FEAT: Update Deploy Workflows

In order to deploy to production, we require more orchestration than our deploy scripts currently provide. Update them to be more flexible. * remove the deploy action. inputs on actions are limited to strings and are less flexible in general. * create a deploy-base workflow that will be triggered by the other deployment workflows. it checks out the branch, setsup the env, handles the docker build and push, all app deployments, and slack updates. * update a deploy-prod workflow to be triggered on version tag pushes. * update a deploy-staging workflow to be triggered on ci completion. * create a new manual-deploy workflow that allows a user to deploy to a subset of applications on an environment of their choosing.
mbta · Nov 14, 2023 · 3e5b201 · 3e5b201
1 parent 12030eb
commit 3e5b201
Show file tree

Hide file tree

Showing 6 changed files with 164 additions and 96 deletions.
diff --git a/.github/actions/deploy/action.yaml b/.github/actions/deploy/action.yaml
diff --git a/.github/workflows/deploy-base.yaml b/.github/workflows/deploy-base.yaml
@@ -0,0 +1,101 @@
+# base for all deployments of lamp pipeline
+#
+# pull the contents of a branch
+# create a docker image for the lamp_py project
+# push that image to ecr
+# deploy it (optionally) to ingestion, rail performance manager, and tableau publisher
+# report everything to slack
+on:
+  workflow_call:
+    inputs:
+      env-name:
+        description: One of 'prod', 'staging', or 'dev'
+        required: true
+        type: string
+      deploy-ingestion:
+        description: Should the Ingestion Application be Deployed
+        required: false
+        default: false
+        type: boolean
+      deploy-rail-pm:
+        description: Should the Rail Performance Manager Application be Deployed
+        required: false
+        default: false
+        type: boolean
+      deploy-tableau-publisher:
+        description: Should the Tableau Publisher Application be Deployed
+        required: false
+        default: false
+        type: boolean
+    secrets:
+      DOCKER_REPO:
+        description: ECR Docker repo to push to
+        required: true
+      SLACK_WEBHOOK:
+        description: Slack URL to post to
+        required: true
+      ROLE_TO_ASSUME:
+        description: AWS_ROLE_ARN
+        required: true
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: read
+    steps:
+      - name: Checkout Branch
+        uses: actions/checkout@v3
+
+      - name: Configure AWS credentials
+        id: setup-aws
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ inputs.role-to-assume }}
+          aws-region: us-east-1
+
+      - name: Build and Push Docker Image
+        id: build-push
+        uses: mbta/actions/build-push-ecr@v2
+        with:
+          role-to-assume: ${{ inputs.role-to-assume }}
+          docker-repo: ${{ inputs.docker-repo }}
+          dockerfile-path: ./python_src/
+
+      - name: Deploy Ingestion Application
+        id: deploy-ingestion
+        if: ${{ inputs.deploy-ingestion }}
+        uses: mbta/actions/deploy-ecs@v2
+        with:
+          role-to-assume: ${{ inputs.role-to-assume }}
+          ecs-cluster: lamp
+          ecs-service: lamp-ingestion-${{ inputs.env-name }}
+          docker-tag: ${{ steps.build-push.outputs.docker-tag }}
+
+      - name: Deploy Rail Performance Manager Application
+        id: deploy-rail-performance-manager
+        if: ${{ inputs.deploy-rail-pm }}
+        uses: mbta/actions/deploy-ecs@v2
+        with:
+          role-to-assume: ${{ inputs.role-to-assume }}
+          ecs-cluster: lamp
+          ecs-service: lamp-rail-performance-manager-${{ inputs.env-name }}
+          docker-tag: ${{ steps.build-push.outputs.docker-tag }}
+
+      - name: Deploy Tableau Publisher Application
+        id: deploy-tableau-publisher
+        if: ${{ inputs.deploy-rail-pm && inputs.env-name == 'prod' }}
+        uses: mbta/actions/deploy-scheduled-ecs@v2
+        with:
+          role-to-assume: ${{ inputs.role-to-assume }}
+          ecs-cluster: lamp
+          ecs-service: lamp-tableau-publisher-${{ inputs.env-name }}
+          ecs-task-definition: lamp-tableau-publisher-${{ inputs.env-name }}
+          docker-tag: ${{ steps.build-push.outputs.docker-tag }}
+
+      - uses: mbta/actions/notify-slack-deploy@v2
+        if: ${{ !cancelled() }}
+        with:
+          webhook-url: ${{ inputs.slack-webhook-url }}
+          job-status: ${{ job.status }}
diff --git a/.github/workflows/deploy-dev.yaml b/.github/workflows/deploy-dev.yaml
diff --git a/.github/workflows/deploy-prod.yaml b/.github/workflows/deploy-prod.yaml
@@ -1,19 +1,20 @@
-name: Deploy to Production Environment
+name: Deploy to Production
 
