Deploy #3188

Workflow file for this run

	name: Deploy

	concurrency: deploy-${{ fromJSON('["pastaporto", "production"]')[github.ref == 'refs/heads/main'] }}

	on:
	push:
	branches:
	- main
	workflow_dispatch:

	env:
	TF_WORKSPACE: ${{ fromJSON('["pastaporto", "production"]')[github.ref == 'refs/heads/main'] }}

	jobs:
	check-pretix-build:
	name: Check pretix needs building
	runs-on: ubuntu-24.04
	outputs:
	image_exists: ${{ steps.image.outputs.image_exists }}
	githash: ${{ steps.git.outputs.githash }}
	steps:
	- uses: actions/checkout@v4
	with:
	ref: ${{ github.ref }}
	fetch-depth: 0
	- name: Configure AWS credentials
	uses: aws-actions/configure-aws-credentials@v4
	with:
	aws-access-key-id: ${{ secrets.aws_access_key_id }}
	aws-secret-access-key: ${{ secrets.aws_secret_access_key }}
	aws-region: eu-central-1
	- name: Get service githash
	id: git
	run: \|
	hash=$(git rev-list -1 HEAD -- ./pretix)
	echo "githash=$hash" >> $GITHUB_OUTPUT
	- name: Check if commit is already on ECR
	id: image
	run: \|
	set +e
	aws ecr describe-images --repository-name=pythonit/pretix --image-ids=imageTag=arm-${{ steps.git.outputs.githash }}
	if [[ $? == 0 ]]; then
	echo "image_exists=1" >> $GITHUB_OUTPUT
	else
	echo "image_exists=0" >> $GITHUB_OUTPUT
	fi

	check-frontend-build:
	name: Check frontend needs building
	runs-on: ubuntu-24.04
	outputs:
	image_exists: ${{ steps.image.outputs.image_exists }}
	githash: ${{ steps.git.outputs.githash }}
	steps:
	- uses: actions/checkout@v4
	with:
	ref: ${{ github.ref }}
	fetch-depth: 0
	- name: Configure AWS credentials
	uses: aws-actions/configure-aws-credentials@v4
	with:
	aws-access-key-id: ${{ secrets.aws_access_key_id }}
	aws-secret-access-key: ${{ secrets.aws_secret_access_key }}
	aws-region: eu-central-1
	- name: Get service githash
	id: git
	run: \|
	hash=$(git rev-list -1 HEAD -- frontend)
	echo "githash=$hash" >> $GITHUB_OUTPUT
	- name: Check if commit is already on ECR
	id: image
	run: \|
	set +e
	aws ecr describe-images --repository-name=pythonit/${{ fromJSON('["pastaporto", "production"]')[github.ref == 'refs/heads/main'] }}-pycon-frontend --image-ids=imageTag=${{ steps.git.outputs.githash }}
	if [[ $? == 0 ]]; then
	echo "image_exists=1" >> $GITHUB_OUTPUT
	else
	echo "image_exists=0" >> $GITHUB_OUTPUT
	fi

	check-backend-build:
	name: Check backend needs building
	runs-on: ubuntu-24.04
	outputs:
	image_exists: ${{ steps.image.outputs.image_exists }}
	githash: ${{ steps.git.outputs.githash }}
	steps:
	- uses: actions/checkout@v4
	with:
	ref: ${{ github.ref }}
	fetch-depth: 0
	- name: Configure AWS credentials
	uses: aws-actions/configure-aws-credentials@v4
	with:
	aws-access-key-id: ${{ secrets.aws_access_key_id }}
	aws-secret-access-key: ${{ secrets.aws_secret_access_key }}
	aws-region: eu-central-1
	- name: Get service githash
	id: git
	run: \|
	hash=$(git rev-list -1 HEAD -- backend)
	echo "githash=$hash" >> $GITHUB_OUTPUT
	- name: Check if commit is already on ECR
	id: image
	run: \|
	set +e
	aws ecr describe-images --repository-name=pythonit/pycon-backend --image-ids=imageTag=arm-${{ steps.git.outputs.githash }}
	if [[ $? == 0 ]]; then
	echo "image_exists=1" >> $GITHUB_OUTPUT
	else
	echo "image_exists=0" >> $GITHUB_OUTPUT
	fi

	build-pretix:
	name: Build pretix
	needs: [check-pretix-build]
	uses: ./.github/workflows/build-pretix.yml
	with:
	githash: ${{ needs.check-pretix-build.outputs.githash }}
	secrets: inherit
	if: ${{ needs.check-pretix-build.outputs.image_exists == 0 }}

