fixes #838
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: [push] | |
env: | |
COMPOSE_PROJECT_NAME: build | |
PS_SUBNET: 172.34.202.0/16 | |
PS_GATEWAY_IP: 172.34.0.1 | |
PHRASEA_DOMAIN: phrasea.local | |
TRAEFIK_HTTPS_PORT: 4442 | |
TRAEFIK_HTTP_PORT: 8042 | |
HTTPS_PORT_PREFIX: ':4442' | |
REGISTRY_NAMESPACE: ghcr.io/${{ github.repository_owner }}/ps- | |
DOCKER_TAG: ${{ github.sha }} | |
IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }} | |
VERIFY_SSL: "false" | |
SENTRY_RELEASE: ${{ github.sha }} | |
jobs: | |
build_keycloak: | |
name: 'Build Keycloak' | |
uses: ./.github/workflows/build_base.yaml | |
with: | |
image: keycloak | |
context: ./infra/docker/keycloak | |
target: keycloak | |
secrets: inherit | |
build_php-fpm-base: | |
name: 'Build php-fpm-base' | |
uses: ./.github/workflows/build_base.yaml | |
with: | |
image: php-fpm-base | |
context: ./infra/docker/php-fpm-base | |
secrets: inherit | |
build_configurator: | |
name: 'Build Configurator' | |
uses: ./.github/workflows/build_base.yaml | |
with: | |
image: configurator | |
context: ./configurator | |
secrets: inherit | |
needs: | |
- build_php-fpm-base | |
build_nginx-fpm-base: | |
name: 'Build nginx-fpm-base' | |
uses: ./.github/workflows/build_base.yaml | |
with: | |
image: nginx-fpm-base | |
context: ./infra/docker/nginx-fpm-base | |
secrets: inherit | |
build_nodejs-base: | |
name: 'Build nodejs-base' | |
uses: ./.github/workflows/build_base.yaml | |
with: | |
image: nodejs-base | |
context: ./infra/docker/nodejs-base | |
secrets: inherit | |
build_nginx-cache-purge: | |
name: 'Build nginx-cache-purge' | |
uses: ./.github/workflows/build_base.yaml | |
with: | |
image: nginx-cache-purge | |
context: ./infra/docker/nginx-cache-purge | |
secrets: inherit | |
build_dashboard: | |
name: 'Build Dashboard' | |
uses: ./.github/workflows/build.yaml | |
with: | |
image: dashboard | |
context: ./dashboard | |
secrets: inherit | |
build_databox_api: | |
name: 'Build Databox API' | |
uses: ./.github/workflows/build_api.yaml | |
with: | |
prefix: databox | |
context: ./databox/api | |
withLibs: true | |
secrets: inherit | |
needs: | |
- build_php-fpm-base | |
- build_nginx-fpm-base | |
build_databox_client: | |
name: 'Build Databox Client' | |
uses: ./.github/workflows/build.yaml | |
with: | |
image: databox-client | |
context: ./databox/client | |
withLibs: true | |
secrets: inherit | |
needs: | |
- build_nodejs-base | |
build_databox_indexer: | |
name: 'Build Databox Indexer' | |
uses: ./.github/workflows/build.yaml | |
with: | |
image: databox-indexer | |
context: ./databox/indexer | |
secrets: inherit | |
build_expose_api: | |
name: 'Build Expose API' | |
uses: ./.github/workflows/build_api.yaml | |
with: | |
prefix: expose | |
context: ./expose/api | |
withLibs: true | |
secrets: inherit | |
needs: | |
- build_php-fpm-base | |
- build_nginx-cache-purge | |
build_expose_client: | |
name: 'Build Expose Client' | |
uses: ./.github/workflows/build.yaml | |
with: | |
image: expose-client | |
context: ./expose/client | |
withLibs: true | |
secrets: inherit | |
needs: | |
- build_nodejs-base | |
build_matomo_php: | |
name: 'Build Matomo PHP' | |
uses: ./.github/workflows/build.yaml | |
with: | |
image: matomo-php | |
context: ./infra/docker/matomo-php | |
secrets: inherit | |
build_matomo_nginx: | |
name: 'Build Matomo NGINX' | |
uses: ./.github/workflows/build.yaml | |
with: | |
image: matomo-nginx | |
context: ./infra/docker/matomo-nginx | |
secrets: inherit | |
build_notify_api: | |
name: 'Build Notify API' | |
uses: ./.github/workflows/build_api.yaml | |
with: | |
prefix: notify | |
context: ./notify/api | |
withLibs: true | |
secrets: inherit | |
needs: | |
- build_php-fpm-base | |
- build_nginx-fpm-base | |
build_report_api: | |
name: 'Build Report API' | |
uses: ./.github/workflows/build.yaml | |
with: | |
image: report-api | |
context: report | |
secrets: inherit | |
build_uploader_api: | |
name: 'Build Uploader API' | |
uses: ./.github/workflows/build_api.yaml | |
with: | |
prefix: uploader | |
context: ./uploader/api | |
withLibs: true | |
secrets: inherit | |
needs: | |
- build_php-fpm-base | |
- build_nginx-fpm-base | |
