CodeForAfrica · kilemensi · Oct 7, 2024 · Oct 7, 2024 · Oct 7, 2024 · Oct 7, 2024
diff --git a/.github/workflows/_app-path-filter.yaml b/.github/workflows/_app-path-filter.yaml
@@ -0,0 +1,89 @@
+name: App Path Filter
+
+on:
+  workflow_call:
+    outputs:
+      apps:
+        description: "Indicates if there are changes in apps files folder"
+        value: ${{ jobs.app-path-filter.outputs.apps }}
+      charterafrica:
+        description: "Indicates if charterafrica app files have changed"
+        value: ${{ jobs.app-path-filter.outputs.charterafrica }}
+      civicsignalblog:
+        description: "Indicates if civicsignalblog app files have changed"
+        value: ${{ jobs.app-path-filter.outputs.civicsignalblog }}
+      climatemappedafrica:
+        description: "Indicates if climatemappedafrica app files have changed"
+        value: ${{ jobs.app-path-filter.outputs.climatemappedafrica }}
+      codeforafrica:
+        description: "Indicates if codeforafrica app files have changed"
+        value: ${{ jobs.app-path-filter.outputs.codeforafrica }}
+      pesayetu:
+        description: "Indicates if pesayetu app files have changed"
+        value: ${{ jobs.app-path-filter.outputs.pesayetu }}
+      roboshield:
+        description: "Indicates if roboshield app files have changed"
+        value: ${{ jobs.app-path-filter.outputs.roboshield }}
+      techlabblog:
+        description: "Indicates if techlabblog app files have changed"
+        value: ${{ jobs.app-path-filter.outputs.techlabblog }}
+      vpnmanager:
+        description: "Indicates if vpnmanager app files have changed"
+        value: ${{ jobs.app-path-filter.outputs.vpnmanager }}
+
+jobs:
+  app-path-filter:
+    name: App Path Filter
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        os: [ubuntu-latest]
+    outputs:
+      apps: ${{ steps.path-filter.outputs.apps }}
+      charterafrica: ${{ steps.path-filter.outputs.charterafrica }}
+      civicsignalblog: ${{ steps.path-filter.outputs.civicsignalblog }}
+      climatemappedafrica: ${{ steps.path-filter.outputs.climatemappedafrica }}
+      codeforafrica: ${{ steps.path-filter.outputs.codeforafrica }}
+      pesayetu: ${{ steps.path-filter.outputs.pesayetu }}
+      roboshield: ${{ steps.path-filter.outputs.roboshield }}
+      techlabblog: ${{ steps.path-filter.outputs.techlabblog }}
+      vpnmanager: ${{ steps.path-filter.outputs.vpnmanager }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Filter paths
+        uses: dorny/paths-filter@v3
+        id: path-filter
+        with:
+          filters: |
+            shared: &shared
+              - Dockerfile
+              - packages/**
+            apps:
+              - *shared
+              - "apps/**"
+            charterafrica:
+              - *shared
+              - "apps/charterafrica/**"
+            civicsignalblog:
+              - *shared
+              - "apps/civicsignalblog/**"
+            climatemappedafrica:
+              - *shared
+              - "apps/climatemappedafrica/**"
+            codeforafrica:
+              - *shared
+              - "apps/codeforafrica/**"
+            pesayetu:
+              - *shared
+              - "apps/pesayetu/**"
+            roboshield:
+              - *shared
+              - "apps/roboshield/**"
+            techlabblog:
+              - *shared
+              - "apps/techlabblog/**"
+            vpnmanager:
+              - *shared
+              - "apps/vpnmanager/**"
diff --git a/.github/workflows/_app-version-check.yaml b/.github/workflows/_app-version-check.yaml
@@ -0,0 +1,47 @@
+name: App Version Check
+
+on:
+  workflow_call:
+    inputs:
+      file-name:
+        required: true
+        type: string
+        description: "App name as it appears in 'apps' folder"
+    outputs:
+      changed:
+        description: "Either 'true' or 'false', indicates whether the version has changed"
+        value: ${{ jobs.app-version-check.outputs.changed }}
+      version:
+        description: "If the version has changed, it shows the version number"
+        value: ${{ jobs.app-version-check.outputs.version }}
+
+jobs:
+  app-version-check:
+    name: App Version Check
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        os: [ubuntu-latest]
+    outputs:
+      changed: ${{ steps.version-check.outputs.changed }}
+      version: ${{ steps.version-check.outputs.version }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup node
+        uses: actions/setup-node@v4
+        with:
+          node-version-file: "package.json"
+
+      - name: Check version
+        id: version-check
+        uses: EndBug/version-check@v2
+        with:
+          # Whether to search in every commit's diff.
+          # This is useful if you often do change the version without saying it
+          # in the commit message. If you always include the semver of the new
+          # version in your commit message when you bump versions then you can
+          # omit this.
+          diff-search: true
+          file-name: "${{ inputs.file-name }}"
diff --git a/.github/workflows/_cd-charterafrica.yaml b/.github/workflows/_cd-charterafrica.yaml
@@ -0,0 +1,85 @@
+name: CD | charterafrica
+
+on:
+  workflow_call:
+    inputs:
+      NODE_ENV:
+        required: true
+        type: string
+        description: "development|production"
+      app_url:
+        required: true
+        type: string
+        description: "App final URL"
+      seo_disabled:
+        required: true
+        type: string
+        description: "false|true"
+      build_args:
+        required: false
+        type: string
+        description: "List of build-time variables"
+      tags:
+        required: true
+        type: string
+        description: "List of tags"
+      git_remote_url:
+        required: true
+        type: string
+        description: "The dokku app's git repository url in SSH format"
+
+jobs:
+  # This seem to be needed because GitHub doesn't support access `secrets` in a `with` clause
+  # when calling reusable workflows
+  # https://github.com/github/roadmap/issues/636
+  secrets:
+    runs-on: ubuntu-latest
+    outputs:
+      MONGO_URL: ${{ steps.output-secrets.outputs.CHARTERAFRICA_MONGO_URL }}
+      NEXT_PUBLIC_APP_LOGO_URL: ${{ steps.output-secrets.outputs.NEXT_PUBLIC_CODEFORAFRICA_APP_LOGO_URL }}
+      NEXT_PUBLIC_APP_NAME: ${{ steps.output-secrets.outputs.NEXT_PUBLIC_CODEFORAFRICA_APP_NAME }}
+      NEXT_PUBLIC_GA_MEASUREMENT_ID: ${{ steps.output-secrets.outputs.CHARTERAFRICA_GA_MEASUREMENT_ID }}
+      NEXT_PUBLIC_SENTRY_DSN: ${{ steps.output-secrets.outputs.CHARTERAFRICA_SENTRY_DSN }}
+      PAYLOAD_SECRET: ${{ steps.output-secrets.outputs.CHARTERAFRICA_PAYLOAD_SECRET_KEY }}
+      SENTRY_PROJECT: ${{ steps.output-secrets.outputs.CODEFORAFRICA_SENTRY_PROJECT }}
+    steps:
+      - id: output-secrets
+        run: |
+          echo "CHARTERAFRICA_GA_MEASUREMENT_ID=${{ secrets.CHARTERAFRICA_GA_MEASUREMENT_ID }}" >> "$GITHUB_OUTPUT"
+          echo "CHARTERAFRICA_MONGO_URL=${{ secrets.CHARTERAFRICA_MONGO_URL }}" >> "$GITHUB_OUTPUT"
+          echo "CHARTERAFRICA_SENTRY_DSN=${{ secrets.CHARTERAFRICA_SENTRY_DSN }}" >> "$GITHUB_OUTPUT"
+          echo "NEXT_PUBLIC_CODEFORAFRICA_APP_LOGO_URL=${{ secrets.NEXT_PUBLIC_CODEFORAFRICA_APP_LOGO_URL }}" >> "$GITHUB_OUTPUT"
+          echo "NEXT_PUBLIC_CODEFORAFRICA_APP_NAME=${{ secrets.NEXT_PUBLIC_CODEFORAFRICA_APP_NAME }}" >> "$GITHUB_OUTPUT"
+          echo "CHARTERAFRICA_PAYLOAD_SECRET_KEY=${{ secrets.CHARTERAFRICA_PAYLOAD_SECRET_KEY }}" >> "$GITHUB_OUTPUT"
+          echo "CHARTERAFRICA_SENTRY_PROJECT=${{ secrets.CHARTERAFRICA_SENTRY_PROJECT }}" >> "$GITHUB_OUTPUT"
+
+  build-docker-image:
+    name: Build Docker Image
+    needs:
+      - secrets
+    uses: ./.github/workflows/build-docker-image.yml
+    with:
+      build_args: |
+        ${{ inputs.build_args }}
+        MONGO_URL=${{ needs.secrets.outputs.MONGO_URL }}
+        NEXT_PUBLIC_APP_URL=${{ inputs.app_url }}
+        NEXT_PUBLIC_GA_MEASUREMENT_ID=${{ needs.secrets.outputs.NEXT_PUBLIC_GA_MEASUREMENT_ID }}
