

himeshr commented 6 months ago

@himeshr I did the modification of circle-ci config for avni-webapp can you please validate it, after that i will do it for the remaining repo's.

As informed over chat:

Balamuruganjeevi commented 6 months ago

@himeshr The modification of CircleCI config is done for the below services repo's, can you please validate it.

himeshr commented 6 months ago

@Balamuruganjeevi Some major guidelines to follow during any code changes: