Update docker-compose.ci.yml #677
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Docker Image CI | |
# To run this locally use act (https://github.com/nektos/act) | |
# To use act: | |
# Create a .secrets file and set all the needed variables | |
# act -j <job> | |
# act <event_name> | |
# act -e .github/act/<event>.json // For additinal event params | |
# act -P self-hosted=ghcr.io/catthehacker/ubuntu:act-latest // To make it wokr with self hosted | |
on: | |
push: | |
branches: [main] | |
pull_request: | |
types: [opened, closed, reopened, synchronize] | |
release: | |
types: [released, prereleased] | |
env: | |
REGISTRY: registry.esek.se | |
DEFAULT_BRANCH: main | |
ONLY_PROD: false | |
jobs: | |
# This can only contain env vars and not secrets since actions is a fussy about it | |
env-vars: | |
runs-on: self-hosted | |
container: ghcr.io/catthehacker/ubuntu:act-latest | |
steps: | |
- name: set variables | |
id: vars | |
run: | | |
slugify () { | |
iconv -t ascii//TRANSLIT \ | |
| tr -d "'" \ | |
| sed -E 's/[^a-zA-Z0-9]+/-/g' \ | |
| sed -E 's/^-+|-+$//g' \ | |
| tr "[:upper:]" "[:lower:]" | |
} | |
echo ${{ github.event }} | |
export BRANCH= | |
if [ -z $GITHUB_HEAD_REF ]; then | |
BRANCH=$(basename $GITHUB_REF) | |
else | |
BRANCH=$GITHUB_HEAD_REF | |
fi | |
echo "Running on $BRANCH" | |
export TAG=ephermal | |
if [ "$BRANCH" = "${{ env.DEFAULT_BRANCH }}" ]; then | |
TAG=latest | |
fi | |
if ${{ github.ref_type == 'tag' }}; then | |
TAG=$BRANCH | |
BRANCH=${{ env.DEFAULT_BRANCH }} | |
fi | |
TAG=$(echo "$TAG" | slugify) | |
export IMAGE_NAME="${{ env.REGISTRY }}/${{ github.repository }}:$TAG" | |
echo "::echo::on" | |
echo "::set-output name=image_name::$IMAGE_NAME" | |
echo "::set-output name=tag::$TAG" | |
echo "::set-output name=basename::$(basename ${{ github.repository }} | slugify)" | |
echo "::set-output name=branch::$( echo $BRANCH | slugify)" | |
echo "::echo::off" | |
- name: select environment | |
id: env | |
run: | | |
export ENV=testing | |
export DEPLOY_ENV=testing | |
export PROJ_BASE=${{ steps.vars.outputs.basename }} | |
export TAG=${{ steps.vars.outputs.tag }} | |
export BRANCH=${{ steps.vars.outputs.branch }} | |
export PROJECT_NAME=$PROJ_BASE-testing | |
if ${{ (github.event_name == 'release' && github.event.action == 'released') || env.ONLY_PROD == 'true' }}; then | |
ENV=production | |
DEPLOY_ENV=$ENV | |
PROJECT_NAME=$PROJ_BASE-production | |
fi | |
if ${{ github.event_name == 'release' && github.event.action == 'prereleased' }}; then | |
ENV=staging | |
DEPLOY_ENV=$ENV | |
PROJECT_NAME=$PROJ_BASE-staging | |
fi | |
if ${{ github.event_name == 'pull_request' }}; then | |
ENV=review | |
DEPLOY_ENV=$BRANCH-review | |
PROJECT_NAME=$PROJ_BASE-$BRANCH | |
fi | |
echo "::echo::on" | |
echo "::set-output name=env::$ENV" | |
echo "::set-output name=project_name::$PROJECT_NAME" | |
echo "::set-output name=deploy_env::$DEPLOY_ENV" | |
echo "::echo::off" | |
outputs: | |
image_name: ${{ steps.vars.outputs.image_name }} | |
tag: ${{ steps.vars.outputs.tag }} | |
basename: ${{ steps.vars.outputs.basename }} | |
branch: ${{ steps.vars.outputs.branch }} | |