+        NEXT_PUBLIC_SENTRY_DSN=${{  needs.secrets.outputs.NEXT_PUBLIC_SENTRY_DSN }}
+        NEXT_PUBLIC_SEO_DISABLED=${{ inputs.seo_disabled }}
+        NODE_ENV=${{ inputs.NODE_ENV }}
+        PAYLOAD_SECRET_KEY=${{ needs.secrets.outputs.PAYLOAD_SECRET }}
+        SENTRY_ENVIRONMENT=${{ inputs.NODE_ENV }}
+        SENTRY_ORG=${{ vars.SENTRY_ORG }}
+        SENTRY_PROJECT=${{ needs.secrets.outputs.SENTRY_PROJECT }}
+      tags: ${{ inputs.tags }}
+      target: charterafrica-runner
+    secrets: inherit
+
+  push-to-dokku:
+    name: Push to Dokku
+    needs: [build-docker-image]
+    uses: ./.github/workflows/push-to-dokku.yml
+    with:
+      git_remote_url: ${{ inputs.git_remote_url }}
+      deploy_docker_image: ${{ inputs.tags }}
+    secrets: inherit
diff --git a/.github/workflows/_cd-codeforafrica.yaml b/.github/workflows/_cd-codeforafrica.yaml
@@ -0,0 +1,80 @@
+name: CD | codeforafrica
+
+on:
+  workflow_call:
+    inputs:
+      app_url:
+        required: true
+        type: string
+        description: "App final URL"
+      NODE_ENV:
+        required: true
+        type: string
+        description: "development|production"
+      build_args:
+        required: false
+        type: string
+        description: "List of build-time variables"
+      tags:
+        required: true
+        type: string
+        description: "List of tags"
+      git_remote_url:
+        required: true
+        type: string
+        description: "The dokku app's git repository url in SSH format"
+    secrets:
+      CODEFORAFRICA_MONGODB_URL:
+        required: true
+      NEXT_PUBLIC_CODEFORAFRICA_APP_LOGO_URL:
+        required: false
+
+jobs:
+  # This seem to be needed because GitHub doesn't support access `secrets` in a `with` clause
+  # when calling reusable workflows
+  # https://github.com/github/roadmap/issues/636
+  secrets:
+    runs-on: ubuntu-latest
+    outputs:
+      MONGODB_URL: ${{ steps.output-secrets.outputs.CODEFORAFRICA_MONGODB_URL }}
+      NEXT_PUBLIC_APP_LOGO_URL: ${{ steps.output-secrets.outputs.NEXT_PUBLIC_CODEFORAFRICA_APP_LOGO_URL }}
+      NEXT_PUBLIC_APP_NAME: ${{ steps.output-secrets.outputs.NEXT_PUBLIC_CODEFORAFRICA_APP_NAME }}
+      PAYLOAD_SECRET: ${{ steps.output-secrets.outputs.CODEFORAFRICA_PAYLOAD_SECRET }}
+      SENTRY_PROJECT: ${{ steps.output-secrets.outputs.CODEFORAFRICA_SENTRY_PROJECT }}
+    steps:
+      - id: output-secrets
+        run: |
+          echo "CODEFORAFRICA_MONGODB_URL=${{ secrets.CODEFORAFRICA_MONGODB_URL }}" >> "$GITHUB_OUTPUT"
+          echo "NEXT_PUBLIC_CODEFORAFRICA_APP_LOGO_URL=${{ secrets.NEXT_PUBLIC_CODEFORAFRICA_APP_LOGO_URL }}" >> "$GITHUB_OUTPUT"
+          echo "NEXT_PUBLIC_CODEFORAFRICA_APP_NAME=${{ secrets.NEXT_PUBLIC_CODEFORAFRICA_APP_NAME }}" >> "$GITHUB_OUTPUT"
+          echo "CODEFORAFRICA_PAYLOAD_SECRET=${{ secrets.CODEFORAFRICA_PAYLOAD_SECRET }}" >> "$GITHUB_OUTPUT"
+          echo "CODEFORAFRICA_SENTRY_PROJECT=${{ secrets.CODEFORAFRICA_SENTRY_PROJECT }}" >> "$GITHUB_OUTPUT"
+
+  build-docker-image:
+    name: Build Docker Image
+    needs:
+      - secrets
+    uses: ./.github/workflows/build-docker-image.yml
+    with:
+      build_args: |
+        ${{ inputs.build_args }}
+        MONGODB_URL=${{ needs.secrets.outputs.MONGODB_URL }}
+        NEXT_PUBLIC_APP_LOGO_URL=${{ needs.secrets.outputs.NEXT_PUBLIC_APP_LOGO_URL }}
+        NEXT_PUBLIC_APP_NAME=${{  needs.secrets.outputs.NEXT_PUBLIC_APP_NAME }}
