[Release] [staging] Deploy server #4479

Workflow file for this run

.github/workflows/deploy.yaml at 0898566

	name: '[Release] Deploy service'
	run-name: '[Release] [${{ inputs.stage }}] Deploy ${{ inputs.service }}'

	on:
	workflow_dispatch:
	inputs:
	stage:
	type: choice
	description: 'stage to deploy to, defaults to development'
	required: true
	default: 'development'
	options:
	- development
	- staging
	- production
	- replit
	service:
	type: choice
	description: 'Service to deploy, defaults to server'
	required: true
	default: 'server'
	options:
	- server
	- jobs
	- runner
	- persist
	- orchestrator
	- metering
	- connect_ui
	- app_ui

	jobs:
	deploy_app_ui:
	if: inputs.service == 'app_ui'
	runs-on: ubuntu-latest
	environment: ${{ inputs.stage }}
	permissions:
	id-token: write
	contents: read
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	- name: Install dependencies
	run: npm ci
	- name: Build Webapp
	run: npm run ts-build && npm run -w @nangohq/webapp build
	- name: Replace env.js source with api path in dist/index.html
	run: \|
	FILE="packages/webapp/dist/index.html"
	sed -E -i 's#(src=")/env\.js\?hash=([^"]+)#\1${{ vars.API_DOMAIN }}/env.js?hash=\2#g' "$FILE"
	- name: configure aws credentials
	if: inputs.stage != 'replit'
	uses: aws-actions/configure-aws-credentials@v4
	with:
	role-to-assume: ${{ vars.DEPLOY_APP_UI_ROLE }}
	role-session-name: GitHub_to_AWS_via_FederatedOIDC
	aws-region: ${{ vars.AWS_REGION }}
	- name: Deploy Webapp to S3
	if: inputs.stage != 'replit'
	run: \|
	aws s3 sync packages/webapp/dist/ s3://${{ vars.APP_UI_BUCKET }} --delete
	- name: Create invalidation
	if: inputs.stage != 'replit'
	run: \|
	aws cloudfront create-invalidation --distribution-id ${{ vars.APP_UI_DISTRIBUTION_ID }} --paths "/*"
	- name: Auth to GCP (OIDC)
	if: inputs.stage == 'replit'
	uses: google-github-actions/auth@v2
	with:
	workload_identity_provider: ${{ vars.GCP_WORKLOAD_IDENTITY_PROVIDER }}
	service_account: ${{ vars.GCP_DEPLOYER_SA }}
	- name: Setup gcloud SDK
	if: inputs.stage == 'replit'
	uses: google-github-actions/setup-gcloud@v2
	with:
	project_id: ${{ vars.GCP_PROJECT_ID }}
	- name: Upload Webapp to GCS
	if: inputs.stage == 'replit'
	run: \|
	gsutil -m rsync -r -d packages/webapp/dist/ gs://${{ vars.APP_UI_BUCKET }}
	- name: Invalidate Cloud CDN cache
	if: inputs.stage == 'replit'
	run: \|
	gcloud compute url-maps invalidate-cdn-cache ${{ vars.APP_UI_URL_MAP }} \
	--path "/*" \
	--project "${{ vars.GCP_PROJECT_ID }}"
	deploy_connect_ui:
	if: inputs.service == 'connect_ui'
	runs-on: ubuntu-latest
	permissions:
	id-token: write
	contents: read
	environment: ${{ inputs.stage }}
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	- name: Install dependencies
	run: npm ci
	- name: Build Connect UI
	run: npm run ts-build && npm run -w @nangohq/connect-ui build
	- name: configure aws credentials
	if: inputs.stage != 'replit'
	uses: aws-actions/configure-aws-credentials@v4
	with:
	role-to-assume: ${{ vars.DEPLOY_CONNECT_UI_ROLE }}
	role-session-name: GitHub_to_AWS_via_FederatedOIDC
	aws-region: ${{ vars.AWS_REGION }}
	- name: Deploy Connect UI to S3
	if: inputs.stage != 'replit'
	run: \|
	aws s3 sync packages/connect-ui/dist/ s3://${{ vars.CONNECT_UI_BUCKET }} --delete
	- name: Create invalidation
	if: inputs.stage != 'replit'
	run: \|
	aws cloudfront create-invalidation --distribution-id ${{ vars.CONNECT_UI_DISTRIBUTION_ID }} --paths "/*"
	- name: Auth to GCP (OIDC)
	if: inputs.stage == 'replit'
	uses: google-github-actions/auth@v2
	with:
	workload_identity_provider: ${{ vars.GCP_WORKLOAD_IDENTITY_PROVIDER }}
	service_account: ${{ vars.GCP_DEPLOYER_SA }}
	- name: Setup gcloud SDK
	if: inputs.stage == 'replit'
	uses: google-github-actions/setup-gcloud@v2
	with:
	project_id: ${{ vars.GCP_PROJECT_ID }}
	- name: Upload Webapp to GCS
	if: inputs.stage == 'replit'
	run: \|
	gsutil -m rsync -r -d packages/connect-ui/dist/ gs://${{ vars.CONNECT_UI_BUCKET }}
	- name: Invalidate Cloud CDN cache
	if: inputs.stage == 'replit'
	run: \|
	gcloud compute url-maps invalidate-cdn-cache ${{ vars.CONNECT_UI_URL_MAP }} \
	--path "/*" \
	--project "${{ vars.GCP_PROJECT_ID }}"
	deploy:
	if: inputs.service != 'runner' && inputs.service != 'connect_ui' && inputs.service != 'app_ui'
	runs-on: ubuntu-latest
	permissions:
	contents: write
	actions: write
	steps:
	- name: Checkout nango-environments
	uses: actions/checkout@v4
	with:
	repository: NangoHQ/nango-environments
	token: ${{ secrets.NANGO_ENVIRONMENTS_PAT }}
	path: nango-environments