env: ${{ steps.env.outputs.env }} | |
project_name: ${{ steps.env.outputs.project_name }} | |
deploy_env: ${{ steps.env.outputs.deploy_env }} | |
build: | |
runs-on: self-hosted | |
needs: env-vars | |
if: ${{ !(github.event_name == 'pull_request' && github.event.action == 'closed') }} | |
container: | |
image: ghcr.io/catthehacker/ubuntu:act-latest | |
steps: | |
- name: import secrets | |
id: s | |
uses: hashicorp/[email protected] | |
with: | |
url: ${{ secrets.VAULT_URL }} | |
token: ${{ secrets.VAULT_TOKEN }} | |
method: token | |
secrets: | | |
kv/data/common registry_username; | |
kv/data/common registry_password; | |
- name: setup buildx | |
uses: docker/setup-buildx-action@v2 | |
with: | |
install: true | |
- name: checkout repo | |
uses: actions/checkout@v3 | |
- name: login to registry | |
uses: docker/login-action@v2 | |
with: | |
registry: ${{ env.REGISTRY }} | |
username: ${{ steps.s.outputs.registry_username }} | |
password: ${{ steps.s.outputs.registry_password }} | |
- name: build and push image | |
uses: docker/build-push-action@v3 | |
with: | |
context: . | |
push: true | |
tags: ${{ needs.env-vars.outputs.image_name }} | |
# This should need build and use the image to test | |
test: | |
runs-on: self-hosted | |
# To run this locally using act set act to false in event.json | |
# Note act does not support services... | |
if: ${{ github.event_name == 'pull_request' && github.event.action != 'closed' }} | |
services: | |
postgres: | |
image: postgres:alpine | |
env: | |
POSTGRES_USER: postgres | |
POSTGRES_PASSWORD: password | |
POSTGRES_DB: ekorre_foot | |
container: node:16-alpine | |
steps: | |
- name: add bash (needed for actions) | |
run: apk add --no-cache bash | |
- name: checkout repo | |
uses: actions/checkout@v3 | |
- name: setup env | |
run: | | |
mv .env.example .env | |
sed -i 's/localhost/postgres/' .env | |
- name: install deps | |
id: npmci | |
run: npm ci | |
- name: lint | |
if: ${{ steps.npmci.outcome == 'success' && always() }} | |
run: npm run lint -- --output-file eslint_report.json --format json | |
- name: publish lint | |
if: ${{ !env.ACT && steps.npmci.outcome == 'success' && always() }} | |
uses: ataylorme/eslint-annotate-action@v2 | |
with: | |
repo-token: "${{ secrets.GITHUB_TOKEN }}" | |
only-pr-files: false | |
- name: reset db | |
id: dbreset | |
if: ${{ steps.npmci.outcome == 'success' && always() }} | |
run: npm run prisma:ci | |
- name: run test | |
if: ${{ steps.dbreset.outcome == 'success' && always() }} | |
run: npm run test:prebuild -- --ci --testLocationInResults --json --coverage --outputFile="report.json" | |
- name: find pr | |
if: ${{ !env.ACT && steps.dbreset.outcome == 'success' && always() }} | |
uses: jwalton/gh-find-current-pr@v1 | |
id: findPr | |
- name: publish coverage | |
if: ${{ !env.ACT && steps.dbreset.outcome == 'success' && always() }} | |
uses: ArtiomTr/[email protected] | |
with: | |
skip-step: all | |
coverage-file: report.json | |
base-coverage-file: report.json | |
prnumber: ${{ steps.findPr.outputs.number }} | |
annotations: failed-tests | |
- name: check changelog | |
uses: Zomzog/[email protected] | |
