Skip to content

update packages and pin docker versions #114

update packages and pin docker versions

update packages and pin docker versions #114

Workflow file for this run

name: Docker Image CI
## DO NOT COPY THIS. IT HAS LIMITED FUNCTIONALITY!
# To run this locally use act (https://github.com/nektos/act)
# To use act:
# Create a .secrets file and set all the needed variables
# act -j <job>
# act <event_name>
# act -e .github/act/<event>.json // For additinal event params
# act -P self-hosted=ghcr.io/catthehacker/ubuntu:act-latest // To make it wokr with self hosted
on:
push:
branches: [main]
# TODO: Make pr pipelines
#pull_request:
# types: [opened, closed, reopened, synchronize]
# TODO: Make release pipelines
#release:
# types: [released, prereleased]
env:
REGISTRY: registry.esek.se
DEFAULT_BRANCH: main
ONLY_PROD: true
jobs:
# This can only contain env vars and not secrets since actions is a fussy about it
env-vars:
runs-on: self-hosted
container: ghcr.io/catthehacker/ubuntu:act-latest
steps:
- name: set variables
id: vars
run: |
slugify () {
iconv -t ascii//TRANSLIT \
| tr -d "'" \
| sed -E 's/[^a-zA-Z0-9]+/-/g' \
| sed -E 's/^-+|-+$//g' \
| tr "[:upper:]" "[:lower:]"
}
echo ${{ github.event }}
export BRANCH=
if [ -z $GITHUB_HEAD_REF ]; then
BRANCH=$(basename $GITHUB_REF)
else
BRANCH=$GITHUB_HEAD_REF
fi
echo "Running on $BRANCH"
export TAG=ephermal
if [ "$BRANCH" = "${{ env.DEFAULT_BRANCH }}" ]; then
TAG=latest
fi
if ${{ github.ref_type == 'tag' }}; then
TAG=$BRANCH
BRANCH=${{ env.DEFAULT_BRANCH }}
fi
TAG=$(echo "$TAG" | slugify)
export IMAGE_NAME="${{ env.REGISTRY }}/${{ github.repository }}:$TAG"
echo "::echo::on"
echo "::set-output name=image_name::$IMAGE_NAME"
echo "::set-output name=tag::$TAG"
echo "::set-output name=basename::$(basename ${{ github.repository }} | slugify)"
echo "::set-output name=branch::$( echo $BRANCH | slugify)"
echo "::echo::off"
- name: select environment
id: env
run: |
export ENV=testing
export DEPLOY_ENV=testing
export PROJ_BASE=${{ steps.vars.outputs.basename }}
export TAG=${{ steps.vars.outputs.tag }}
export BRANCH=${{ steps.vars.outputs.branch }}
export PROJECT_NAME=$PROJ_BASE-testing
if ${{ (github.event_name == 'release' && github.event.action == 'released') || env.ONLY_PROD == 'true' }}; then
ENV=production
DEPLOY_ENV=$ENV
PROJECT_NAME=$PROJ_BASE-production
fi
if ${{ github.event_name == 'release' && github.event.action == 'prereleased' }}; then
ENV=staging
DEPLOY_ENV=$ENV
PROJECT_NAME=$PROJ_BASE-staging
fi
if ${{ github.event_name == 'pull_request' }}; then
ENV=review
DEPLOY_ENV=$BRANCH-review
PROJECT_NAME=$PROJ_BASE-$BRANCH
fi
echo "::echo::on"
echo "::set-output name=env::$ENV"
echo "::set-output name=project_name::$PROJECT_NAME"
echo "::set-output name=deploy_env::$DEPLOY_ENV"
echo "::echo::off"
outputs:
image_name: ${{ steps.vars.outputs.image_name }}
tag: ${{ steps.vars.outputs.tag }}
basename: ${{ steps.vars.outputs.basename }}
branch: ${{ steps.vars.outputs.branch }}
env: ${{ steps.env.outputs.env }}
project_name: ${{ steps.env.outputs.project_name }}
deploy_env: ${{ steps.env.outputs.deploy_env }}
build:
runs-on: self-hosted
needs: env-vars
