Skip to content
Webchat Deploy

Webchat Deploy #81

Sign in to view logs

Webchat Deploy

Webchat Deploy #81

Workflow file for this run

.github/workflows/webchat-deploy.yml at 90a1ccb
# Copyright (C) 2021-2023 Technology Matters
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published
# by the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see https://www.gnu.org/licenses/.
# Upload Webchat to S3 bucket with Github Actions
name: Webchat Deploy
on:
workflow_dispatch:
inputs:
helpline_code:
description: "The short (usually 2 character) upper case code used to identify the helpline internally, e.g. ZA, IN, BR."
required: true
type: string
environment:
description: "Helpline Environment: development, staging, production"
required: true
type: string
recaptcha_verify_url:
description: "Recaptcha Verify URL"
required: false
type: string
workflow_call:
inputs:
helpline_code:
description: "The short (usually 2 character) upper case code used to identify the helpline internally, e.g. ZA, IN, BR."
required: true
type: string
environment:
description: "Helpline Environment"
required: true
type: string
recaptcha_verify_url:
description: "Recaptcha Verify URL"
required: false
type: string
send-slack-message:
description: If set to false a slack message will not be sent - useful for E2E test deploys.
default: 'true'
type: string
env:
recaptcha_verify_url_default: https://hrm-${{ inputs.environment }}.tl.techmatters.org/lambda/recaptchaVerify
# this is part of a dirty hack to get the right recaptcha_verify_url
recaptcha_verify_url_ca: https://hrm-production-ca.tl.techmatters.org/lambda/recaptchaVerify
# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
# This workflow contains a single job called "build"
build:
# The type of runner that the job will run on
runs-on: ubuntu-latest
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
# Change String Case for Helpline Code
- name: Change String Case for Helpline Code
id: helpline_code
uses: "ASzc/change-string-case-action@v6"
with:
string: "${{ inputs.helpline_code }}"
# Set SHORT_ENVIRONMENT_CODE
- name: Production Environment
if: inputs.environment == 'production'
run: echo "SHORT_ENVIRONMENT_CODE=prod" >> $GITHUB_ENV
- name: Staging Environment
if: inputs.environment == 'staging'
run: echo "SHORT_ENVIRONMENT_CODE=stg" >> $GITHUB_ENV
- name: Development Environment
if: inputs.environment == 'development'
run: echo "SHORT_ENVIRONMENT_CODE=dev" >> $GITHUB_ENV
# Setup credentials to access AWS for parameters
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: "us-east-1"
# Get AWS parameters
- name: Set GITHUB_ACTIONS_SLACK_BOT_TOKEN
uses: "marvinpinto/action-inject-ssm-secrets@latest"
with:
ssm_parameter: "GITHUB_ACTIONS_SLACK_BOT_TOKEN"
env_variable_name: "GITHUB_ACTIONS_SLACK_BOT_TOKEN"
- name: Set ASELO_DEPLOYS_CHANNEL_ID
uses: "marvinpinto/action-inject-ssm-secrets@latest"
with:
ssm_parameter: "ASELO_DEPLOYS_CHANNEL_ID"
env_variable_name: "ASELO_DEPLOYS_CHANNEL_ID"
- name: Set IP_FIND_API_KEY
uses: "marvinpinto/action-inject-ssm-secrets@latest"
with:
ssm_parameter: "IP_FIND_API_KEY"
env_variable_name: "IP_FIND_API_KEY"
- name: Set ACCOUNT_SID
uses: "marvinpinto/action-inject-ssm-secrets@latest"
with:
ssm_parameter: "/${{ inputs.environment }}/twilio/${{ inputs.helpline_code }}/account_sid"
env_variable_name: "ACCOUNT_SID"
- name: Set SERVERLESS_URL
uses: "marvinpinto/action-inject-ssm-secrets@latest"
with:
ssm_parameter: "/${{ inputs.environment }}/serverless/${{ env.ACCOUNT_SID }}/base_url"
env_variable_name: "SERVERLESS_URL"
- name: Set RECAPTCHA_KEY
uses: "marvinpinto/action-inject-ssm-secrets@latest"
with:
ssm_parameter: "/global/google/recaptcha/site_key"
env_variable_name: "RECAPTCHA_KEY"
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- uses: actions/checkout@v4
- name: Use Node.js
uses: actions/setup-node@v4
with:
node-version: "18.x"
# Create and fill secret.ts
- name: Create secret.ts
run: |
touch ./private/secret.ts
working-directory: ./webchat
# this is part of a dirty hack to get the right recaptcha_verify_url
- name: set FALLBACK_RECAPTCHA_VERIFY_URL
id: set_fallback_recaptcha_verify_url
run: echo "FALLBACK_RECAPTCHA_VERIFY_URL=${{ inputs.helpline_code == 'CA' && env.recaptcha_verify_url_ca || env.recaptcha_verify_url_default }}" >> $GITHUB_ENV
