search

interscript / interscript-api

API for interscript endpoint
1 stars 1 forks source link

Feat: auto deploy aws #18

Closed phuonghuynh closed 3 years ago

phuonghuynh commented 3 years ago

Support auto release -api and aws-lambda -aws-lambda

Workflow:

  1. Manual create a new GitHub Release new gem from interscript repo
  2. (GHA) Auto dispatch the build an publish new GitHub Release for -api, same version as the gem
  3. (GHA) Auto dispatch -infrastructure to deploy to aws lambda and push .statefile to github, all process should be done successfully. A new Pull Request is created and assigned to predefined .pr_reviewers to approve statefile changed and manual merge to master branch of -infrastructure

Secrets variable required:

  1. (might be done) Push permission token: INTERSCRIPT_CI_PAT in -api and -infrastructure
  2. -infrastructure: AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY
  3. .pr_reviewers: static csv string Reviewers assigned when Pull Request sent in -infrastructure after applying AWS Lambda successfully.

Related issue #12, #15, #3

phuonghuynh commented 3 years ago

PR https://github.com/interscript/infrastructure/pull/7 need to be merged also to enable this process.

ronaldtse commented 3 years ago

Secrets variable required:

  1. (might be done) Push permission token: INTERSCRIPT_CI_PAT in -api and -infrastructure

Done.

  1. -infrastructure: AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY

What kind of permissions does this account need? I've now put in the website deployment user.

Free free to merge when ready.

phuonghuynh commented 3 years ago

I think only AWSLambda_FullAccess

XRay will be removed in PR https://github.com/interscript/infrastructure/pull/8

ronaldtse commented 3 years ago

@phuonghuynh can you let me know if anything fails? We might need to setup a new AWS account for this.

phuonghuynh commented 3 years ago

PR to fix wrong git repository name merged, https://github.com/interscript/infrastructure/pull/9

@ronaldtse Auto workflow should work now, could you give it a try?

phuonghuynh commented 3 years ago

We might need to setup a new AWS account for this.

yes, a deploy-account needed as we restrict to allowed_account_ids = ["458282504429"] for now, we can set AWSLambda_FullAccess is enough, as described in the document

A Lambda function also has a policy, called an execution role, that grants it permission to access AWS services and resources. At a minimum, your function needs access to Amazon CloudWatch Logs for log streaming.

phuonghuynh commented 3 years ago

@ronaldtse after setting up AWS account, a manual release (push tag) on interscript is required to trigger this workflow as detailed in the description section

ronaldtse commented 3 years ago

@phuonghuynh can you help setup the new account and also make the deploy work? Thanks!