	build-be:
	name: Build backend
	needs: [check-backend-build]
	uses: ./.github/workflows/build-backend.yml
	with:
	githash: ${{ needs.check-backend-build.outputs.githash }}
	secrets: inherit
	if: ${{ needs.check-backend-build.outputs.image_exists == 0 }}

	deploy-be:
	name: Deploy backend
	runs-on: ubuntu-24.04
	needs: [build-be, build-pretix, check-frontend-build]
	if: always() && !cancelled() && !failure() && !contains(needs..result, 'failure') && !contains(needs..result, 'cancelled')
	environment:
	name: ${{ fromJSON('["pastaporto", "production"]')[github.ref == 'refs/heads/main'] }}
	defaults:
	run:
	working-directory: ./infrastructure/applications
	steps:
	- uses: actions/checkout@v4
	with:
	ref: ${{ github.ref }}
	fetch-depth: 0
	- uses: opentofu/setup-opentofu@v1
	with:
	tofu_version: 1.9.0
	- name: OpenTofu Init
	run: tofu init
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
	AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
	- name: OpenTofu Validate
	id: validate
	run: tofu validate -no-color
	- name: OpenTofu apply
	run: tofu apply -exclude module.pycon_frontend -no-color -auto-approve &> /dev/null
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
	AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
	AWS_DEFAULT_REGION: eu-central-1

	wait-be-update:
	name: Wait backend deployment
	runs-on: ubuntu-24.04
	needs: [deploy-be, check-backend-build]
	if: always() && !cancelled() && !failure() && !contains(needs..result, 'failure') && !contains(needs..result, 'cancelled')
	steps:
	- uses: actions/checkout@v4
	with:
	ref: ${{ github.ref }}
	fetch-depth: 0
	- name: Wait stable deployment
	uses: ./.github/actions/wait-for-deployment
	with:
	url: https://${{ fromJSON('["pastaporto-", ""]')[github.ref == 'refs/heads/main'] }}admin.pycon.it/health/
	githash: ${{ needs.check-backend-build.outputs.githash }}

	build-fe:
	name: Build frontend
	needs: [wait-be-update, check-frontend-build]
	uses: ./.github/workflows/build-frontend.yml
	with:
	githash: ${{ needs.check-frontend-build.outputs.githash }}
	tf_environment: ${{ fromJSON('["pastaporto", "production"]')[github.ref == 'refs/heads/main'] }}
	secrets: inherit
	if: always() && needs.check-frontend-build.outputs.image_exists == 0 && !cancelled() && !failure() && !contains(needs..result, 'failure') && !contains(needs..result, 'cancelled')

	deploy-fe:
	name: Deploy frontend
	runs-on: ubuntu-24.04
	needs: [build-fe]
	if: always() && !cancelled() && !failure() && !contains(needs..result, 'failure') && !contains(needs..result, 'cancelled')
	environment:
	name: ${{ fromJSON('["pastaporto", "production"]')[github.ref == 'refs/heads/main'] }}
	defaults:
	run:
	working-directory: ./infrastructure/applications
	steps:
	- uses: actions/checkout@v4
	with:
	ref: ${{ github.ref }}
	fetch-depth: 0
	- uses: opentofu/setup-opentofu@v1
	with:
	tofu_version: 1.9.0
	- name: OpenTofu Init
	run: tofu init
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
	AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
	- name: OpenTofu Validate
	id: validate
	run: tofu validate -no-color
	- name: OpenTofu apply
	run: tofu apply -no-color -auto-approve &> /dev/null
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
	AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
	AWS_DEFAULT_REGION: eu-central-1

	wait-fe-update:
	name: Wait frontend deployment
	runs-on: ubuntu-24.04
	needs: [deploy-fe, check-frontend-build]
	if: always() && !cancelled() && !failure() && !contains(needs..result, 'failure') && !contains(needs..result, 'cancelled')
	steps:
	- uses: actions/checkout@v4
	with:
	ref: ${{ github.ref }}
	fetch-depth: 0
	- name: Wait stable deployment
	uses: ./.github/actions/wait-for-deployment
	with:
	url: https://${{ fromJSON('["pastaporto-frontend", "frontend"]')[github.ref == 'refs/heads/main'] }}.pycon.it/api/health
	githash: ${{ needs.check-frontend-build.outputs.githash }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Deploy #3188

Workflow file

Deploy #3188

Jobs

Run details

Workflow file for this run