-
Notifications
You must be signed in to change notification settings - Fork 1
156 lines (137 loc) · 4.95 KB
/
ci-test.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
name: CI
on:
push:
# Publish `master` as Docker `latest` image.
branches:
- main
- staging
# Publish `v1.2.3` tags as releases.
tags:
- v*
# Run tests for any PRs.
pull_request:
branches:
- main
- staging
env:
CACHE_IMAGE: ghcr.io/hactar-is/openownership
DOCKER_BUILDKIT: 1
COMPOSE_DOCKER_CLI_BUILD: 1
jobs:
test:
runs-on: ubuntu-latest
if: "! contains(github.event.head_commit.message, '[skip ci]')"
steps:
- uses: actions/checkout@v2
- uses: actions/setup-python@v2
with:
python-version: "3.x"
- name: Install EnvKey source
run: VERSION=$(curl https://envkey-releases.s3.amazonaws.com/latest/envkeysource-version.txt) && curl -s https://envkey-releases.s3.amazonaws.com/envkeysource/release_artifacts/$VERSION/install.sh | bash
- name: Run tests
env:
ENVKEY: ${{ secrets.ENVKEY2 }}
run: |
eval $(envkey-source)
echo $GHCR_TOKEN | docker login ghcr.io -u hactarbot3000 --password-stdin
docker compose -f docker-compose.test.yml pull
docker compose -f docker-compose.test.yml run --rm web
- name: Report coverage to Codacy
env:
ENVKEY: ${{ secrets.ENVKEY2 }}
run: |
eval $(envkey-source)
pip3 install codacy-coverage
python-codacy-coverage -r ${{github.workspace}}/app/coverage.xml
deploy_staging:
# Requires these vars in github secrets
# * ENVKEY
# * DEPLOY_KEY_PRIVATE
# Requires the staging IP address in EnvKey
# * IP_STAGING
runs-on: ubuntu-latest
needs: test
if: github.ref == 'refs/heads/staging' && ! contains(github.event.head_commit.message, '[skip ci]') && ! contains(github.event.head_commit.message, '[skip deploy]')
steps:
- name: Checkout staging
uses: actions/checkout@v2
with:
fetch-depth: 0
- name: Install EnvKey source
run: VERSION=$(curl https://envkey-releases.s3.amazonaws.com/latest/envkeysource-version.txt) && curl -s https://envkey-releases.s3.amazonaws.com/envkeysource/release_artifacts/$VERSION/install.sh | bash
- name: Configure .ssh and push to staging
env:
SSH_AUTH_SOCK: /tmp/ssh_agent.sock
ENVKEY: ${{ secrets.ENVKEY2 }}
run: |
eval $(envkey-source)
mkdir -p ~/.ssh
ssh-agent -a $SSH_AUTH_SOCK > /dev/null
ssh-keyscan github.com >> ~/.ssh/known_hosts
ssh-keyscan $IP_STAGING >> ~/.ssh/known_hosts
ssh-add - <<< "${{ secrets.DEPLOY_KEY_PRIVATE }}"
git remote add staging ssh://deploy@$IP_STAGING/srv/repos/openownership.org.git
git push staging staging -f
sentry_release_staging:
runs-on: ubuntu-latest
needs: deploy_staging
steps:
- name: Checkout
uses: actions/checkout@v2
with:
fetch-depth: 0
- name: Create Sentry release
uses: getsentry/action-release@v1
env:
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
SENTRY_ORG: hactar
SENTRY_PROJECT: openownership
with:
environment: staging
ignore_missing: true
deploy_production:
# Requires these vars in github secrets
# * ENVKEY
# * DEPLOY_KEY_PRIVATE
# Requires the staging IP address in EnvKey
# * IP_STAGING
runs-on: ubuntu-latest
needs: test
if: github.ref == 'refs/heads/main' && ! contains(github.event.head_commit.message, '[skip ci]') && ! contains(github.event.head_commit.message, '[skip deploy]')
steps:
- name: Checkout main
uses: actions/checkout@v2
with:
fetch-depth: 0
- name: Install EnvKey source
run: VERSION=$(curl https://envkey-releases.s3.amazonaws.com/latest/envkeysource-version.txt) && curl -s https://envkey-releases.s3.amazonaws.com/envkeysource/release_artifacts/$VERSION/install.sh | bash
- name: Configure .ssh and push to staging
env:
SSH_AUTH_SOCK: /tmp/ssh_agent.sock
ENVKEY: ${{ secrets.ENVKEY2 }}
run: |
eval $(envkey-source)
mkdir -p ~/.ssh
ssh-agent -a $SSH_AUTH_SOCK > /dev/null
ssh-keyscan github.com >> ~/.ssh/known_hosts
ssh-keyscan $IP_PRODUCTION >> ~/.ssh/known_hosts
ssh-add - <<< "${{ secrets.DEPLOY_KEY_PRIVATE }}"
git remote add production ssh://deploy@$IP_PRODUCTION/srv/repos/openownership.org.git
git push production main -f
sentry_release_prod:
runs-on: ubuntu-latest
needs: deploy_production
steps:
- name: Checkout
uses: actions/checkout@v2
with:
fetch-depth: 0
- name: Create Sentry release
uses: getsentry/action-release@v1
env:
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
SENTRY_ORG: hactar
SENTRY_PROJECT: openownership
with:
environment: production
ignore_missing: true