-
Notifications
You must be signed in to change notification settings - Fork 0
124 lines (112 loc) · 3.8 KB
/
auto-deploy.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
name: Continuous Optimization Loop
on:
push:
branches:
- main
pull_request:
branches:
- main
schedule:
- cron: '0 0 * * 1' # Runs weekly on Monday at midnight UTC
jobs:
initialize:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
# Add caching for dependencies
- name: Cache Node.js modules
uses: actions/cache@v3
with:
path: ~/.npm
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-node-
- name: Cache Cargo registry
uses: actions/cache@v3
with:
path: ~/.cargo/registry
key: ${{ runner.os }}-cargo-registry-${{ hashFiles('**/Cargo.lock') }}
restore-keys: |
${{ runner.os }}-cargo-registry-
- uses: actions/setup-node@v2
with:
node-version: '16'
- uses: actions-rs/toolchain@v1
with:
toolchain: stable
override: true
deploy-dev:
runs-on: ubuntu-latest
needs: initialize
steps:
- name: Deploy to Development Environment
run: |
echo "Deploying to development..."
# Add your deployment scripts here
security-audit:
runs-on: ubuntu-latest
needs: deploy-dev
steps:
- name: Advanced Security Scan
run: |
npm audit --audit-level=moderate
cargo audit
snyk test --severity-threshold=medium
snyk monitor --org=${{ vars.SNYK_ORG }}
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
deploy-prod:
runs-on: ubuntu-latest
needs: security-audit
if: github.event_name == 'workflow_dispatch' || github.ref == 'refs/heads/main'
steps:
# Enhanced deployment with monitoring and rollback
- name: Deploy to AWS ECS with Rollback
run: |
# Deploy with rollback on failure
if ! aws ecs update-service --cluster your-cluster --service your-service --force-new-deployment; then
echo "Deployment failed, initiating rollback"
aws ecs update-service --cluster your-cluster --service your-service --task-definition $PREVIOUS_TASK_DEF
exit 1
fi
- name: Monitor Deployment
run: |
# Monitor deployment health
attempts=0
until aws ecs describe-services --cluster your-cluster --services your-service --query 'services[0].status' | grep "ACTIVE"
do
if [ $attempts -eq 5 ]; then
echo "Deployment health check failed"
exit 1
fi
attempts=$((attempts+1))
sleep 30
done
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
reporting:
runs-on: ubuntu-latest
needs: deploy-prod
steps:
- name: Generate Detailed Report
run: |
{
echo "## Deployment Summary $(date)"
echo "### Status Overview"
echo "- Environment: Production"
echo "- Build ID: ${{ github.run_id }}"
echo "- Commit: ${{ github.sha }}"
echo "### Health Checks"
echo "- Security Scans: ✅"
echo "- Performance Tests: ✅"
echo "- Deployment Status: ✅"
} > deployment-report.md
- name: Send Enhanced Notifications
if: always()
run: |
# Send detailed Slack notification
curl -X POST -H 'Content-type: application/json' \
--data "{
\"text\": \"Deployment Status: ${{ job.status }}\nEnvironment: Production\nBuild: ${{ github.run_number }}\nDetails: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}\"
}" ${{ secrets.SLACK_WEBHOOK }}