.github/workflows/docker.yaml

name: Docker Image CI

## DO NOT COPY THIS. IT HAS LIMITED FUNCTIONALITY!

# To run this locally use act (https://github.com/nektos/act)

# To use act:
# Create a .secrets file and set all the needed variables
# act -j <job>
# act <event_name>
# act -e .github/act/<event>.json // For additinal event params
# act -P self-hosted=ghcr.io/catthehacker/ubuntu:act-latest  // To make it wokr with self hosted

on:
  push:
    branches: [main]
  # TODO: Make pr pipelines
  #pull_request:
  #  types: [opened, closed, reopened, synchronize]
  # TODO: Make release pipelines
  #release:
  #  types: [released, prereleased]

env:
  REGISTRY: registry.esek.se
  DEFAULT_BRANCH: main
  ONLY_PROD: true

jobs:
  # This can only contain env vars and not secrets since actions is a fussy about it
  env-vars:
    runs-on: self-hosted
    container: ghcr.io/catthehacker/ubuntu:act-latest
    steps:
      - name: set variables
        id: vars
        run: |
          slugify () {
            iconv -t ascii//TRANSLIT \
            | tr -d "'" \
            | sed -E 's/[^a-zA-Z0-9]+/-/g' \
            | sed -E 's/^-+|-+$//g' \
            | tr "[:upper:]" "[:lower:]"
          }

          echo ${{ github.event }}

          export BRANCH=
          if [ -z $GITHUB_HEAD_REF ]; then
            BRANCH=$(basename $GITHUB_REF)
          else
            BRANCH=$GITHUB_HEAD_REF
          fi
          echo "Running on $BRANCH"

          export TAG=ephermal

          if [ "$BRANCH" = "${{ env.DEFAULT_BRANCH }}" ]; then
            TAG=latest
          fi

          if ${{ github.ref_type == 'tag' }}; then
            TAG=$BRANCH
            BRANCH=${{ env.DEFAULT_BRANCH }}
          fi

          TAG=$(echo "$TAG" | slugify)
          export IMAGE_NAME="${{ env.REGISTRY }}/${{ github.repository }}:$TAG"

          echo "::echo::on"
          echo "::set-output name=image_name::$IMAGE_NAME"
          echo "::set-output name=tag::$TAG"
          echo "::set-output name=basename::$(basename ${{ github.repository }} | slugify)"
          echo "::set-output name=branch::$( echo $BRANCH | slugify)"
          echo "::echo::off"
      - name: select environment
        id: env
        run: |
          export ENV=testing
          export DEPLOY_ENV=testing
          export PROJ_BASE=${{ steps.vars.outputs.basename }}
          export TAG=${{ steps.vars.outputs.tag }}
          export BRANCH=${{ steps.vars.outputs.branch }}
          export PROJECT_NAME=$PROJ_BASE-testing

          if ${{ (github.event_name == 'release' && github.event.action == 'released') || env.ONLY_PROD == 'true' }}; then
            ENV=production
            DEPLOY_ENV=$ENV
            PROJECT_NAME=$PROJ_BASE-production
          fi
          if ${{ github.event_name == 'release' && github.event.action == 'prereleased' }}; then
            ENV=staging
            DEPLOY_ENV=$ENV
            PROJECT_NAME=$PROJ_BASE-staging
          fi
          if ${{ github.event_name == 'pull_request' }}; then
            ENV=review
            DEPLOY_ENV=$BRANCH-review
            PROJECT_NAME=$PROJ_BASE-$BRANCH
          fi