if: ${{ !(github.event_name == 'pull_request' && github.event.action == 'closed') }}
container:
image: ghcr.io/catthehacker/ubuntu:act-latest
steps:
- name: import secrets
id: s
uses: hashicorp/[email protected]
with:
url: ${{ secrets.VAULT_URL }}
token: ${{ secrets.VAULT_TOKEN }}
method: token
secrets: |
kv/data/common registry_username;
kv/data/common registry_password;
kv/data/${{ needs.env-vars.outputs.basename }}/${{ needs.env-vars.outputs.env }} STRAPI_URL;
- name: setup buildx
uses: docker/setup-buildx-action@v2
with:
install: true
- name: checkout repo
uses: actions/checkout@v3
- name: login to registry
uses: docker/login-action@v2
with:
registry: ${{ env.REGISTRY }}
username: ${{ steps.s.outputs.registry_username }}
password: ${{ steps.s.outputs.registry_password }}
- name: build and push image
uses: docker/build-push-action@v3
with:
context: ./web
push: true
tags: ${{ needs.env-vars.outputs.image_name }}-web
build-args: |
NEXT_PUBLIC_STRAPI_URL=${{ steps.s.outputs.STRAPI_URL }}
- name: build and push image
uses: docker/build-push-action@v3
with:
context: ./strapi
push: true
tags: ${{ needs.env-vars.outputs.image_name }}-strapi
# This should need build and use the image to test
test:
runs-on: self-hosted
# To run this locally using act set act to false in event.json
# Note act does not support services...
if: ${{ false && github.event_name == 'pull_request' && github.event.action != 'closed' }}
services:
postgres:
image: postgres:alpine
env:
POSTGRES_USER: postgres
POSTGRES_PASSWORD: password
POSTGRES_DB: ekorre_foot
container: node:16-alpine
steps:
- name: add bash (needed for actions)
run: apk add --no-cache bash
- name: checkout repo
uses: actions/checkout@v3
- name: setup env
run: |
mv .env.example .env
sed -i 's/localhost/postgres/' .env
- name: install deps
run: npm ci
- name: lint
continue-on-error: true
run: npm run lint -- --output-file eslint_report.json --format json
- name: publish lint
if: ${{ !env.ACT }}
uses: ataylorme/eslint-annotate-action@v2
with:
repo-token: "${{ secrets.GITHUB_TOKEN }}"
only-pr-files: false
- name: reset db
run: npm run prisma:ci
- name: run test
continue-on-error: true
run: npm run test:prebuild -- --ci --testLocationInResults --json --coverage --outputFile="report.json"
- name: find pr
continue-on-error: true
if: ${{ !env.ACT }}
uses: jwalton/gh-find-current-pr@v1
id: findPr
- name: publish coverage
continue-on-error: true
if: ${{ !env.ACT }}
uses: ArtiomTr/[email protected]
with:
skip-step: all
coverage-file: report.json
base-coverage-file: report.json
prnumber: ${{ steps.findPr.outputs.number }}
annotations: failed-tests
- name: check changelog
uses: Zomzog/[email protected]
if: ${{ !env.ACT }}
continue-on-error: true
with:
fileName: CHANGELOG.MD
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: check package.json
if: ${{ !env.ACT }}
uses: Zomzog/[email protected]
continue-on-error: true
with:
fileName: package.json
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
deploy:
# To run this locally using act set act to false in event.json
if: ${{ !github.event.act || !(github.event_name == 'pull_request' && github.event.action == 'closed') }}
runs-on: self-hosted
needs:
- env-vars
- build
steps:
