From a1f8b37874c5a31348430253309be5794c2d944f Mon Sep 17 00:00:00 2001 From: Richard Hallett Date: Thu, 6 Jan 2022 08:35:40 +0100 Subject: [PATCH] Add github actions --- .env.travis => .env.build | 0 .github/workflows/release.yml | 159 ++++++++++++++++++++++++++++++++++ .github/workflows/stage.yml | 158 +++++++++++++++++++++++++++++++++ .gitignore | 2 +- 4 files changed, 318 insertions(+), 1 deletion(-) rename .env.travis => .env.build (100%) create mode 100644 .github/workflows/release.yml create mode 100644 .github/workflows/stage.yml diff --git a/.env.travis b/.env.build similarity index 100% rename from .env.travis rename to .env.build diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..d3ad972 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,159 @@ +name: Deploy +on: + release: + types: [published] + +jobs: + test: + runs-on: ubuntu-latest + services: + memcached: + image: memcached:1.4.31 + ports: + - 11211/udp + env: + MEMCACHE_SERVERS: "localhost:11211" + SECRET_KEY_BASE: ${{ secrets.SECRET_KEY_BASE }} + SESSION_ENCRYPTED_COOKIE_SALT: ${{ secrets.SESSION_ENCRYPTED_COOKIE_SALT }} + JWT_PRIVATE_KEY: ${{ secrets.JWT_PRIVATE_KEY }} + JWT_PUBLIC_KEY: ${{ secrets.JWT_PUBLIC_KEY }} + MDS_USERNAME: ${{ secrets.MDS_USERNAME }} + MDS_PASSWORD: ${{ secrets.MDS_PASSWORD }} + AWS_REGION: ${{ secrets.AWS_REGION }} + steps: + - uses: actions/checkout@v2 + - name: Set up Ruby 2.6 + uses: actions/setup-ruby@v1 + with: + ruby-version: '2.6.x' + - uses: actions/cache@v2 + with: + path: vendor/bundle + key: ${{ runner.os }}-gems-${{ hashFiles('**/Gemfile.lock') }} + restore-keys: | + ${{ runner.os }}-gems- + - name: Install + env: + MYSQL_PORT: ${{ job.services.mysql.ports[3306] }} + run: | + cp .env.build .env + gem install bundler + bundle config path vendor/bundle + bundle install --jobs 4 --retry 3 + - name: Lint and Test + env: + MEMCACHE_SERVERS: "localhost:11211" + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + run: | + # Run the tests in subsets instead of all at once. + bundle exec rspec spec + + build: + needs: test + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v2 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v1 + - name: Cache Docker layers + uses: actions/cache@v2 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-buildx-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx- + - name: Login to DockerHub + uses: docker/login-action@v1 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + - name: Login to GitHub Container Registry + uses: docker/login-action@v1 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Get git tag + run: | + echo "::set-output name=GIT_TAG::$(git tag --points-at HEAD)" + id: set_git_vars + - name: Push to Docker Hub + uses: docker/build-push-action@v2 + with: + context: . + file: ./Dockerfile + push: true + tags: ${{ github.repository }}:${{ steps.set_git_vars.outputs.GIT_TAG }} + cache-from: type=local,src=/tmp/.buildx-cache + cache-to: type=local,dest=/tmp/.buildx-cache + - name: Push to GitHub Packages + uses: docker/build-push-action@v2 + with: + context: . + file: ./Dockerfile + push: true + tags: ghcr.io/${{ github.repository }}:${{ steps.set_git_vars.outputs.GIT_TAG }} + cache-from: type=local,src=/tmp/.buildx-cache + cache-to: type=local,dest=/tmp/.buildx-cache + + deploy: + needs: [test, build] + runs-on: ubuntu-latest + env: + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + steps: + - name: Checkout + uses: actions/checkout@v2 + - name: Extract variables + shell: bash + run: | + echo "::set-output name=BRANCH::$(echo ${GITHUB_REF#refs/heads/} | sed 's/\//_/g')" + echo "::set-output name=TAG::$(git tag --points-at HEAD)" + echo "::set-output name=GIT_SHA::$(git rev-parse HEAD)" + echo "::set-output name=GIT_SHA_SHORT::$(git rev-parse --short HEAD)" + id: extract_variables + + - name: Checkout terraform config repo + uses: actions/checkout@v2 + with: + # public repo with terraform configuration + repository: 'datacite/mastino' + persist-credentials: false + - name: Commit changes to terraform config repository + # use go template in terraform config repository to update git sha and tag + # commit and push changes to trigger terraform workflow + run: | + export GIT_SHA=${{ steps.extract_variables.outputs.GIT_SHA_SHORT }} + export GIT_TAG=${{ steps.extract_variables.outputs.TAG }} + wget https://github.com/jwilder/dockerize/releases/download/v0.6.0/dockerize-linux-amd64-v0.6.0.tar.gz + tar -xzvf dockerize-linux-amd64-v0.6.0.tar.gz + rm dockerize-linux-amd64-v0.6.0.tar.gz + ./dockerize -template prod-eu-west/services//content-negotiation.auto.tfvars.tmpl:prod-eu-west/services/content-negotiation/content-negotiation.auto.tfvars + + git config --local user.email "action@github.com" + git config --local user.name "GitHub Action" + git add prod-eu-west/services/content-negotiation/content-negotiation.auto.tfvars + git commit -m "Adding content-negotiation git variables for commit ${{ steps.extract_variables.outputs.GIT_SHA }}" + - name: Push changes + uses: ad-m/github-push-action@v0.6.0 + with: + github_token: ${{ secrets.PERSONAL_ACCESS_TOKEN }} + repository: 'datacite/mastino' + branch: 'refs/heads/master' + tags: false + + # - name: Notify Slack + # uses: edge/simple-slack-notify@master + # with: + # channel: '#ops' + # color: 'good' + # text: 'A new version of the is been deployed to stage.' + # failure_text: '${env.GITHUB_WORKFLOW} (${env.GITHUB_RUN_NUMBER}) build failed' + # fields: | + # [{ "title": "Commit message", "value": "${{ steps.extract_variables.outputs.MESSAGE }}" }, + # { "title": "Committed by", "value": "", "short": true }, + # { "title": "Commit SHA", "value": "", "short": true }, + # { "title": "Repository", "value": "", "short": true }, + # { "title": "Branch", "value": "", "short": true }] diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml new file mode 100644 index 0000000..8aff6cf --- /dev/null +++ b/.github/workflows/stage.yml @@ -0,0 +1,158 @@ +name: Deploy +on: + push: + branches: + - "master" +jobs: + test: + runs-on: ubuntu-latest + services: + memcached: + image: memcached:1.4.31 + ports: + - 11211/udp + env: + MEMCACHE_SERVERS: "localhost:11211" + SECRET_KEY_BASE: ${{ secrets.SECRET_KEY_BASE }} + SESSION_ENCRYPTED_COOKIE_SALT: ${{ secrets.SESSION_ENCRYPTED_COOKIE_SALT }} + JWT_PRIVATE_KEY: ${{ secrets.JWT_PRIVATE_KEY }} + JWT_PUBLIC_KEY: ${{ secrets.JWT_PUBLIC_KEY }} + MDS_USERNAME: ${{ secrets.MDS_USERNAME }} + MDS_PASSWORD: ${{ secrets.MDS_PASSWORD }} + AWS_REGION: ${{ secrets.AWS_REGION }} + steps: + - uses: actions/checkout@v2 + - name: Set up Ruby 2.6 + uses: actions/setup-ruby@v1 + with: + ruby-version: '2.6.x' + - uses: actions/cache@v2 + with: + path: vendor/bundle + key: ${{ runner.os }}-gems-${{ hashFiles('**/Gemfile.lock') }} + restore-keys: | + ${{ runner.os }}-gems- + - name: Install + env: + MYSQL_PORT: ${{ job.services.mysql.ports[3306] }} + run: | + cp .env.build .env + gem install bundler + bundle config path vendor/bundle + bundle install --jobs 4 --retry 3 + - name: Lint and Test + env: + MEMCACHE_SERVERS: "localhost:11211" + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + run: | + # Run the tests in subsets instead of all at once. + bundle exec rspec spec + + build: + needs: test + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v2 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v1 + - name: Cache Docker layers + uses: actions/cache@v2 