build_uploader_client: | |
name: 'Build Uploader Client' | |
uses: ./.github/workflows/build.yaml | |
with: | |
image: uploader-client | |
context: ./uploader/client | |
withLibs: true | |
secrets: inherit | |
needs: | |
- build_nodejs-base | |
setup: | |
name: 'Setup stack' | |
runs-on: ubuntu-latest | |
needs: | |
- build_configurator | |
- build_dashboard | |
- build_databox_api | |
- build_databox_client | |
- build_databox_indexer | |
- build_expose_api | |
- build_expose_client | |
- build_keycloak | |
- build_matomo_nginx | |
- build_matomo_php | |
- build_notify_api | |
- build_report_api | |
- build_uploader_api | |
- build_uploader_client | |
steps: | |
- name: Install mkcert | |
run: | | |
sudo apt-get install wget libnss3-tools | |
wget https://github.com/FiloSottile/mkcert/releases/download/v1.4.3/mkcert-v1.4.3-linux-amd64 | |
sudo mv mkcert-v1.4.3-linux-amd64 /usr/bin/mkcert | |
sudo chmod +x /usr/bin/mkcert | |
mkcert -install | |
- name: Checkout code | |
uses: actions/checkout@v3 | |
- name: Log in to the Container registry | |
uses: docker/login-action@v2 | |
with: | |
registry: ${{ env.IMAGE_REGISTRY }} | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Pull images | |
run: | | |
docker compose pull | |
- name: Setup | |
run: | | |
docker compose down --volumes | |
bin/dev/make-cert.sh | |
sudo PHRASEA_DOMAIN=${PHRASEA_DOMAIN} bin/dev/append-etc-hosts.sh | |
bin/setup.sh | |
- name: Test | |
run: bin/test.sh | |
- name: Clean containers | |
if: ${{ always() }} | |
run: | | |
docker compose down --volumes | |
- name: Login to Docker Hub | |
env: | |
DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} | |
if: env.DOCKERHUB_USERNAME != null && (github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/')) | |
uses: docker/login-action@v1 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
- name: Push images to Dockerhub | |
env: | |
DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} | |
if: env.DOCKERHUB_USERNAME != null && startsWith(github.ref, 'refs/tags/') | |
run: | | |
docker image ls | grep ${{ env.DOCKER_TAG }} | awk '{ print $1 }' | xargs -I {} echo docker tag {}:${{ env.DOCKER_TAG }} {}:${{ github.ref_name }} | sed "s,${{ env.REGISTRY_NAMESPACE }},alchemyfr/ps-,2" | bash | |
REGISTRY_NAMESPACE=alchemyfr/ps- DOCKER_TAG=${{ github.ref_name }} docker compose push | |
set -ex | |
LATEST_TAG=$(curl \ | |
-H "Accept: application/vnd.github+json" \ | |
-H "Authorization: Bearer ${{ github.token }}" \ | |
-H "X-GitHub-Api-Version: 2022-11-28" \ | |
https://api.github.com/repos/${{ github.repository }}/releases/latest | jq --raw-output '.tag_name') | |
if [ "${LATEST_TAG}" == "${{ github.ref_name }}" ]; then | |
docker image ls | grep ${{ env.DOCKER_TAG }} | awk '{ print $1 }' | xargs -I {} echo docker tag {}:${{ env.DOCKER_TAG }} {}:latest | sed "s,${{ env.REGISTRY_NAMESPACE }},alchemyfr/ps-,2" | bash | |
REGISTRY_NAMESPACE=alchemyfr/ps- DOCKER_TAG=latest docker compose push | |
fi | |
- name: Configure AWS Credentials | |
env: | |
AWS_ECR_ACCESS_KEY_ID: ${{ secrets.AWS_ECR_ACCESS_KEY_ID }} | |
if: env.AWS_ECR_ACCESS_KEY_ID != null | |
uses: aws-actions/configure-aws-credentials@v2 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ECR_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_ECR_ACCESS_KEY_SECRET }} | |
aws-region: us-east-1 | |
- name: Login to Amazon ECR Public | |
id: login-ecr-public | |
uses: aws-actions/amazon-ecr-login@v1 | |
with: | |
registry-type: public | |
- name: Push images to AWS ECR | |
env: | |
AWS_ECR_ACCESS_KEY_ID: ${{ secrets.AWS_ECR_ACCESS_KEY_ID }} | |
REGISTRY_ALIAS: b2s9z7l1 | |
if: env.AWS_ECR_ACCESS_KEY_ID != null | |
run: | | |
ECR_REGISTRY="${{ steps.login-ecr-public.outputs.registry }}/${REGISTRY_ALIAS}" | |
docker image ls | grep ${{ env.DOCKER_TAG }} | awk '{ print $1 }' | xargs -I {} echo docker tag {}:${{ env.DOCKER_TAG }} {}:${{ github.ref_name }} | sed "s,${{ env.REGISTRY_NAMESPACE }},${ECR_REGISTRY}/ps-,2" | bash | |
REGISTRY_NAMESPACE=${ECR_REGISTRY}/ps- DOCKER_TAG=${{ github.ref_name }} docker compose push | |
COMPOSE_PROFILES="configurator" REGISTRY_NAMESPACE=${ECR_REGISTRY}/ps- DOCKER_TAG=${{ github.ref_name }} docker compose push |