if: ${{ !env.ACT && always() }} | |
with: | |
fileName: CHANGELOG.MD | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: check package.json | |
if: ${{ !env.ACT && always() }} | |
uses: Zomzog/[email protected] | |
with: | |
fileName: package.json | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
deploy: | |
# To run this locally using act set act to false in event.json | |
if: ${{ !github.event.act || !(github.event_name == 'pull_request' && github.event.action == 'closed') }} | |
runs-on: self-hosted | |
needs: | |
- env-vars | |
- build | |
steps: | |
- name: import secrets | |
id: s | |
uses: hashicorp/[email protected] | |
with: | |
url: ${{ secrets.VAULT_URL }} | |
token: ${{ secrets.VAULT_TOKEN }} | |
method: token | |
exportEnv: true | |
secrets: | | |
kv/data/common registry_username; | |
kv/data/common registry_password; | |
kv/data/common docker_ca; | |
kv/data/common docker_cert; | |
kv/data/common docker_key; | |
kv/data/common docker_host; | |
kv/data/${{ needs.env-vars.outputs.basename }}/${{ needs.env-vars.outputs.env }} DB_HOST; | |
kv/data/${{ needs.env-vars.outputs.basename }}/${{ needs.env-vars.outputs.env }} DEPLOY_URL; | |
kv/data/${{ needs.env-vars.outputs.basename }}/${{ needs.env-vars.outputs.env }} JWT_SECRET; | |
kv/data/${{ needs.env-vars.outputs.basename }}/${{ needs.env-vars.outputs.env }} EBREV; | |
kv/data/${{ needs.env-vars.outputs.basename }}/${{ needs.env-vars.outputs.env }} EBREV_API_TOKEN; | |
kv/data/${{ needs.env-vars.outputs.basename }}/${{ needs.env-vars.outputs.env }} PDF_TO_PNG_BASE_URL; | |
kv/data/${{ needs.env-vars.outputs.basename }}/${{ needs.env-vars.outputs.env }} LATEXIFY_URL; | |
kv/data/${{ needs.env-vars.outputs.basename }}/${{ needs.env-vars.outputs.env }} VERIFY_URL; | |
- name: set variables | |
run: | | |
echo "IMAGE_NAME=${{ needs.env-vars.outputs.image_name }}" >> $GITHUB_ENV | |
echo "TAG=${{ needs.env-vars.outputs.tag }}" >> $GITHUB_ENV | |
echo "DEPLOY_ENV=${{ needs.env-vars.outputs.deploy_env }}" >> $GITHUB_ENV | |
echo "ENV=${{ needs.env-vars.outputs.env }}" >> $GITHUB_ENV | |
echo "PROJECT_NAME=${{ needs.env-vars.outputs.project_name }}" >> $GITHUB_ENV | |
echo "COMPOSE_PROJECT_NAME=${{ needs.env-vars.outputs.project_name }}" >> $GITHUB_ENV | |
if [ ${{ needs.env-vars.outputs.env }} = 'review' ]; then | |
echo "DEPLOY_URL=${{ needs.env-vars.outputs.branch }}-${{ needs.env-vars.outputs.basename }}.review.esek.se" >> $GITHUB_ENV | |
fi | |
- name: checkout repo | |
uses: actions/checkout@v3 | |
- name: start deployment | |
uses: bobheadxi/deployments@v1 | |
id: deployment | |
if: ${{ !env.ACT && github.event_name != 'pull_request' && needs.env-vars.outputs.env != 'review' }} | |
with: | |
step: start | |
token: ${{ secrets.GITHUB_TOKEN }} | |
override: true | |
env: ${{ env.DEPLOY_ENV }} | |
- name: login to host | |
uses: blennster/setup-docker-remote-tls@v4 | |
with: | |
tls_key: ${{ steps.s.outputs.docker_key }} | |
tls_ca: ${{ steps.s.outputs.docker_ca }} | |
tls_cert: ${{ steps.s.outputs.docker_cert }} | |
tcp_host: ${{ steps.s.outputs.docker_host }}:2376 | |
- name: check connection | |