# This includes a dirty hack to get the recaptcha_verify_url into the secret.ts file with the correct region for CA
# We should really start adding a helpline specific HRM url to the SSM parameters as part of twilio_iac and pulling
# that in here, but this will do for now.
- name: Fill secret.ts
run: |
cat <<EOT >> ./private/secret.ts
export const API_KEY = '${{ env.IP_FIND_API_KEY }}';
export const SERVERLESS_URL = '${{ env.SERVERLESS_URL }}';
export const RECAPTCHA_KEY = '${{ env.RECAPTCHA_KEY }}';
export const RECAPTCHA_VERIFY_URL = '${{ inputs.recaptcha_verify_url || env.FALLBACK_RECAPTCHA_VERIFY_URL }}';
EOT
working-directory: ./webchat
# Run a single command using the runners shell to install dependencies
- name: Install dependencies
run: npm ci
working-directory: ./webchat
# Get the blockedIps for as-dev account
- name: Get blockedIps for as-dev
if: ${{ steps.helpline_code.outputs.lowercase }}-$SHORT_ENVIRONMENT_CODE == as-dev
run: curl -o ./src/blockedIps.json https://tl-public-chat-as-dev.s3.amazonaws.com/blockedIps.json
working-directory: ./webchat
shell: bash
# Get the blockedIps for jm-prod account
- name: Get blockedIps for jm-prod
if: ${{ steps.helpline_code.outputs.lowercase }}-$SHORT_ENVIRONMENT_CODE == jm-prod
run: curl -o ./src/blockedIps.json https://tl-public-chat-jm-prod.s3.amazonaws.com/blockedIps.json
working-directory: ./webchat
shell: bash
# Build and compile Webchat using the corresponding config file
- name: Run build command
run: CONFIG=${{ steps.helpline_code.outputs.lowercase }}-${{ inputs.environment }} npm run build
working-directory: ./webchat
# Rename the builded js file
- name: Rename js
run: mv bundle.js aselo-chat.min.js
working-directory: ./webchat/build
# Upload Webchat to S3 bucket
- name: Upload Webchat to S3 bucket
uses: jakejarvis/s3-sync-action@master
with:
args: --acl public-read --follow-symlinks --exclude '*' --include '*.js' --content-type 'application/javascript; charset=utf-8'
env:
AWS_S3_BUCKET: tl-public-chat-${{ steps.helpline_code.outputs.lowercase }}-$SHORT_ENVIRONMENT_CODE
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_REGION: "${{ secrets.AWS_DEFAULT_REGION }}"
SOURCE_DIR: "webchat/build"
- name: Upload Webchat bundle to assets S3 bucket
uses: jakejarvis/s3-sync-action@master
with:
args: --acl public-read --follow-symlinks --exclude '*' --include '*.js' --content-type 'application/javascript; charset=utf-8'
env:
AWS_S3_BUCKET: assets-${{ inputs.environment }}.tl.techmatters.org
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_REGION: "${{ secrets.AWS_DEFAULT_REGION }}"
SOURCE_DIR: "webchat/build"
DEST_DIR: "webchat/${{ steps.helpline_code.outputs.lowercase }}"
- name: Upload e2e-chat html file to assets S3 bucket
uses: jakejarvis/s3-sync-action@master
with:
args: --acl public-read --follow-symlinks --exclude '*' --include 'e2e-chat.html' --include 'test-chat.html' --content-type 'text/html; charset=utf-8'
env:
AWS_S3_BUCKET: assets-${{ inputs.environment }}.tl.techmatters.org
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_REGION: "${{ secrets.AWS_DEFAULT_REGION }}"
SOURCE_DIR: "webchat/build"
DEST_DIR: "webchat/${{ steps.helpline_code.outputs.lowercase }}"
- name: Clear cloudfront cache
run: |
CF_DISTRO=$(aws cloudfront list-distributions --query "DistributionList.Items[*].{id:Id,origin:Origins.Items[0].DomainName}[?origin=='assets-${{ inputs.environment }}.tl.techmatters.org.s3-website.us-east-1.amazonaws.com'].id" --output text)
aws cloudfront create-invalidation --distribution-id $CF_DISTRO --paths /webchat/${{ steps.helpline_code.outputs.lowercase }}/*
# Send Slack notifying success
- name: Slack Aselo channel
id: slack
uses: slackapi/slack-github-action@v2.0.0
if: ${{ inputs.send-slack-message != 'false' }}
with:
method: chat.postMessage
token: ${{ env.GITHUB_ACTIONS_SLACK_BOT_TOKEN }}
payload: |
channel: ${{ env.ASELO_DEPLOYS_CHANNEL_ID }}
text: '`[WEBCHAT]` Deployment to `${{inputs.helpline_code}}-${{inputs.environment}}` of ${{ github.ref_type }} `${{ github.ref_name }}` requested by `${{ github.triggering_actor }}` completed using workflow '${{ github.workflow }}' with SHA ${{ github.sha }} :rocket:.'
# Update deployment matrix
- name: Update deployment matrix
uses: ./.github/actions/deployment-matrix
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.AWS_DEFAULT_REGION }}
identifier: ${{ inputs.helpline_code }}
environment: ${{ inputs.environment}}
service_repo: 'webchat'
version_tag: ${{ github.ref_name }}