+        NEXT_PUBLIC_APP_URL=${{ inputs.app_url }}
+        NODE_ENV=${{ inputs.NODE_ENV }}
+        PAYLOAD_SECRET=${{ needs.secrets.outputs.PAYLOAD_SECRET }}
+        SENTRY_ENVIRONMENT=${{ inputs.NODE_ENV }}
+        SENTRY_PROJECT=${{ needs.secrets.outputs.SENTRY_PROJECT }}
+      tags: ${{ inputs.tags }}
+      target: "codeforafrica-runner"
+    secrets: inherit
+
+  push-to-dokku:
+    name: Push to Dokku
+    needs: [build-docker-image]
+    uses: ./.github/workflows/push-to-dokku.yml
+    with:
+      git_remote_url: ${{ inputs.git_remote_url }}
+      deploy_docker_image: ${{ inputs.tags }}
+    secrets: inherit
diff --git a/.github/workflows/_cd-dev.yaml b/.github/workflows/_cd-dev.yaml
@@ -0,0 +1,34 @@
+name: DEV | CD
+
+on:
+  workflow_call:
+
+jobs:
+  apps-path-filter:
+    name:
+    uses: ./.github/workflows/_app-path-filter.yaml
+
+  cd-dev-charterafrica:
+    needs:
+      - apps-path-filter
+    if: ${{ needs.apps-path-filter.outputs.charterafrica == 'true' }}
+    uses: ./.github/workflows/_cd-charterafrica.yaml
+    with:
+      NODE_ENV: development
+      app_url: "https://charterafrica.dev.codeforafrica.org"
+      seo_disabled: true
+      tags: "codeforafrica/charterafrica-ui:${{ github.sha }}"
+      git_remote_url: "ssh://[email protected]/charterafrica-ui"
+    secrets: inherit
+
+  cd-dev-codeforafrica:
+    needs:
+      - apps-path-filter
+    if: ${{ needs.apps-path-filter.outputs.codeforafrica == 'true' }}
+    uses: ./.github/workflows/_cd-codeforafrica.yaml
+    with:
+      NODE_ENV: "development"
+      app_url: "https://codeforafrica-ui.dev.codeforafrica.org"
+      tags: "codeforafrica/codeforafrica-ui:${{ github.sha }}"
+      git_remote_url: "ssh://[email protected]/codeofrafrica-ui"
+    secrets: inherit
diff --git a/.github/workflows/_cd-prod.yaml b/.github/workflows/_cd-prod.yaml
@@ -0,0 +1,46 @@
+name: PROD | CD
+
+on:
+  workflow_call:
+
+jobs:
+  version-check-charterafrica:
+    name: Version Check | charterafrica
+    uses: ./.github/workflows/_app-version-check.yaml
+    with:
+      file-name: "./apps/charterafrica/package.json"
+    secrets: inherit
+
+  version-check-codeforafrica:
+    name: Version Check | codeforafrica
+    uses: ./.github/workflows/_app-version-check.yaml
+    with:
+      file-name: "./apps/codeforafrica/package.json"
+    secrets: inherit
+
+  prod-cd-charterafrica:
+    name: Deploy | charterafrica
+    needs:
+      - version-check-charterafrica
+    if: ${{ needs.version-check-charterafrica.outputs.changed == 'true' }}
+    uses: ./.github/workflows/_cd-charterafrica.yaml
+    with:
+      NODE_ENV: production
+      app_url: https://charter.africa
+      seo_disabled: false
+      tags: "codeforafrica/charterafrica-ui:${{ needs.version-check-charterafrica.outputs.version }}"
+      git_remote_url: ssh://[email protected]/charterafrica-ui
+    secrets: inherit
+
+  prod-cd-codeforafrica:
+    name: Deploy | charterafrica
+    needs:
+      - version-check-codeforafrica
+    if: ${{ needs.version-check-codeforafrica.outputs.changed == 'true' }}
+    uses: ./.github/workflows/_cd-codeforafrica.yaml
+    with:
+      NODE_ENV: production
+      app_url: https://cfa.dev.codeforafrica.org
+      tags: "codeforafrica/codeforafrica-ui:${{ needs.version-check-codeforafrica.outputs.version }}"
+      git_remote_url: ssh://[email protected]/codeforafrica-ui
+    secrets: inherit