re-added migration guide #24
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy to EC2 | |
| on: | |
| push: | |
| branches: | |
| - dev | |
| - main | |
| workflow_dispatch: | |
| jobs: | |
| test: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout Code | |
| uses: actions/checkout@v6 | |
| - name: Set up Python | |
| uses: actions/setup-python@v6 | |
| with: | |
| python-version: "3.14" | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install -r requirements.txt pytest pytest-asyncio testcontainers | |
| - name: Run tests | |
| run: | | |
| python -m pytest tests/ -v | |
| deploy: | |
| needs: test | |
| runs-on: ubuntu-latest | |
| environment: ${{ github.ref_name == 'main' && 'prod' || 'dev' }} | |
| permissions: | |
| id-token: write | |
| contents: read | |
| steps: | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v6 | |
| with: | |
| role-to-assume: ${{ vars.AWS_ROLE }} | |
| aws-region: ${{ vars.AWS_REGION }} | |
| - name: Create Deployment Script | |
| run: | | |
| cat << 'EOF' > deploy_script.sh | |
| #!/bin/bash | |
| set -e | |
| export HOME=/root | |
| cd /opt/openpecha-backend || exit 1 | |
| git config --global --add safe.directory /opt/openpecha-backend | |
| git fetch origin ${{ github.ref_name }} | |
| git checkout ${{ github.ref_name }} | |
| git pull origin ${{ github.ref_name }} | |
| cat << 'ENV_EOF' > .env | |
| NEO4J_URI=${{ vars.NEO4J_URI }} | |
| NEO4J_USERNAME=${{ vars.NEO4J_USERNAME }} | |
| NEO4J_PASSWORD=${{ secrets.NEO4J_PASSWORD }} | |
| AWS_REGION=${{ vars.AWS_REGION }} | |
| AWS_S3_BUCKET=${{ vars.AWS_S3_BUCKET }} | |
| SEARCH_API_URL=${{ vars.SEARCH_API_URL }} | |
| ENVIRONMENT=${{ vars.ENVIRONMENT }} | |
| OTEL_ENABLED=${{ vars.OTEL_ENABLED }} | |
| OTEL_SERVICE_NAME=${{ vars.OTEL_SERVICE_NAME }} | |
| OTEL_EXPORTER_OTLP_ENDPOINT=${{ vars.OTEL_EXPORTER_OTLP_ENDPOINT }} | |
| OTEL_EXPORTER_OTLP_HEADERS=${{ secrets.OTEL_EXPORTER_OTLP_HEADERS }} | |
| ENV_EOF | |
| [ -d ".venv" ] || python3 -m venv .venv | |
| source .venv/bin/activate | |
| pip install -r requirements.txt | |
| OWNER=$(stat -c '%U:%G' .) | |
| chown -R "$OWNER" . | |
| sudo systemctl restart openpecha-api | |
| EOF | |
| - name: Execute via SSM | |
| run: | | |
| jq -n --rawfile script deploy_script.sh '{commands: [$script]}' > ssm_params.json | |
| COMMAND_ID=$(aws ssm send-command \ | |
| --instance-ids "${{ vars.EC2_INSTANCE_ID }}" \ | |
| --document-name "AWS-RunShellScript" \ | |
| --parameters file://ssm_params.json \ | |
| --query "Command.CommandId" \ | |
| --output text) | |
| echo "Deployment started on ${{ vars.EC2_INSTANCE_ID }}. Command ID: $COMMAND_ID" | |
| # Wait for the command to finish and capture status | |
| aws ssm wait command-executed \ | |
| --command-id "$COMMAND_ID" \ | |
| --instance-id "${{ vars.EC2_INSTANCE_ID }}" || export EXIT_CODE=$? | |
| # If the deployment failed, fetch the actual error logs from the EC2 | |
| if [ "${EXIT_CODE}" != "" ]; then | |
| aws ssm get-command-invocation \ | |
| --command-id "$COMMAND_ID" \ | |
| --instance-id "${{ vars.EC2_INSTANCE_ID }}" \ | |
| --query "{Status:Status,Output:StandardOutputContent,Error:StandardErrorContent}" \ | |
| --output table | |
| exit $EXIT_CODE | |
| fi |