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-buildx-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx- + - name: Login to DockerHub + uses: docker/login-action@v1 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + - name: Login to GitHub Container Registry + uses: docker/login-action@v1 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Push to Docker Hub + uses: docker/build-push-action@v2 + with: + context: . + file: ./Dockerfile + push: true + tags: ${{ github.repository }}:latest + cache-from: type=local,src=/tmp/.buildx-cache + cache-to: type=local,dest=/tmp/.buildx-cache + - name: Push to GitHub Packages + uses: docker/build-push-action@v2 + with: + context: . + file: ./Dockerfile + push: true + tags: ghcr.io/${{ github.repository }}:latest + cache-from: type=local,src=/tmp/.buildx-cache + cache-to: type=local,dest=/tmp/.buildx-cache + + deploy: + needs: [test, build] + runs-on: ubuntu-latest + env: + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + steps: + - name: Checkout + uses: actions/checkout@v2 + with: + ref: ${{ github.event.pull_request.head.sha }} + - name: Extract variables + shell: bash + run: | + echo "::set-output name=BRANCH::$(echo ${GITHUB_REF#refs/heads/} | sed 's/\//_/g')" + echo "::set-output name=TAG::$(git tag --points-at HEAD)" + echo "::set-output name=GIT_SHA::$(git rev-parse HEAD)" + echo "::set-output name=GIT_SHA_SHORT::$(git rev-parse --short HEAD)" + echo "::set-output name=MESSAGE::$(git log --format=%B -n 1 ${{ github.event.after }})" + id: extract_variables + + - name: Checkout terraform config repo + uses: actions/checkout@v2 + with: + # public repo with terraform configuration + repository: 'datacite/mastino' + persist-credentials: false + - name: Commit changes to terraform config repository + # use go template in terraform config repository to update git sha and tag + # commit and push changes to trigger terraform workflow + run: | + export GIT_SHA=${{ steps.extract_variables.outputs.GIT_SHA_SHORT }} + export GIT_TAG=${{ steps.extract_variables.outputs.GIT_TAG }} + wget https://github.com/jwilder/dockerize/releases/download/v0.6.0/dockerize-linux-amd64-v0.6.0.tar.gz + tar -xzvf dockerize-linux-amd64-v0.6.0.tar.gz + rm dockerize-linux-amd64-v0.6.0.tar.gz + ./dockerize -template stage/services/content-negotiation/_content-negotiation.auto.tfvars.tmpl:stage/services/content-negotiation/_content-negotiation.auto.tfvars + + git config --local user.email "action@github.com" + git config --local user.name "GitHub Action" + git add stage/services/content-negotiation/_content-negotiation.auto.tfvars + git commit -m "Adding content-negotiation git variables for commit ${{ steps.extract_variables.outputs.GIT_SHA }}" + - name: Push changes + uses: ad-m/github-push-action@v0.6.0 + with: + github_token: ${{ secrets.PERSONAL_ACCESS_TOKEN }} + repository: 'datacite/mastino' + branch: 'refs/heads/master' + tags: false + + # - name: Notify Slack + # uses: edge/simple-slack-notify@master + # with: + # channel: '#ops' + # color: 'good' + # text: 'A new version of the is been deployed to stage.' + # failure_text: '${env.GITHUB_WORKFLOW} (${env.GITHUB_RUN_NUMBER}) build failed' + # fields: | + # [{ "title": "Commit message", "value": "${{ steps.extract_variables.outputs.MESSAGE }}" }, + # { "title": "Committed by", "value": "", "short": true }, + # { "title": "Commit SHA", "value": "", "short": true }, + # { "title": "Repository", "value": "", "short": true }, + # { "title": "Branch", "value": "", "short": true }] diff --git a/.gitignore b/.gitignore index 724fb87..ea0ed05 100644 --- a/.gitignore +++ b/.gitignore @@ -25,7 +25,7 @@ vendor/bundle/* .env .env.* !.env.example -!.env.travis +!.env.build # Ignore DevSpace cache and log folder