 on:
-  workflow_dispatch:
+  # deploy when version tags are published
+  push:
+    tags:
+      - v[0-9]+.[0-9]+.[0-9]+
 
 jobs:
   deploy:
-    runs-on: ubuntu-latest
-    permissions:
-      id-token: write
-      contents: read
-    steps:
-      - uses: actions/checkout@v3
-      - uses: ./.github/actions/deploy
-        with:
-          role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
-          docker-repo: ${{ secrets.LAMP_DOCKER_URI }}
-          env-name: prod
-          slack-webhook-url: ${{ secrets.SLACK_WEBHOOK }}
+    name: Deploy to Production
+    concurrency:
+      group: prod
+    uses: ./.github/workflows/deploy-base.yaml
+    with:
+      env-name: prod
+      deploy-ingestion: true
+      deploy-rail-pm: true
+      deploy-tableau-publisher: true
+    secrets: inherit
diff --git a/.github/workflows/deploy-staging.yaml b/.github/workflows/deploy-staging.yaml
@@ -1,24 +1,22 @@
-name: Deploy to Staging Environment
+name: Deploy to Staging
 
 on:
+  # deploy when ci has been completed on main (should occur after new commits are added to main
+  # directly or via pull request)
   workflow_run:
     workflows: ["Continuous Integration (Python)"]
     types: [completed]
     branches:
       - main
-  workflow_dispatch:
 
 jobs:
   deploy:
-    runs-on: ubuntu-latest
-    permissions:
-      id-token: write
-      contents: read
-    steps:
-      - uses: actions/checkout@v3
-      - uses: ./.github/actions/deploy
-        with:
-          role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
-          docker-repo: ${{ secrets.LAMP_DOCKER_URI }}
-          env-name: staging
-          slack-webhook-url: ${{ secrets.SLACK_WEBHOOK }}
+    name: Deploy to Staging
+    concurrency:
+      group: staging
+    uses: ./.github/workflows/deploy-base.yaml
+    with:
+      env-name: staging
+      deploy-ingestion: true
+      deploy-rail-pm: true
+    secrets: inherit
diff --git a/.github/workflows/manual-deploy.yaml b/.github/workflows/manual-deploy.yaml
@@ -0,0 +1,36 @@
+name: Manual Deploy
+
+on:
+  workflow_dispatch:
+    environment:
+      description: What environment to change the task count for
+      type: choice
+      options:
+        - dev
+        - staging
+        - prod
+      deploy-ingestion:
+        description: Should the Ingestion Application be Deployed
+        default: false
+        type: boolean
+      deploy-rail-pm:
+        description: Should the Rail Performance Manager Application be Deployed
+        default: false
+        type: boolean
+      deploy-tableau-publisher:
+        description: Should the Tableau Publisher Application be Deployed (only run on Prod)
+        default: false
+        type: boolean
+
+jobs:
+  deploy:
+    name: Deploy to Production
+    concurrency:
+      group: github.event.inputs.environment
+    uses: ./.github/workflows/deploy-base.yaml
+    with:
+      env-name: github.event.inputs.environment
+      deploy-ingestion: github.envent.inputs.deploy-ingestion
+      deploy-rail-pm: github.envent.inputs.deploy-rail-pm
+      deploy-tableau-publisher: github.envent.inputs.deploy-tableau-publisher
+    secrets: inherit