Skip to content

Deployment Guide

Jump to bottom
7174Andy edited this page Oct 1, 2025 · 3 revisions

πŸš€ Deployment Guide

🧩 Deployment via GitHub Actions

Prerequisites:

  • The deployment process requires to set the ARN of an IAM role with appropriate permissions in the GitHub repository secrets as AWS_ROLE_ARN.
Trigger Environment Image Tag Used
Push to main Production linux-amd64-<git_sha> (pinned)
Push to test Staging linux-amd64-latest-test
Manual trigger (workflow_dispatch) Development linux-amd64-latest-test

πŸ”„ Production Deployment Flow

  1. Push to main
  2. GitHub Actions builds Docker image and tags it with linux-amd64-<git_sha>
  3. On successful image build, the workflow triggers the Terraform deploy workflow with that SHA
  4. Terraform deploys the EC2 instance using the pinned image tag

βš™οΈ Terraform Variables

  • resource_suffix: Determines environment-specific resource names (prod, test, dev)
  • allocator_image_tag: Injected by GitHub Actions (auto-set for prod, defaulted to latest-test for other envs)

Resources Provisioned

  • RSA SSH key pair (via Terraform)
  • Security group with ports 22 and 80 open
  • EC2 instance (t2.micro) with Docker-installed container
  • EIP (must be pre-allocated and tagged e.g., lablink-eip-prod)
  • EIP association with EC2 instance

πŸ“€ Outputs (from terraform output)

  • ec2_public_ip: Public IP of the EC2 instance (used for DNS or direct access)
  • private_key_pem: SSH private key (downloaded in CI for provisioning/debug)
  • allocator_fqdn: FQDN (e.g., lablink.sleap.ai or dev.lablink.sleap.ai)
  • ec2_key_name: AWS key name used for SSH access

πŸ›  Manual Deployment (Local Dev Workflow)

For quick local testing (uses default dev state backend and latest-test image):

cd lablink-allocator

terraform init -backend-config=backend-dev.hcl -reconfigure

terraform apply \
  -var="resource_suffix=dev" \
  -var="allocator_image_tag=linux-amd64-latest-test"

Use your AWS profile explicitly if not default:

export AWS_PROFILE=PowerUserAccess-711387140753
aws sts get-caller-identity

πŸ“ Notes

  • All prod DNS (lablink.sleap.ai) is managed manually via Route 53.
  • EIPs must be pre-created and tagged appropriately (e.g., lablink-eip-prod).
  • Terraform CI artifacts include the private SSH key (lablink-key-<env>.pem) for EC2 access.
  • Avoid using latest in production β€” all image tags in prod are pinned to a specific SHA for reproducibility.

Clone this wiki locally