          echo "::echo::on"
          echo "::set-output name=env::$ENV"
          echo "::set-output name=project_name::$PROJECT_NAME"
          echo "::set-output name=deploy_env::$DEPLOY_ENV"
          echo "::echo::off"
    outputs:
      image_name: ${{ steps.vars.outputs.image_name }}
      tag: ${{ steps.vars.outputs.tag }}
      basename: ${{ steps.vars.outputs.basename }}
      branch: ${{ steps.vars.outputs.branch }}
      env: ${{ steps.env.outputs.env }}
      project_name: ${{ steps.env.outputs.project_name }}
      deploy_env: ${{ steps.env.outputs.deploy_env }}
  build:
    runs-on: self-hosted
    needs: env-vars
    if: ${{ !(github.event_name == 'pull_request' && github.event.action == 'closed') }}
    container:
      image: ghcr.io/catthehacker/ubuntu:act-latest
    steps:
      - name: import secrets
        id: s
        uses: hashicorp/vault-action@v2.4.1
        with:
          url: ${{ secrets.VAULT_URL }}
          token: ${{ secrets.VAULT_TOKEN }}
          method: token
          secrets: |
            kv/data/common registry_username;
            kv/data/common registry_password;
            kv/data/${{ needs.env-vars.outputs.basename }}/${{ needs.env-vars.outputs.env }} STRAPI_URL;
      - name: setup buildx
        uses: docker/setup-buildx-action@v2
        with:
          install: true
      - name: checkout repo
        uses: actions/checkout@v3
      - name: login to registry
        uses: docker/login-action@v2
        with:
          registry: ${{ env.REGISTRY }}
          username: ${{ steps.s.outputs.registry_username }}
          password: ${{ steps.s.outputs.registry_password }}
      - name: build and push image
        uses: docker/build-push-action@v3
        with:
          context: ./web
          push: true
          tags: ${{ needs.env-vars.outputs.image_name }}-web
          build-args: |
            NEXT_PUBLIC_STRAPI_URL=${{ steps.s.outputs.STRAPI_URL }}
      - name: build and push image
        uses: docker/build-push-action@v3
        with:
          context: ./strapi
          push: true
          tags: ${{ needs.env-vars.outputs.image_name }}-strapi

  # This should need build and use the image to test
  test:
    runs-on: self-hosted
    # To run this locally using act set act to false in event.json
    # Note act does not support services...
    if: ${{ false && github.event_name == 'pull_request' && github.event.action != 'closed' }}
    services:
      postgres:
        image: postgres:alpine
        env:
          POSTGRES_USER: postgres
          POSTGRES_PASSWORD: password
          POSTGRES_DB: ekorre_foot
    container: node:16-alpine
    steps:
      - name: add bash (needed for actions)
        run: apk add --no-cache bash
      - name: checkout repo
        uses: actions/checkout@v3
      - name: setup env
        run: |
          mv .env.example .env
          sed -i 's/localhost/postgres/' .env
      - name: install deps
        run: npm ci
      - name: lint
        continue-on-error: true
        run: npm run lint -- --output-file eslint_report.json --format json
      - name: publish lint
        if: ${{ !env.ACT }}
        uses: ataylorme/eslint-annotate-action@v2
        with:
          repo-token: "${{ secrets.GITHUB_TOKEN }}"
          only-pr-files: false
      - name: reset db
        run: npm run prisma:ci
      - name: run test
        continue-on-error: true
        run: npm run test:prebuild -- --ci --testLocationInResults --json --coverage --outputFile="report.json"
      - name: find pr
        continue-on-error: true
        if: ${{ !env.ACT  }}
        uses: jwalton/gh-find-current-pr@v1
        id: findPr
      - name: publish coverage
        continue-on-error: true
        if: ${{ !env.ACT }}
        uses: ArtiomTr/jest-coverage-report-action@v2.0.9
        with:
          skip-step: all
          coverage-file: report.json
          base-coverage-file: report.json
          prnumber: ${{ steps.findPr.outputs.number }}
          annotations: failed-tests
      - name: check changelog
        uses: Zomzog/changelog-checker@v1.2.0
        if: ${{ !env.ACT }}
        continue-on-error: true
        with:
          fileName: CHANGELOG.MD
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      - name: check package.json
        if: ${{ !env.ACT }}
        uses: Zomzog/changelog-checker@v1.2.0
        continue-on-error: true
        with:
          fileName: package.json
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

