-
-
Notifications
You must be signed in to change notification settings - Fork 12
154 lines (132 loc) · 7.16 KB
/
deploy-preview.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
name: CD Azure (preview)
on:
pull_request_target:
types: [opened, synchronize, reopened, labeled]
branches:
- main
workflow_dispatch:
inputs:
preview_name:
description: 'Name of the deployment environment'
type: string
required: true
permissions:
pull-requests: write
id-token: write
jobs:
preview:
name: Build & Deploy to preview
runs-on: windows-latest
env:
PREVIEW_NAME: ${{ github.event.pull_request.number || github.event.inputs.preview_name }}
GITHUB_REPO_TOKEN: ${{ secrets.GITHUBS_REPO_TOKEN }}
NUXT_SESSION_PASSWORD: ${{ secrets.AZURE_SESSION_SECRET }}
steps:
# We could also add these checks to a job-wide if condition, to skip the workflow if its unsecure to run.
# However, Github views skipped workflows as "successful" and thus one could merge a PR without running this workflow first.
- name: Fail if unsecure
if: "github.event_name != 'workflow_dispatch' && !contains(github.event.pull_request.labels.*.name, 'status: safe to test') && github.actor != 'tobiasdiez' && github.actor != 'dependabot[bot]' && github.actor != 'renovate[bot]'"
run: exit 1
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: ${{ github.event.pull_request.head.sha || github.ref }}
- name: Install pnpm
uses: pnpm/action-setup@v4
- name: Setup Node.js
uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
with:
node-version: 20
cache: 'pnpm'
- name: Install dependencies
run: pnpm install
- name: Build
run: pnpm build:azure
- name: Login to Azure
uses: Azure/login@a65d910e8af852a8061c627c456678983e180302 # v2
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
- name: Deploy Web App
id: deploy_web
run: |
# Workaround for https://github.com/Azure/static-web-apps-cli/issues/557 and https://github.com/Azure/static-web-apps-cli/issues/565
$output = pnpm swa deploy .output\public --env $env:PREVIEW_NAME --verbose=silly 2>&1 | Out-String
Write-Host $output
$match = $output | Select-String -Pattern 'Project deployed to (?<url>.*) '
if ($match -eq $null) { exit 1 }
$url = $match.Matches[0].Groups['url'].Value
echo "url=$url" >> $env:GITHUB_OUTPUT
env:
SWA_CLI_DEPLOYMENT_TOKEN: ${{ secrets.AZURE_STATIC_WEB_APPS_API_TOKEN_MANGO_PEBBLE_0224C3803 }}
- name: Install Python
uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5
with:
python-version: '3.10'
- name: Create test database on Azure
run: |
$name = "postgres_test_$env:PREVIEW_NAME"
$pwd = az account get-access-token --resource-type oss-rdbms --output tsv --query accessToken
# az postgres flexible-server db create --server-name jabrefdb --resource-group JabRefOnline --database-name $name --charset utf8 --collation en_US.utf8
# For some reason the public schema is not created automatically or without the default permissions, so we need to do it manually
# TODO: Remove this workaround once https://github.com/Azure/azure-cli/issues/26772 is fixed
# We also need to manually install an old version of rdbms due to https://github.com/Azure/azure-cli/issues/25067
# az extension add --name rdbms-connect --version 1.0.3 --debug
# az postgres flexible-server execute --name jabrefdb -u "Github" -p "$pwd" --database-name $name -q "ALTER DATABASE $name OWNER TO azure_pg_admin; create schema public;" --output table
# az postgres flexible-server execute --name jabrefdb -u "Github" -p "$pwd" --database-name $name -q "grant usage on schema public to public; grant create on schema public to public;" --output table
# az postgres flexible-server execute --name jabrefdb -u "Github" -p "$pwd" --database-name $name -q "SELECT schema_name FROM information_schema.schemata;" --output table
# Login to the database using the Github user
$connection_string = "postgresql://Github:$pwd@$($env:DB_NAME).postgres.database.azure.com:5432/$($name)?sslmode=require"
echo "::add-mask::$connection_string"
echo "DATABASE_URL=$connection_string" >> $env:GITHUB_ENV
$Env:DATABASE_URL = $connection_string
# Finally, run the migrations (this also creates the db)
pnpm prisma:migrate:reset --force
env:
DB_NAME: ${{ secrets.AZURE_DATABASE_NAME }}
- name: Create & Link Function App
run: |
pip install azure-identity azure-mgmt-web azure-mgmt-storage azure-mgmt-applicationinsights azure-mgmt-redis azure-mgmt-communication
python .github\scripts\deploy.py --env $env:PREVIEW_NAME
env:
SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
- name: Deploy Function App
run: |
# Nuxt/nitro creates symlinks to replicate parts of the node_modules folder
# if multiple versions of the same package are used.
# However, these symlinks are not preserved by Compress-Archive, and even they were, Azure has problems with symlinks:
# https://github.com/Azure/webapps-deploy/issues/54
# Therefore, replace all symlinks by the actual files
$links = Get-ChildItem -Path .output\server -Attributes ReparsePoint -Recurse
foreach ($link in $links)
{
$source = $link.Target;
$destination = $link.FullName;
Remove-Item $destination -Force
Copy-Item -Path $source -Destination $destination -Force -Recurse
}
Compress-Archive -Path .output\server\* -DestinationPath .output\server.zip
az functionapp deployment source config-zip -g JabRefOnline -n jabref-function-$env:PREVIEW_NAME --src .output\server.zip
- name: Check HTTP status
run: |
Start-Sleep -Seconds 30
curl -s -w 'Establish Connection: %{time_connect}s\nTTFB: %{time_starttransfer}s\nTotal: %{time_total}s\n' ${{ steps.deploy_web.outputs.url }} || true
curl -s -w 'Establish Connection: %{time_connect}s\nTTFB: %{time_starttransfer}s\nTotal: %{time_total}s\n' ${{ steps.deploy_web.outputs.url }}/api || true
# The api returns 400 status code for some reason
# uses: gerdemann/[email protected]
# with:
# url: ${{ steps.deploy_web.outputs.url }}/api
# code: 200
# timeout: 300 # initial warm up can take quite some time
# interval: 30
- name: Report URL as PR comment
if: github.event_name == 'pull_request_target'
uses: marocchino/sticky-pull-request-comment@331f8f5b4215f0445d3c07b4967662a32a2d3e31 # v2
with:
message: |
Deployed ${{ github.sha }} to ${{ steps.deploy_web.outputs.url }}
- name: Run E2E tests
run: pnpm test:e2e
env:
TEST_URL: ${{ steps.deploy_web.outputs.url }}