6

I have a NodeJS backend which relies on Prisma models, which I want to deploy to my production database. My CI/CD pipeline looks as follows: Github Actions builds the code using webpack, uploads the bundles to S3, and invokes AWS CodeDeploy.

AWS CodeDeploy then executes scripts on the EC2 servers the backend is deployed to, to install the bundles and configure everything. These EC2 servers are the only servers with access to the database, as the database disallows any connection not coming from the EC2 servers.

This means that I cannot execute yarn prisma migrate deploy from Github Actions, as the database will disallow such a connection.

As I see it, I have three options:

  1. Whitelist IP-addresses of runners of Github Actions to the database. I would preferably not do this for security reasons.
  2. Download the full source code of my repository to the EC2 server, and subsequently run yarn install and then yarn prisma migrate deploy. Wouldn't want to do this because of security reasons, it introduces additional risks in the deployment, and it slows the deployment down.
  3. Somehow compile the yarn prisma migrate deploy command into a bundle with the prisma migration files, and execute it on the EC2 server.

What do you suggest? From the options above, my preference goes to option 3, but I haven't found a way to do it as I only found ways to compile the prisma client, but I don't think that is what I want.

Thank you in advance!

user274595
  • 418
  • 1
  • 5
  • 15
  • Why not use aws codebuild to make the migration directly to the database ? – clay Aug 24 '23 at 01:13
  • Sorry, just curious about why the option 2 will cause security reasons. – willisc Aug 25 '23 at 13:23
  • 1
    [github action selft hosted runner](https://docs.github.com/en/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners) ??? – Rafaf Tahsin Aug 28 '23 at 13:38
  • Idk anything about EC2 Servers, but I wonder you can change the command line wich start your app. In this case, you may use something like `yarn prisma migrate deploy; yarn run prod` – mbesson Aug 29 '23 at 08:47
  • 2
    Thank you all! I think a dedicated (self-hosted) runner on Github Actions or AWS CodeBuild can be indeed the right way to go. @clay and rafaf-tahsin thanks for the suggestions. willisc , because I would be downloading a lot of packages to the production server which would not be absolutely necessary for production. @ mbesson, the problem is that I only run transpiled code (using webpack) on my server, and preferably do not want to run 'yarn install' on my production server. – user274595 Aug 29 '23 at 09:35

0 Answers0