Move vars to github environment

NASA-IMPACT · Aug 31, 2023 · 84e7fc1 · 84e7fc1
1 parent e8b2379
commit 84e7fc1
Show file tree

Hide file tree

Showing 6 changed files with 17 additions and 196 deletions.
diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml
@@ -34,15 +34,6 @@ jobs:
 
     uses: "./.github/workflows/deploy.yml"
     secrets: inherit # pass all secrets
-    with:
-      role-to-assume: "arn:aws:iam::854573354511:role/admg-ci-role"
-      role-session-name: "admg-backend-github-staging-deployment"
-      environment: "dev"
-      aws-region: "us-west-2"
-      vpc-id: "vpc-0caf6f6042c6f2b7c"
-      domain-name: "admgstaging.nasa-impact.net"
-      django-debug: false
-      alb-listener-arn: "arn:aws:elasticloadbalancing:us-west-2:854573354511:loadbalancer/app/admg-backend-loadbalancer/076ac577e623b5be"
 
   deploy-to-production:
     needs: run-linters
@@ -51,15 +42,6 @@ jobs:
 
     uses: "./.github/workflows/deploy.yml"
     secrets: inherit # pass all secrets
-    with:
-      role-to-assume: "arn:aws:iam::854573354511:role/admg-ci-role"
-      role-session-name: "admg-backend-github-production-deployment"
-      environment: "prod"
-      aws-region: "us-west-2"
-      vpc-id: "vpc-0108360d661166fc3"
-      domain-name: "admg.nasa-impact.net"
-      django-debug: false
-      alb-listener-arn: "arn:aws:elasticloadbalancing:us-west-2:854573354511:loadbalancer/app/admg-production-loadbalancer/441052bf67cffa76"
 
   notify-slack-staging:
     needs: deploy-to-staging

diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -4,51 +4,16 @@ permissions:
   id-token: write
   contents: read
 
-on:
-  workflow_call:
-    inputs:
-      role-to-assume:
-        type: string
-        required: true
-      role-session-name:
-        type: string
-        required: false
-        default: github-actions-deployment
-      environment:
-        type: string
-        required: true
-      aws-region:
-        type: string
-        required: false
-        default: us-west-2
-      vpc-id:
-        description: ID of AWS VPC.
-        type: string
-        required: true
-      domain-name:
-        description: Name of the domain from which the application is served.
-        type: string
-        required: true
-      alb-listener-arn:
-        description: ARN of Application Load Balancer listener.
-        type: string
-        required: true
-      django-debug:
-        description: Enable DEBUG mode in Django.
-        type: boolean
-        required: false
-        default: false
-
 jobs:
   build-and-deploy:
     runs-on: ubuntu-latest
-    environment: ${{ inputs.environment }}
+    environment: ${{ vars.environment }}
     env:
-      VPC_ID: ${{ inputs.vpc-id }}
-      DOMAIN_NAME: ${{ inputs.domain-name }}
-      ALB_LISTENER_ARN: ${{ inputs.alb-listener-arn }}
+      VPC_ID: ${{ vars.VPCID }}
+      DOMAIN_NAME: ${{ vars.domain-name }}
+      ALB_LISTENER_ARN: ${{ vars.alb-listener-arn }}
       # Django Settings
-      DJANGO_DEBUG: ${{ inputs.django-debug }}
+      DJANGO_DEBUG: ${{ vars.django-debug }}
       DJANGO_ADMIN_URL: ${{ secrets.DJANGO_ADMIN_URL }}
       DJANGO_ALLOWED_HOSTS: ${{ secrets.DJANGO_ALLOWED_HOSTS }}
       DJANGO_SECRET_KEY: ${{ secrets.DJANGO_SECRET_KEY }}
@@ -85,9 +50,9 @@ jobs:
       - name: Configure AWS credentials
         uses: aws-actions/configure-aws-credentials@v1
         with:
-          role-to-assume: ${{ inputs.role-to-assume }}
+          role-to-assume: ${{ vars.ROLETOASSUME }}
           role-session-name: ${{ github.actor }}
-          aws-region: ${{ inputs.aws-region }}
+          aws-region: ${{ vars.aws-region }}
 
       - name: Install dependencies
         run: |

diff --git a/deploy/deploy_stacks/app_stack.py b/deploy/deploy_stacks/app_stack.py
@@ -59,12 +59,12 @@ def __init__(
         # to be set when deploying other stacks.
         deployment_settings = DeploymentSettings(
             _env_file=(  # pyright: ignore NOTE: https://github.com/blakeNaccarato/pydantic/blob/c5a29ef77374d4fda85e8f5eb2016951d23dac33/docs/visual_studio_code.md?plain=1#L260-L272
-                {"dev": ".env.staging", "prod": ".env.production"}.get(stage, "development")
+                {"dev": ".env.staging", "prod": ".env.production"}.get(stage, ".env.development")
             ),
         )
         app_env_settings = AppEnvSettings(
             _env_file=(  # pyright: ignore NOTE: https://github.com/blakeNaccarato/pydantic/blob/c5a29ef77374d4fda85e8f5eb2016951d23dac33/docs/visual_studio_code.md?plain=1#L260-L272
-                {"dev": ".env.staging", "prod": ".env.production"}.get(stage, "development")
+                {"dev": ".env.staging", "prod": ".env.production"}.get(stage, ".env.development")
             ),
         )
 
