Skip to content

Commit

Permalink
Updating the staging deployment to use AWS secrets for env
Browse files Browse the repository at this point in the history
  • Loading branch information
@caparker
caparker committed Oct 1, 2024
1 parent 10b75e1 commit 127766f
Showing 1 changed file with 45 additions and 44 deletions.
89 changes: 45 additions & 44 deletions .github/workflows/deploy-staging.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,48 +3,7 @@ name: Deploy staging
on:
push:
branches:
- release-*

env:
ENV: "staging"
PROJECT: "openaq"
DATABASE_READ_USER: ${{ secrets.DATABASE_READ_USER }}
DATABASE_READ_PASSWORD: ${{ secrets.DATABASE_READ_PASSWORD }}
DATABASE_WRITE_USER: ${{ secrets.DATABASE_WRITE_USER }}
DATABASE_WRITE_PASSWORD: ${{ secrets.DATABASE_WRITE_PASSWORD }}
DATABASE_DB: ${{ secrets.DATABASE_DB }}
DATABASE_HOST: ${{ secrets.DATABASE_HOST_STAGING }}
DATABASE_PORT: ${{ secrets.STAGING_DATABASE_PORT }}
API_LAMBDA_MEMORY_SIZE: ${{ secrets.API_LAMBDA_MEMORY_SIZE_STAGING }}
FETCH_ASCENDING: ${{ secrets.FETCH_ASCENDING }}
PIPELINE_LIMIT: ${{ secrets.PIPELINE_LIMIT }}
METADATA_LIMIT: ${{ secrets.METADATA_LIMIT }}
REALTIME_LIMIT: ${{ secrets.REALTIME_LIMIT }}
FETCH_BUCKET: ${{ secrets.FETCH_BUCKET }}
ETL_BUCKET: ${{ secrets.ETL_BUCKET }}
HOSTED_ZONE_ID: ${{ secrets.HOSTED_ZONE_ID }}
HOSTED_ZONE_NAME: ${{ secrets.HOSTED_ZONE_NAME }}
DOMAIN_NAME: "staging.openaq.org"
WEB_ACL_ID: ${{ secrets.WEB_ACL_ID }}
CERTIFICATE_ARN: ${{ secrets.CERTIFICATE_ARN }}
FASTAPI_URL: ""

CDK_ACCOUNT: ${{ secrets.CDK_ACCOUNT }}
CDK_REGION: ${{ secrets.CDK_REGION }}

VPC_ID: ${{ secrets.VPC_ID }}

RATE_LIMITING: True
RATE_AMOUNT_KEY: 10
RATE_TIME: 1

EMAIL_SENDER: ${{ secrets.EMAIL_SENDER }}
SMTP_EMAIL_HOST: ${{ secrets.SMTP_EMAIL_HOST }}
SMTP_EMAIL_USER: ${{ secrets.SMTP_EMAIL_USER }}
SMTP_EMAIL_PASSWORD: ${{ secrets.SMTP_EMAIL_PASSWORD }}

EXPLORER_API_KEY: ${{ secrets.EXPLORER_API_KEY }}

- 'features/**'

jobs:
deploy:
Expand All @@ -56,10 +15,18 @@ jobs:
- name: Configure aws credentials
uses: aws-actions/configure-aws-credentials@master
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_STAGING }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_KEY_STAGING }}
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_PROD }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_KEY_PROD }}
aws-region: ${{ secrets.AWS_REGION }}

- name: Get envionmental values
uses: aws-actions/aws-secretsmanager-get-secrets@v2
with:
secret-ids: |
STAGING, openaq-env/staging
name-transformation: uppercase
parse-json-secrets: true

- uses: actions/setup-node@v3
with:
node-version: "18"
Expand All @@ -79,6 +46,40 @@ jobs:
python-version: '3.11'

- name: Deploy stack
env:
ENV: "staging"
PROJECT: "openaq"
DATABASE_READ_USER: ${{ env.STAGING_DATABASE_READ_USER }}
DATABASE_READ_PASSWORD: ${{ env.STAGING_DATABASE_READ_PASSWORD }}
DATABASE_WRITE_USER: ${{ env.STAGING_DATABASE_WRITE_USER }}
DATABASE_WRITE_PASSWORD: ${{ env.STAGING_DATABASE_WRITE_PASSWORD }}
DATABASE_DB: ${{ env.STAGING_DATABASE_DB }}
DATABASE_HOST: ${{ env.STAGING_DATABASE_HOST }}
DATABASE_PORT: ${{ env.STAGING_DATABASE_PORT }}
API_LAMBDA_MEMORY_SIZE: ${{ env.STAGING_API_LAMBDA_MEMORY_SIZE }}

CDK_ACCOUNT: ${{ secrets.CDK_ACCOUNT }}
CDK_REGION: ${{ secrets.CDK_REGION }}

VPC_ID: ${{ env.STAGING_VPC_ID }}

RATE_LIMITING: True
RATE_AMOUNT: 10
RATE_AMOUNT_KEY: 60
RATE_TIME: 1
USER_AGENT: ${{ env.STAGING_USER_AGENT }}
ORIGIN: ${{ env.STAGING_ORIGIN }}
REDIS_HOST: ${{ env.STAGING_REDIS_HOST }}
REDIS_PORT: ${{ env.STAGING_REDIS_PORT }}
REDIS_SECURITY_GROUP_ID: ${{ env.STAGING_REDIS_SECURITY_GROUP_ID }}

EMAIL_SENDER: ${{ env.STAGING_EMAIL_SENDER }}
SMTP_EMAIL_HOST: ${{ env.STAGING_SMTP_EMAIL_HOST }}
SMTP_EMAIL_USER: ${{ env.STAGING_SMTP_EMAIL_USER }}
SMTP_EMAIL_PASSWORD: ${{ env.STAGING_SMTP_EMAIL_PASSWORD }}

EXPLORER_API_KEY: ${{ env.STAGING_EXPLORER_API_KEY }}

working-directory: ./cdk
run: |
pip install -r requirements.txt
Expand Down

0 comments on commit 127766f

Please sign in to comment.