  deploy:
    # To run this locally using act set act to false in event.json
    if: ${{ !github.event.act || !(github.event_name == 'pull_request' && github.event.action == 'closed') }}
    runs-on: self-hosted
    needs:
      - env-vars
      - build
    steps:
      - name: import secrets
        id: s
        uses: hashicorp/vault-action@v2.4.1
        with:
          url: ${{ secrets.VAULT_URL }}
          token: ${{ secrets.VAULT_TOKEN }}
          method: token
          exportEnv: true
          secrets: |
            kv/data/common registry_username;
            kv/data/common registry_password;
            kv/data/common docker_ca;
            kv/data/common docker_cert;
            kv/data/common docker_key;
            kv/data/common docker_host;
            kv/data/${{ needs.env-vars.outputs.basename }}/${{ needs.env-vars.outputs.env }} DEPLOY_URL;
            kv/data/${{ needs.env-vars.outputs.basename }}/${{ needs.env-vars.outputs.env }} DB_USERNAME;
            kv/data/${{ needs.env-vars.outputs.basename }}/${{ needs.env-vars.outputs.env }} DB_PASSWORD;
            kv/data/${{ needs.env-vars.outputs.basename }}/${{ needs.env-vars.outputs.env }} DB_NAME;
            kv/data/${{ needs.env-vars.outputs.basename }}/${{ needs.env-vars.outputs.env }} DB_HOST;
            kv/data/${{ needs.env-vars.outputs.basename }}/${{ needs.env-vars.outputs.env }} STRAPI_APP_KEYS;
            kv/data/${{ needs.env-vars.outputs.basename }}/${{ needs.env-vars.outputs.env }} STRAPI_HOST;
            kv/data/${{ needs.env-vars.outputs.basename }}/${{ needs.env-vars.outputs.env }} STRAPI_PORT;
            kv/data/${{ needs.env-vars.outputs.basename }}/${{ needs.env-vars.outputs.env }} API_TOKEN_SALT;
            kv/data/${{ needs.env-vars.outputs.basename }}/${{ needs.env-vars.outputs.env }} JWT_SECRET;
            kv/data/${{ needs.env-vars.outputs.basename }}/${{ needs.env-vars.outputs.env }} SMTP_HOST;
            kv/data/${{ needs.env-vars.outputs.basename }}/${{ needs.env-vars.outputs.env }} SMTP_PORT;
            kv/data/${{ needs.env-vars.outputs.basename }}/${{ needs.env-vars.outputs.env }} SMTP_USERNAME;
            kv/data/${{ needs.env-vars.outputs.basename }}/${{ needs.env-vars.outputs.env }} SMTP_PASSWORD;
            kv/data/${{ needs.env-vars.outputs.basename }}/${{ needs.env-vars.outputs.env }} WIKI_URL;
            kv/data/${{ needs.env-vars.outputs.basename }}/${{ needs.env-vars.outputs.env }} WIKI_USERNAME;
            kv/data/${{ needs.env-vars.outputs.basename }}/${{ needs.env-vars.outputs.env }} WIKI_PASSWORD;
            kv/data/${{ needs.env-vars.outputs.basename }}/${{ needs.env-vars.outputs.env }} STRAPI_URL;
            kv/data/${{ needs.env-vars.outputs.basename }}/${{ needs.env-vars.outputs.env }} STRAPI_API_TOKEN;
            kv/data/${{ needs.env-vars.outputs.basename }}/${{ needs.env-vars.outputs.env }} GOOGLE_API_KEY;
            kv/data/${{ needs.env-vars.outputs.basename }}/${{ needs.env-vars.outputs.env }} EBREV_URL;
            kv/data/${{ needs.env-vars.outputs.basename }}/${{ needs.env-vars.outputs.env }} EBREV_API_KEY;
      - name: set variables
        run: |
          echo "IMAGE_NAME=${{ needs.env-vars.outputs.image_name }}" >> $GITHUB_ENV
          echo "TAG=${{ needs.env-vars.outputs.tag }}" >> $GITHUB_ENV
          echo "DEPLOY_ENV=${{ needs.env-vars.outputs.deploy_env }}" >> $GITHUB_ENV
          echo "ENV=${{ needs.env-vars.outputs.env }}" >> $GITHUB_ENV
          echo "PROJECT_NAME=${{ needs.env-vars.outputs.project_name }}" >> $GITHUB_ENV
          echo "COMPOSE_PROJECT_NAME=${{ needs.env-vars.outputs.project_name }}" >> $GITHUB_ENV

          if [ ${{ needs.env-vars.outputs.env }} = 'review' ]; then
            echo "DEPLOY_URL=${{ needs.env-vars.outputs.branch }}-${{ needs.env-vars.outputs.basename }}.review.esek.se" >> $GITHUB_ENV
          fi
      - name: checkout repo
        uses: actions/checkout@v3
      - name: start deployment
        uses: bobheadxi/deployments@v1
        id: deployment
        if: ${{ !env.ACT && github.event_name != 'pull_request' && needs.env-vars.outputs.env != 'review' }}
        with:
          step: start
          token: ${{ secrets.GITHUB_TOKEN }}
          override: true
          env: ${{ env.DEPLOY_ENV }}
      - name: login to host
        uses: blennster/setup-docker-remote-tls@v4
        with:
          tls_key: ${{ steps.s.outputs.docker_key }}
          tls_ca: ${{ steps.s.outputs.docker_ca }}
          tls_cert: ${{ steps.s.outputs.docker_cert }}
          tcp_host: ${{ steps.s.outputs.docker_host }}:2376
      - name: check connection
        run: |
          docker info
          docker compose version
      - name: login to registry
        uses: docker/login-action@v2
        with:
          registry: ${{ env.REGISTRY }}
          username: ${{ steps.s.outputs.registry_username }}
          password: ${{ steps.s.outputs.registry_password }}
      - name: pull images
        run: |
          echo $IMAGE_NAME
          docker pull "$IMAGE_NAME-web"
          docker pull "$IMAGE_NAME-strapi"
      - name: Stop old container
        run: |
          docker compose -f docker-compose.production.yml -p $PROJECT_NAME down
      - name: deploy to host
        shell: bash
        run: |
          if [[ "$ENV" = "production" || "$ENV" = "staging" ]]; then
            docker compose -f docker-compose.production.yml -p $PROJECT_NAME up -d --force-recreate
          fi
          if [[ "$ENV" = "review" || "$ENV" = "testing" ]]; then
            exit 0;
            docker compose -f docker-compose.ci.yml -f docker-compose.prod.yml -p $PROJECT_NAME up -d --force-recreate ${{ needs.env-vars.outputs.basename }}
          fi
      - name: prune system
        run: docker system prune -f 2> /dev/null || true
      - name: update deployment status
        uses: bobheadxi/deployments@v1
        if: ${{ always() && !env.ACT && github.event_name != 'pull_request' && needs.env-vars.outputs.env != 'review' }}
        with:
          step: finish
          token: ${{ secrets.GITHUB_TOKEN }}
          status: ${{ job.status }}
          env: ${{ steps.deployment.outputs.env }}
          env_url: https://${{ env.DEPLOY_URL }}
          deployment_id: ${{ steps.deployment.outputs.deployment_id }}
      - if: ${{ github.event.pull_request && github.event.action == 'opened' && !env.ACT }}
        name: comment deployment url to pr
        uses: mshick/add-pr-comment@v1
        with:
          message: I have deployed this PR to [${{ env.DEPLOY_URL }}](https://${{ env.DEPLOY_URL }}) 🚀
          repo-token: ${{ secrets.GITHUB_TOKEN }}

  teardown:
    runs-on: self-hosted
    if: ${{ github.event_name == 'pull_request' && github.event.action == 'closed' }}
    needs: env-vars
    steps:
      - name: import secrets
        id: s
        uses: hashicorp/vault-action@v2.4.1
        with:
          url: ${{ secrets.VAULT_URL }}
          token: ${{ secrets.VAULT_TOKEN }}
          method: token
          exportEnv: true
          secrets: |
            kv/data/common docker_ca;
            kv/data/common docker_cert;
            kv/data/common docker_key;
            kv/data/common docker_host;
      - name: login to host
        uses: blennster/setup-docker-remote-tls@v4
        with:
          tls_key: ${{ steps.s.outputs.docker_key }}
          tls_ca: ${{ steps.s.outputs.docker_ca }}
          tls_cert: ${{ steps.s.outputs.docker_cert }}
          tcp_host: ${{ steps.s.outputs.docker_host }}:2376
      - name: check connection
        run: |
          docker info
          docker compose version
      - name: checkout repo
        uses: actions/checkout@v3
      - name: stop container
        run: |
          docker compose -f docker-compose.ci.yml -p ${{ needs.env-vars.outputs.project_name }} down 2> /dev/null || true
      - if: ${{ !env.ACT }}
        name: comment deployment url to pr
        uses: mshick/add-pr-comment@v1
        with:
          message: I have removed this deploy now 😇
          repo-token: ${{ secrets.GITHUB_TOKEN }}