@@ -81,10 +81,7 @@ def __init__(
 
         app_service = patterns.ApplicationLoadBalancedFargateService(
             self,
-            {
-                "dev": "admg-backend-fargate-service",
-                "prod": "admg-production-fargate-service",
-            }.get(stage, "development"),
+            f"admg-{stage}-fargate-service",
             cluster=cluster,
             memory_limit_mib=1024,
             desired_count=1,
@@ -96,9 +93,7 @@ def __init__(
                     "AWS_S3_REGION_NAME": Stack.of(self).region,
                     "AWS_STORAGE_BUCKET_NAME": assets_bucket.bucket_name,
                     "DJANGO_SETTINGS_MODULE": "config.settings.production",
-                    "SENTRY_ENV": {"dev": "staging", "prod": "production"}.get(
-                        stage, "development"
-                    ),
+                    "SENTRY_ENV": stage,
                     "CELERY_BROKER_URL": "sqs://",
                     "CELERY_TASK_DEFAULT_QUEUE": queue.queue_name,
                     "AWS_QUEUE_REGION_NAME": Stack.of(self).region,
@@ -111,10 +106,7 @@ def __init__(
                 },
             ),
             task_subnets=ec2.SubnetSelection(subnet_type=ec2.SubnetType.PRIVATE_WITH_EGRESS),
-            load_balancer_name={
-                "dev": 'admg-backend-loadbalancer',
-                "prod": 'admg-production-loadbalancer',
-            }.get(stage, "development"),
+            load_balancer_name=f'admg-{stage}-loadbalancer',
             certificate=certmgr.Certificate(
                 self,
                 id="cert",
@@ -139,7 +131,7 @@ def __init__(
                 "AWS_S3_REGION_NAME": Stack.of(self).region,
                 "AWS_STORAGE_BUCKET_NAME": assets_bucket.bucket_name,
                 "DJANGO_SETTINGS_MODULE": "config.settings.production",
-                "SENTRY_ENV": {"dev": "staging", "prod": "production"}.get(stage, "development"),
+                "SENTRY_ENV": stage,
                 "CELERY_BROKER_URL": "sqs://@",
                 "AWS_QUEUE_REGION_NAME": Stack.of(self).region,
                 "CELERY_TASK_DEFAULT_QUEUE": queue.queue_name,

diff --git a/deploy/deploy_stacks/infra_stack.py b/deploy/deploy_stacks/infra_stack.py
@@ -32,9 +32,7 @@ def __init__(self, app: App, stack_id: str, stage: str, **kwargs) -> None:
                     }
                 },
             ),
-            role_name={"dev": "admg-ci-role", "prod": "admg-production-ci-role"}.get(
-                stage, "development"
-            ),
+            role_name={f"admg-ci-{stage}-role"},
             inline_policies={
                 "cdk_permissions": iam.PolicyDocument(
                     statements=[
@@ -48,7 +46,7 @@ def __init__(self, app: App, stack_id: str, stage: str, **kwargs) -> None:
                     statements=[
                         iam.PolicyStatement(
                             actions=["s3:PutObject"],
-                            resources=["arn:aws:s3:::assets-bucket/*"],
+                            resources=[f"arn:aws:s3:::admg-{stage}-assets/*"],
                         )
                     ]
                 ),
@@ -57,6 +55,7 @@ def __init__(self, app: App, stack_id: str, stage: str, **kwargs) -> None:
 
         deployment_settings = DeploymentSettings(
             _env_file=(  # pyright: ignore NOTE: https://github.com/blakeNaccarato/pydantic/blob/c5a29ef77374d4fda85e8f5eb2016951d23dac33/docs/visual_studio_code.md?plain=1#L260-L272
+                # TODO get from env variable
                 {"dev": ".env.staging", "prod": ".env.production"}.get(stage, "development")
             ),
         )
@@ -66,6 +65,7 @@ def __init__(self, app: App, stack_id: str, stage: str, **kwargs) -> None:
         self.bucket: s3.Bucket = s3.Bucket(
             self,
             "assets-bucket",
+            # TODO pull from env
             bucket_name=generate_name("assets", stage=stage).replace("_", "-"),
             access_control=s3.BucketAccessControl.BUCKET_OWNER_FULL_CONTROL,
         )

diff --git a/docker-compose.prod.yml b/docker-compose.prod.yml
diff --git a/docker-compose.staging.yml b/docker-compose.staging.yml