- name: import secrets
id: s
uses: hashicorp/[email protected]
with:
url: ${{ secrets.VAULT_URL }}
token: ${{ secrets.VAULT_TOKEN }}
method: token
exportEnv: true
secrets: |
kv/data/common registry_username;
kv/data/common registry_password;
kv/data/common docker_ca;
kv/data/common docker_cert;
kv/data/common docker_key;
kv/data/common docker_host;
kv/data/${{ needs.env-vars.outputs.basename }}/${{ needs.env-vars.outputs.env }} DEPLOY_URL;
kv/data/${{ needs.env-vars.outputs.basename }}/${{ needs.env-vars.outputs.env }} DB_USERNAME;
kv/data/${{ needs.env-vars.outputs.basename }}/${{ needs.env-vars.outputs.env }} DB_PASSWORD;
kv/data/${{ needs.env-vars.outputs.basename }}/${{ needs.env-vars.outputs.env }} DB_NAME;
kv/data/${{ needs.env-vars.outputs.basename }}/${{ needs.env-vars.outputs.env }} DB_HOST;
kv/data/${{ needs.env-vars.outputs.basename }}/${{ needs.env-vars.outputs.env }} STRAPI_APP_KEYS;
kv/data/${{ needs.env-vars.outputs.basename }}/${{ needs.env-vars.outputs.env }} STRAPI_HOST;
kv/data/${{ needs.env-vars.outputs.basename }}/${{ needs.env-vars.outputs.env }} STRAPI_PORT;
kv/data/${{ needs.env-vars.outputs.basename }}/${{ needs.env-vars.outputs.env }} API_TOKEN_SALT;
kv/data/${{ needs.env-vars.outputs.basename }}/${{ needs.env-vars.outputs.env }} JWT_SECRET;
kv/data/${{ needs.env-vars.outputs.basename }}/${{ needs.env-vars.outputs.env }} SMTP_HOST;
kv/data/${{ needs.env-vars.outputs.basename }}/${{ needs.env-vars.outputs.env }} SMTP_PORT;
kv/data/${{ needs.env-vars.outputs.basename }}/${{ needs.env-vars.outputs.env }} SMTP_USERNAME;
kv/data/${{ needs.env-vars.outputs.basename }}/${{ needs.env-vars.outputs.env }} SMTP_PASSWORD;
kv/data/${{ needs.env-vars.outputs.basename }}/${{ needs.env-vars.outputs.env }} WIKI_URL;
kv/data/${{ needs.env-vars.outputs.basename }}/${{ needs.env-vars.outputs.env }} WIKI_USERNAME;
kv/data/${{ needs.env-vars.outputs.basename }}/${{ needs.env-vars.outputs.env }} WIKI_PASSWORD;
kv/data/${{ needs.env-vars.outputs.basename }}/${{ needs.env-vars.outputs.env }} STRAPI_URL;
kv/data/${{ needs.env-vars.outputs.basename }}/${{ needs.env-vars.outputs.env }} STRAPI_API_TOKEN;
kv/data/${{ needs.env-vars.outputs.basename }}/${{ needs.env-vars.outputs.env }} GOOGLE_API_KEY;
kv/data/${{ needs.env-vars.outputs.basename }}/${{ needs.env-vars.outputs.env }} EBREV_URL;
kv/data/${{ needs.env-vars.outputs.basename }}/${{ needs.env-vars.outputs.env }} EBREV_API_KEY;
- name: set variables
run: |
echo "IMAGE_NAME=${{ needs.env-vars.outputs.image_name }}" >> $GITHUB_ENV
echo "TAG=${{ needs.env-vars.outputs.tag }}" >> $GITHUB_ENV
echo "DEPLOY_ENV=${{ needs.env-vars.outputs.deploy_env }}" >> $GITHUB_ENV
echo "ENV=${{ needs.env-vars.outputs.env }}" >> $GITHUB_ENV
echo "PROJECT_NAME=${{ needs.env-vars.outputs.project_name }}" >> $GITHUB_ENV
echo "COMPOSE_PROJECT_NAME=${{ needs.env-vars.outputs.project_name }}" >> $GITHUB_ENV
if [ ${{ needs.env-vars.outputs.env }} = 'review' ]; then
echo "DEPLOY_URL=${{ needs.env-vars.outputs.branch }}-${{ needs.env-vars.outputs.basename }}.review.esek.se" >> $GITHUB_ENV
fi
- name: checkout repo
uses: actions/checkout@v3
- name: start deployment
uses: bobheadxi/deployments@v1
id: deployment
