Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix/release(prod): unstable AWS creds clashed with prod #970

Merged
merged 2 commits into from
Jun 5, 2023
Merged
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
40 changes: 26 additions & 14 deletions .circleci/config.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ version: 2.1

orbs:
docker-buildx: sensu/docker-buildx@1.1.1
aws-ecr: circleci/aws-ecr@8.1.2
aws-ecr: circleci/aws-ecr@8.2.1
win: circleci/windows@5.0

executors:
Expand Down Expand Up @@ -316,6 +316,9 @@ jobs:
aws-access-key-id: << parameters.aws-access-key-id >>
aws-secret-access-key: << parameters.aws-secret-access-key >>
public-registry: << parameters.public-registry >>
# `registry-id`` field is required, although we don't need it (used for private registry).
# We give it a non-empty env variable name to bypass the `ecr-login` empty check.
registry-id: TAG
- run:
name: Make and push images
command: |
Expand All @@ -338,17 +341,17 @@ jobs:
default: shuttle.internal
postgres-password:
description: "Shuttle shared postgres password"
type: string
type: env_var_name
mongodb-password:
description: "Shuttle shared mongodb password"
type: string
type: env_var_name
production:
description: "Push and deploy to production"
type: boolean
default: false
steps:
- checkout
- run:
- run:
name: Set git tag in bash_env
command: |
echo TAG=$(git describe --tags --abbrev=0) >> $BASH_ENV
Expand All @@ -362,15 +365,25 @@ jobs:
name: Deploy images
command: |
DOCKER_HOST=ssh://ec2-user@master.<< parameters.ssh-host >> USE_TLS=enable PROD=<< parameters.production >> DD_API_KEY=$DD_API_KEY \
POSTGRES_PASSWORD=<< parameters.postgres-password >> \
MONGO_INITDB_ROOT_PASSWORD=<< parameters.mongodb-password >> \
POSTGRES_PASSWORD=${<< parameters.postgres-password >>} \
MONGO_INITDB_ROOT_PASSWORD=${<< parameters.mongodb-password >>} \
iulianbarbu marked this conversation as resolved.
Show resolved Hide resolved
TAG=$TAG \
make deploy
- run:
name: Pull new deployer image
command: |
[[ << parameters.production >> == true ]] && ssh ec2-user@controller.<< parameters.ssh-host >> "docker pull public.ecr.aws/shuttle-prod/deployer:$TAG" || \
ssh ec2-user@controller.<< parameters.ssh-host >> "docker pull public.ecr.aws/shuttle-dev/deployer:$TAG"
- when:
condition: << parameters.production >>
steps:
- run:
name: Pull new deployer image on prod
command: |
ssh ec2-user@controller.<< parameters.ssh-host >> "docker pull public.ecr.aws/shuttle/deployer:$TAG"
- when:
condition:
not: << parameters.production >>
steps:
- run:
name: Pull new deployer image on dev
command: |
ssh ec2-user@controller.<< parameters.ssh-host >> "docker pull public.ecr.aws/shuttle-dev/deployer:$TAG"
build-binaries-linux:
machine:
image: << parameters.image >>
Expand Down Expand Up @@ -592,7 +605,6 @@ jobs:
name: Crate publishing in order
command: |
cargo publish --manifest-path << parameters.path >>/Cargo.toml
workflows:
ci:
jobs:
Expand Down Expand Up @@ -663,8 +675,8 @@ workflows:
only: main
- build-and-push:
name: build-and-push-unstable
aws-access-key-id: AWS_ACCESS_KEY_ID
aws-secret-access-key: AWS_SECRET_ACCESS_KEY
aws-access-key-id: DEV_AWS_ACCESS_KEY_ID
aws-secret-access-key: DEV_AWS_SECRET_ACCESS_KEY
production: false
requires:
- approve-push-unstable
Expand Down