run: | | |
docker info | |
docker compose version | |
- name: login to registry | |
uses: docker/login-action@v2 | |
with: | |
registry: ${{ env.REGISTRY }} | |
username: ${{ steps.s.outputs.registry_username }} | |
password: ${{ steps.s.outputs.registry_password }} | |
- name: pull image | |
run: echo $IMAGE_NAME; docker pull $IMAGE_NAME | |
- name: Stop old container | |
run: | | |
docker compose -f docker-compose.ci.yml -p $PROJECT_NAME down | |
- name: deploy to host | |
shell: bash | |
run: | | |
if [[ "$ENV" = "production" || "$ENV" = "staging" ]]; then | |
docker compose -f docker-compose.ci.yml -f docker-compose.prod.yml -p $PROJECT_NAME up -d --force-recreate ${{ needs.env-vars.outputs.basename }} | |
fi | |
if [[ "$ENV" = "review" || "$ENV" = "testing" ]]; then | |
docker compose -f docker-compose.ci.yml -p $PROJECT_NAME up -d --force-recreate | |
docker compose -f docker-compose.ci.yml -p $PROJECT_NAME exec ekorre sh -c './wait-for-it.sh postgres:5432; npm run prisma:ci' | |
fi | |
- name: prune system | |
run: docker system prune -f 2> /dev/null || true | |
- name: update deployment status | |
uses: bobheadxi/deployments@v1 | |
if: ${{ always() && !env.ACT && github.event_name != 'pull_request' && needs.env-vars.outputs.env != 'review' }} | |
with: | |
step: finish | |
token: ${{ secrets.GITHUB_TOKEN }} | |
status: ${{ job.status }} | |
env: ${{ steps.deployment.outputs.env }} | |
env_url: https://${{ env.DEPLOY_URL }} | |
deployment_id: ${{ steps.deployment.outputs.deployment_id }} | |
- if: ${{ github.event.pull_request && github.event.action == 'opened' || github.event.action == 'reopened' && !env.ACT }} | |
name: comment deployment url to pr | |
uses: mshick/add-pr-comment@v1 | |
with: | |
message: I have deployed this PR to [${{ env.DEPLOY_URL }}](https://${{ env.DEPLOY_URL }}) 🚀 | |
repo-token: ${{ secrets.GITHUB_TOKEN }} | |
teardown: | |
runs-on: self-hosted | |
if: ${{ github.event_name == 'pull_request' && github.event.action == 'closed' }} | |
needs: env-vars | |
steps: | |
- name: import secrets | |
id: s | |
uses: hashicorp/[email protected] | |
with: | |
url: ${{ secrets.VAULT_URL }} | |
token: ${{ secrets.VAULT_TOKEN }} | |
method: token | |
exportEnv: true | |
secrets: | | |
kv/data/common docker_ca; | |
kv/data/common docker_cert; | |
kv/data/common docker_key; | |
kv/data/common docker_host; | |
- name: login to host | |
uses: blennster/setup-docker-remote-tls@v4 | |
with: | |
tls_key: ${{ steps.s.outputs.docker_key }} | |
tls_ca: ${{ steps.s.outputs.docker_ca }} | |
tls_cert: ${{ steps.s.outputs.docker_cert }} | |
tcp_host: ${{ steps.s.outputs.docker_host }}:2376 | |
- name: check connection | |
run: | | |
docker info | |
docker compose version | |
- name: checkout repo | |
uses: actions/checkout@v3 | |
- name: stop container | |
run: | | |
docker compose -f docker-compose.ci.yml -p ${{ needs.env-vars.outputs.project_name }} down 2> /dev/null || true | |
- if: ${{ !env.ACT }} | |
name: comment deployment url to pr | |
uses: mshick/add-pr-comment@v1 | |
with: | |
message: I have removed this deploy now 😇 | |
repo-token: ${{ secrets.GITHUB_TOKEN }} |