if: ${{ !env.ACT && github.event_name != 'pull_request' && needs.env-vars.outputs.env != 'review' }}
with:
step: start
token: ${{ secrets.GITHUB_TOKEN }}
override: true
env: ${{ env.DEPLOY_ENV }}
- name: login to host
uses: blennster/setup-docker-remote-tls@v4
with:
tls_key: ${{ steps.s.outputs.docker_key }}
tls_ca: ${{ steps.s.outputs.docker_ca }}
tls_cert: ${{ steps.s.outputs.docker_cert }}
tcp_host: ${{ steps.s.outputs.docker_host }}:2376
- name: check connection
run: |
docker info
docker compose version
- name: login to registry
uses: docker/login-action@v2
with:
registry: ${{ env.REGISTRY }}
username: ${{ steps.s.outputs.registry_username }}
password: ${{ steps.s.outputs.registry_password }}
- name: pull images
run: |
echo $IMAGE_NAME
docker pull "$IMAGE_NAME-web"
docker pull "$IMAGE_NAME-strapi"
- name: Stop old container
run: |
docker compose -f docker-compose.production.yml -p $PROJECT_NAME down
- name: deploy to host
shell: bash
run: |
if [[ "$ENV" = "production" || "$ENV" = "staging" ]]; then
docker compose -f docker-compose.production.yml -p $PROJECT_NAME up -d --force-recreate
fi
if [[ "$ENV" = "review" || "$ENV" = "testing" ]]; then
exit 0;
docker compose -f docker-compose.ci.yml -f docker-compose.prod.yml -p $PROJECT_NAME up -d --force-recreate ${{ needs.env-vars.outputs.basename }}
fi
- name: prune system
run: docker system prune -f 2> /dev/null || true
- name: update deployment status
uses: bobheadxi/deployments@v1
if: ${{ always() && !env.ACT && github.event_name != 'pull_request' && needs.env-vars.outputs.env != 'review' }}
with:
step: finish
token: ${{ secrets.GITHUB_TOKEN }}
status: ${{ job.status }}
env: ${{ steps.deployment.outputs.env }}
env_url: https://${{ env.DEPLOY_URL }}
deployment_id: ${{ steps.deployment.outputs.deployment_id }}
- if: ${{ github.event.pull_request && github.event.action == 'opened' && !env.ACT }}
name: comment deployment url to pr
uses: mshick/add-pr-comment@v1
with:
message: I have deployed this PR to [${{ env.DEPLOY_URL }}](https://${{ env.DEPLOY_URL }}) 🚀
repo-token: ${{ secrets.GITHUB_TOKEN }}
teardown:
runs-on: self-hosted
if: ${{ github.event_name == 'pull_request' && github.event.action == 'closed' }}
needs: env-vars
steps:
- name: import secrets
id: s
uses: hashicorp/[email protected]
with:
url: ${{ secrets.VAULT_URL }}
token: ${{ secrets.VAULT_TOKEN }}
method: token
exportEnv: true
secrets: |
kv/data/common docker_ca;
kv/data/common docker_cert;
kv/data/common docker_key;
kv/data/common docker_host;
- name: login to host
uses: blennster/setup-docker-remote-tls@v4
with:
tls_key: ${{ steps.s.outputs.docker_key }}
tls_ca: ${{ steps.s.outputs.docker_ca }}
tls_cert: ${{ steps.s.outputs.docker_cert }}
tcp_host: ${{ steps.s.outputs.docker_host }}:2376
- name: check connection
run: |
docker info
docker compose version
- name: checkout repo
uses: actions/checkout@v3
- name: stop container
run: |
docker compose -f docker-compose.ci.yml -p ${{ needs.env-vars.outputs.project_name }} down 2> /dev/null || true
- if: ${{ !env.ACT }}
name: comment deployment url to pr
uses: mshick/add-pr-comment@v1
with:
message: I have removed this deploy now 😇
repo-token: ${{ secrets.GITHUB_TOKEN }}