Fix GitHub workflow to use vars instead of env for GitHub Variables #34
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy to AWS App Runner | |
| on: | |
| push: | |
| branches: [ main, master ] | |
| workflow_dispatch: | |
| inputs: | |
| environment: | |
| description: 'Deployment environment' | |
| required: true | |
| default: 'production' | |
| type: choice | |
| options: | |
| - production | |
| - staging | |
| # Configuration loaded from deployment/config.env by deploy-app-runner.sh | |
| jobs: | |
| check-secrets: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| aws-creds-configured: ${{ steps.check-aws.outputs.configured }} | |
| steps: | |
| - id: check-aws | |
| run: | | |
| if [[ -n "${{ secrets.AWS_ACCESS_KEY_ID }}" ]] && [[ -n "${{ secrets.AWS_SECRET_ACCESS_KEY }}" ]]; then | |
| echo "configured=true" >> $GITHUB_OUTPUT | |
| else | |
| echo "configured=false" >> $GITHUB_OUTPUT | |
| echo "⚠️ AWS credentials not configured. Please add AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY to repository secrets." | |
| fi | |
| validate-config: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: '3.11' | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install -r requirements.txt | |
| pip install -r deployment/requirements.txt | |
| # Install any additional dependencies that might be needed for evals | |
| pip install openai tiktoken | |
| - name: Run tests | |
| env: | |
| OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }} | |
| CI: true | |
| run: | | |
| curl --proto '=https' --tlsv1.2 -sSf https://just.systems/install.sh | bash -s -- --to ~/.local/bin | |
| echo "$HOME/.local/bin" >> $GITHUB_PATH | |
| # Run comprehensive CI tests (config validation + data tests if available) | |
| just ci-tests-with-data || just validate-config | |
| deploy: | |
| needs: [check-secrets, validate-config] | |
| if: needs.check-secrets.outputs.aws-creds-configured == 'true' | |
| runs-on: ubuntu-latest | |
| environment: ${{ github.event.inputs.environment || 'production' }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: ${{ vars.AWS_REGION }} | |
| - name: Set up environment | |
| run: | | |
| # App Runner deployment will be handled in separate step | |
| # Create config file for App Runner deployment script | |
| echo "AWS_ACCOUNT_ID=${{ vars.AWS_ACCOUNT_ID }}" > .github/config.env | |
| echo "AWS_REGION=${{ vars.AWS_REGION }}" >> .github/config.env | |
| echo "SERVICE_NAME=${{ vars.APP_RUNNER_SERVICE }}" >> .github/config.env | |
| echo "ECR_REPOSITORY=${{ vars.ECR_REPOSITORY }}" >> .github/config.env | |
| - name: Build and push Docker image | |
| run: | | |
| # Login to ECR | |
| aws ecr get-login-password --region ${{ vars.AWS_REGION }} | \ | |
| docker login --username AWS --password-stdin ${{ vars.AWS_ACCOUNT_ID }}.dkr.ecr.${{ vars.AWS_REGION }}.amazonaws.com | |
| # Create ECR repository if it doesn't exist | |
| aws ecr describe-repositories --repository-names ${{ vars.ECR_REPOSITORY }} --region ${{ vars.AWS_REGION }} || \ | |
| aws ecr create-repository --repository-name ${{ vars.ECR_REPOSITORY }} --region ${{ vars.AWS_REGION }} --image-scanning-configuration scanOnPush=true | |
| # Build from project root with deployment/Dockerfile and data credentials | |
| docker build -f deployment/Dockerfile \ | |
| --build-arg MXCP_DATA_ACCESS_KEY_ID=${{ secrets.MXCP_DATA_ACCESS_KEY_ID }} \ | |
| --build-arg MXCP_DATA_SECRET_ACCESS_KEY=${{ secrets.MXCP_DATA_SECRET_ACCESS_KEY }} \ | |
| -t ${{ vars.ECR_REPOSITORY }}:${{ github.sha }} . | |
| # Tag for ECR | |
| docker tag ${{ vars.ECR_REPOSITORY }}:${{ github.sha }} ${{ vars.AWS_ACCOUNT_ID }}.dkr.ecr.${{ vars.AWS_REGION }}.amazonaws.com/${{ vars.ECR_REPOSITORY }}:${{ github.sha }} | |
| docker tag ${{ vars.ECR_REPOSITORY }}:${{ github.sha }} ${{ vars.AWS_ACCOUNT_ID }}.dkr.ecr.${{ vars.AWS_REGION }}.amazonaws.com/${{ vars.ECR_REPOSITORY }}:latest | |
| # Push to ECR | |
| docker push ${{ vars.AWS_ACCOUNT_ID }}.dkr.ecr.${{ vars.AWS_REGION }}.amazonaws.com/${{ vars.ECR_REPOSITORY }}:${{ github.sha }} | |
| docker push ${{ vars.AWS_ACCOUNT_ID }}.dkr.ecr.${{ vars.AWS_REGION }}.amazonaws.com/${{ vars.ECR_REPOSITORY }}:latest | |
| - name: Deploy to AWS App Runner | |
| run: | | |
| chmod +x .github/scripts/deploy-app-runner.sh | |
| ./.github/scripts/deploy-app-runner.sh | |
| - name: Monitor App Runner deployment | |
| run: | | |
| echo "📊 Monitoring App Runner service creation/update..." | |
| # Discover service ARN dynamically by name (ARN changes when service is recreated) | |
| echo "🔍 Finding service ARN for: ${{ vars.APP_RUNNER_SERVICE }}" | |
