junte/Model
1
0
Fork 0
mirror of https://github.com/Hestia-Homes/Model.git synced 2026-06-08 11:17:27 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #109 from Hestia-Homes/main

Browse source 
Adding secrets to fastapi deployment pipeline
This commit is contained in:
KhalimCK 2023-07-31 11:42:22 +01:00 committed by GitHub
commit d7aef5b26d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 26 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
.github/workflows/deploy_fastapi_backend.yml vendored
View file

@ -51,6 +51,13 @@ jobs:
id: set_auth_token
run: echo "::set-output name=auth_token::${{ secrets[format('{0}_EPC_AUTH_TOKEN', github.ref_name)] }}"
# Store port, name and host in github secrets
- name: Set DB credentials
id: set_db_credentials
run: |
echo "::set-output name=db_host::${{ secrets[format('{0}DB_HOST', github.ref_name)] }}"
echo "::set-output name=db_port::${{ secrets[format('{0}DB_PORT', github.ref_name)] }}"
echo "::set-output name=db_name::${{ secrets[format('{0}DB_NAME', github.ref_name)] }}"
# - name: Build Lambda Layer
# run: |
@ -71,4 +78,17 @@ jobs:
PLAN_TRIGGER_BUCKET: 'retrofit-plan-inputs-${{ github.ref_name }}'
DOMAIN_NAME: ${{ steps.set_domain.outputs.domain }}
EPC_AUTH_TOKEN: ${{ steps.set_auth_token.outputs.auth_token }}
run: sls deploy --stage ${{ github.ref_name }} --verbose
DB_HOST: ${{ steps.set_db_credentials.outputs.db_host }}
DB_PORT: ${{ steps.set_db_credentials.outputs.db_port }}
DB_NAME: ${{ steps.set_db_credentials.outputs.db_name }}
run: |
# Fetch database credentials from AWS Secrets Manager
DB_USER=$(aws secretsmanager get-secret-value --secret-id dev/assessment_model/db_credentials --query SecretString | jq -r '.db_assessment_model_username')
DB_PASSWORD=$(aws secretsmanager get-secret-value --secret-id dev/assessment_model/db_credentials --query SecretString | jq -r '.db_assessment_model_password')
# Set the database credentials as environment variables
export DB_USER
export DB_PASSWORD
# Deploy to AWS Lambda via Serverless
sls deploy --stage ${{ github.ref_name }} --verbose

5
serverless.yml
View file

@ -12,6 +12,11 @@ provider:
PLAN_TRIGGER_BUCKET: ${env:PLAN_TRIGGER_BUCKET}
DOMAIN_NAME: ${env:DOMAIN_NAME}
EPC_AUTH_TOKEN: ${env:EPC_AUTH_TOKEN}
DB_HOST: ${env:DB_HOST}
DB_NAME: ${env:DB_NAME}
DB_USER: ${env:DB_USER}
DB_PASSWORD: ${env:DB_PASSWORD}
DB_PORT: ${env:DB_PORT}
# Give lambda access to read from the bucket
iam:
role: