-
Notifications
You must be signed in to change notification settings - Fork 1
166 lines (136 loc) · 4.73 KB
/
test-build-deploy.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
name: CI and CD
on:
pull_request:
push:
branches:
- main
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
test:
runs-on: ubuntu-latest
env:
RACK_ENV: test
RAILS_ENV: test
DATABASE_URL: "postgresql://postgres:postgres@127.0.0.1/laa-apply-for-criminal-legal-aid-test"
services:
postgres:
image: postgres:15.2-alpine
env:
POSTGRES_DB: laa-apply-for-criminal-legal-aid-test
POSTGRES_USER: postgres
POSTGRES_PASSWORD: postgres
ports:
- 5432:5432
options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Setup Ruby and install gems
uses: ruby/setup-ruby@v1
with:
bundler-cache: true
- name: Find yarn cache location
id: yarn-cache-dir-path
run: echo "dir=$(yarn cache dir)" >> $GITHUB_OUTPUT
- name: JS package cache
uses: actions/cache@v3
id: yarn-cache
with:
path: ${{ steps.yarn-cache-dir-path.outputs.dir }}
key: ${{ runner.os }}-yarn-${{ hashFiles('**/yarn.lock') }}
restore-keys: |
${{ runner.os }}-yarn-
- name: Install packages with yarn
run: yarn install --frozen-lockfile --ignore-scripts
- name: Precompile assets
run: bin/rails assets:precompile
- name: Setup test database
run: bin/rails db:prepare
- name: Run linters and tests
run: bundle exec rake
- name: Upload rspec coverage (if failure)
if: failure()
uses: actions/upload-artifact@v3
with:
name: rspec-coverage
path: coverage/*
build:
runs-on: ubuntu-latest
needs: test
if: github.ref == 'refs/heads/main'
permissions:
id-token: write # This is required for requesting the JWT
contents: read # This is required for actions/checkout
outputs:
ecr_url: ${{ steps.ecr-url-output.outputs.ecr_url }}
steps:
- name: Checkout
uses: actions/checkout@v3
# Assume role in Cloud Platform
- uses: aws-actions/configure-aws-credentials@v3
with:
role-to-assume: ${{ secrets.ECR_ROLE_TO_ASSUME }}
aws-region: ${{ vars.ECR_REGION }}
# Login to container repository
- uses: aws-actions/amazon-ecr-login@v1
id: login-ecr
- name: Store ECR endpoint as output
id: ecr-url-output
run: echo "ecr_url=${{ steps.login-ecr.outputs.registry }}/${{ vars.ECR_REPOSITORY }}" >> $GITHUB_OUTPUT
- name: Store current date
run: echo "BUILD_DATE=$(date +%Y%m%d%H%M)" >> $GITHUB_ENV
- name: Build
run: |
docker build \
--label build.git.sha=${{ github.sha }} \
--label build.git.branch=${{ github.ref }} \
--label build.date=${{ env.BUILD_DATE }} \
--build-arg APP_BUILD_DATE=${{ env.BUILD_DATE }} \
--build-arg APP_BUILD_TAG=${{ github.ref }} \
--build-arg APP_GIT_COMMIT=${{ github.sha }} \
-t app .
- name: Push to ECR
id: ecr
env:
ECR_URL: ${{ steps.ecr-url-output.outputs.ecr_url }}
run: |
docker tag app $ECR_URL:${{ github.sha }}
docker tag app $ECR_URL:staging.latest
docker push $ECR_URL:${{ github.sha }}
docker push $ECR_URL:staging.latest
deploy-staging:
runs-on: ubuntu-latest
needs: build
environment: staging
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Deploy staging
uses: ./.github/actions/deploy
with:
environment-name: staging
git-crypt-key: ${{ secrets.GIT_CRYPT_KEY }}
ecr-url: ${{ needs.build.outputs.ecr_url }}
kube-cert: ${{ secrets.KUBE_STAGING_CERT }}
kube-token: ${{ secrets.KUBE_STAGING_TOKEN }}
kube-cluster: ${{ secrets.KUBE_STAGING_CLUSTER }}
kube-namespace: ${{ secrets.KUBE_STAGING_NAMESPACE }}
deploy-production:
runs-on: ubuntu-latest
needs: [build, deploy-staging]
environment: production
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Deploy production
uses: ./.github/actions/deploy
with:
environment-name: production
git-crypt-key: ${{ secrets.GIT_CRYPT_KEY }}
ecr-url: ${{ needs.build.outputs.ecr_url }}
kube-cert: ${{ secrets.KUBE_PRODUCTION_CERT }}
kube-token: ${{ secrets.KUBE_PRODUCTION_TOKEN }}
kube-cluster: ${{ secrets.KUBE_PRODUCTION_CLUSTER }}
kube-namespace: ${{ secrets.KUBE_PRODUCTION_NAMESPACE }}