| SERVICE_ARN=$(aws apprunner list-services --region ${{ vars.AWS_REGION }} \ | |
| --query "ServiceSummaryList[?ServiceName=='${{ vars.APP_RUNNER_SERVICE }}'].ServiceArn | [0]" \ | |
| --output text) | |
| if [ "$SERVICE_ARN" == "None" ] || [ -z "$SERVICE_ARN" ]; then | |
| echo "❌ Service not found after deployment" | |
| exit 1 | |
| fi | |
| echo "✅ Found service ARN: $SERVICE_ARN" | |
| # Monitor for up to 10 minutes (App Runner can take time) | |
| for i in {1..20}; do | |
| STATUS=$(aws apprunner describe-service --service-arn "$SERVICE_ARN" --query 'Service.Status' --output text) | |
| echo "[$i/20] Current status: $STATUS" | |
| case $STATUS in | |
| "RUNNING") | |
| echo "✅ Service is RUNNING!" | |
| break | |
| ;; | |
| "CREATE_FAILED"|"UPDATE_FAILED"|"DELETE_FAILED") | |
| echo "❌ Service failed with status: $STATUS" | |
| # Get more details about the failure | |
| aws apprunner describe-service --service-arn "$SERVICE_ARN" --query 'Service.{Status:Status,StatusMessage:StatusMessage}' --output table | |
| exit 1 | |
| ;; | |
| "OPERATION_IN_PROGRESS"|"CREATING"|"UPDATING") | |
| echo "⏳ Service still starting... waiting 30 seconds" | |
| sleep 30 | |
| ;; | |
| *) | |
| echo "⚠️ Unknown status: $STATUS" | |
| sleep 30 | |
| ;; | |
| esac | |
| done | |
| # Final status check | |
| FINAL_STATUS=$(aws apprunner describe-service --service-arn "$SERVICE_ARN" --query 'Service.Status' --output text) | |
| if [ "$FINAL_STATUS" != "RUNNING" ]; then | |
| echo "❌ Service did not reach RUNNING state after 10 minutes" | |
| echo "Final status: $FINAL_STATUS" | |
| aws apprunner describe-service --service-arn "$SERVICE_ARN" --query 'Service.{Status:Status,StatusMessage:StatusMessage}' --output table | |
| exit 1 | |
| fi | |
| - name: Test deployment | |
| run: | | |
| # Wait for deployment to stabilize | |
| echo "⏳ Waiting for App Runner service to stabilize..." | |
| sleep 60 | |
| # Get service URL | |
| SERVICE_URL=$(aws apprunner describe-service \ | |
| --service-arn "arn:aws:apprunner:${{ vars.AWS_REGION }}:${{ vars.AWS_ACCOUNT_ID }}:service/${{ vars.APP_RUNNER_SERVICE }}" \ | |
| --query 'Service.ServiceUrl' --output text) | |
| echo "🌐 Service URL: https://$SERVICE_URL" | |
| # Install just for post-deployment testing | |
| curl --proto '=https' --tlsv1.2 -sSf https://just.systems/install.sh | bash -s -- --to ~/.local/bin | |
| echo "$HOME/.local/bin" >> $GITHUB_PATH | |
| # Test service health | |
| echo "🔍 Testing service health..." | |
| if curl -f "https://$SERVICE_URL/health" > /dev/null 2>&1; then | |
| echo "✅ Service health check passed" | |
| # Run post-deployment integration tests using justfile | |
| echo "🧪 Running post-deployment tests..." | |
| # Try justfile integration tests first, fallback to direct python if justfile not customized | |
| just test-integration || python tests/python/test_comprehensive.py --transport streamable-http --host $SERVICE_URL --port 443 || { | |
| echo "⚠️ Post-deployment tests failed - service may need more time to start" | |
| echo "Service is deployed but may not be fully ready for testing" | |
| } | |
| else | |
| echo "⚠️ Health check failed, but service may still be starting..." | |
| fi | |
| # Test MCP endpoint availability | |
| echo "🔍 Testing MCP endpoint..." | |
| if curl -f "https://$SERVICE_URL/mcp" > /dev/null 2>&1; then | |
| echo "✅ MCP endpoint accessible" | |
| else | |
| echo "⚠️ MCP endpoint check failed, but deployment completed" | |
| fi | |
| echo "" | |
| echo "🎉 Deployment completed!" | |
| echo "🔗 Service available at: https://$SERVICE_URL/mcp" | |
| - name: Deployment summary | |
| if: always() | |
| run: | | |
| # Configuration from GitHub variables | |
| echo "## 🚀 Deployment Summary" >> $GITHUB_STEP_SUMMARY | |
| echo "- **Service**: ${{ vars.APP_RUNNER_SERVICE }}" >> $GITHUB_STEP_SUMMARY | |
| echo "- **Region**: ${{ vars.AWS_REGION }}" >> $GITHUB_STEP_SUMMARY | |
| echo "- **Environment**: ${{ github.event.inputs.environment || 'production' }}" >> $GITHUB_STEP_SUMMARY | |
| # Get service URL if deployment succeeded | |
| if SERVICE_URL=$(aws apprunner describe-service --service-arn "arn:aws:apprunner:${{ vars.AWS_REGION }}:${{ vars.AWS_ACCOUNT_ID }}:service/${{ vars.APP_RUNNER_SERVICE }}" --query 'Service.ServiceUrl' --output text 2>/dev/null); then | |
| echo "- **Service URL**: https://$SERVICE_URL" >> $GITHUB_STEP_SUMMARY | |
| echo "- **MCP Endpoint**: https://$SERVICE_URL/mcp" >> $GITHUB_STEP_SUMMARY | |
| fi | |
| echo "- **Commit**: ${{ github.sha }}" >> $GITHUB_STEP_SUMMARY |