	- name: Deploy ${{ inputs.service }} (AWS)
	if: inputs.stage != 'replit'
	run: \|
	cd nango-environments

	# Configure git for the commit
	git config user.name "github-actions[bot]"
	git config user.email "github-actions[bot]@users.noreply.github.com"

	# Update the nango-values.yaml file for the current stage and service
	yq eval '.spec.values.${{ inputs.service }}.image.tag = "${{ github.sha }}"' -i apps/${{ inputs.stage }}/nango-values.yaml

	# Commit and push the changes
	git add apps/${{ inputs.stage }}/nango-values.yaml
	git commit -m "Update ${{ inputs.service }} image tag to ${{ github.sha }} in ${{ inputs.stage }}"
	git push origin main
	- name: Deploy ${{ inputs.service }} (Replit)
	if: inputs.stage == 'replit'
	run: \|
	cd nango-environments

	# Configure git for the commit
	git config user.name "github-actions[bot]"
	git config user.email "github-actions[bot]@users.noreply.github.com"

	# Update the nango-values.yaml file for the current stage and service
	yq eval '.spec.values.${{ inputs.service }}.image.tag = "${{ github.sha }}"' -i apps/customers/replit/production/nango.yaml
	# Commit and push the changes
	git add apps/customers/replit/production/nango.yaml
	git commit -m "Update ${{ inputs.service }} image tag to ${{ github.sha }} in ${{ inputs.stage }}"
	git push origin main
	deploy_runners:
	if: inputs.service == 'runner' && inputs.stage != 'replit'
	runs-on: ubuntu-latest
	environment: ${{ inputs.stage }}
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	- name: Deploy all runners
	env:
	API_KEY: ${{ secrets.RENDER_API_KEY }}
	ENVIRONMENT: ${{ inputs.stage }}
	INTERNAL_API_KEY: ${{ secrets.INTERNAL_API_KEY }}
	run: \|
	curl -sS --fail-with-body --request POST "${{ vars.API_DOMAIN }}/internal/fleet/nango_runners_k8s/rollout" \
	--header "authorization: Bearer $INTERNAL_API_KEY"\
	--header "content-type: application/json"\
	--data "{ \"image\": \"nangohq/nango:${{ github.sha }}\" }"

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[Release] [staging] Deploy server #4479

Workflow file

[Release] [staging] Deploy server #4479

Uh oh!

Workflow file for this run