forked from codeforjapan/decidim-cfj
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request codeforjapan#573 from ayuki-joto/refactor/actions
Refactor/actions
- Loading branch information
Showing
10 changed files
with
390 additions
and
308 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,56 @@ | ||
name: build image | ||
|
||
on: | ||
workflow_call: | ||
inputs: | ||
image-tags: | ||
type: string | ||
required: true | ||
description: "comma separated container image tags" | ||
role-to-assume: | ||
description: "role arn to be assumed" | ||
default: 'arn:aws:iam::887442827229:role/GithubActions_decidim-cfj-cdk-deploy' | ||
type: string | ||
required: false | ||
deploy-env: | ||
type: string | ||
required: false | ||
description: "target environment" | ||
default: staging | ||
|
||
jobs: | ||
build: | ||
name: Build | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Checkout Repo | ||
uses: actions/checkout@v3 | ||
|
||
- name: Configure AWS Credentials | ||
uses: aws-actions/configure-aws-credentials@v1 | ||
with: | ||
aws-region: "ap-northeast-1" | ||
role-duration-seconds: 1200 | ||
role-to-assume: "${{ inputs.role-to-assume }}" | ||
|
||
- name: Login to Amazon ECR | ||
id: login-ecr | ||
uses: aws-actions/amazon-ecr-login@v1 | ||
|
||
- name: Set up Docker Buildx | ||
id: buildx | ||
uses: docker/setup-buildx-action@v1 | ||
|
||
- name: Docker Build | ||
uses: docker/build-push-action@v3 | ||
with: | ||
push: true | ||
builder: ${{ steps.buildx.outputs.name }} | ||
tags: ${{ steps.login-ecr.outputs.registry }}/${{ secrets.AWS_ECR_REPO_NAME }}:${{ inputs.deploy-env }}-${{ inputs.image-tags }} | ||
file: ./Dockerfile | ||
context: ./ | ||
cache-from: type=gha | ||
cache-to: type=gha,mode=max | ||
|
||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,119 @@ | ||
name: Check | ||
|
||
on: | ||
workflow_call: | ||
inputs: | ||
ruby-version: | ||
type: string | ||
required: false | ||
default: 3.0.6 | ||
|
||
jobs: | ||
rubocop: | ||
name: Rubocop | ||
permissions: | ||
actions: write | ||
contents: read | ||
id-token: write | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Checkout Repo | ||
uses: actions/checkout@v3 | ||
|
||
- uses: ruby/setup-ruby@v1 | ||
with: | ||
ruby-version: ${{ inputs.ruby-version }} | ||
bundler-cache: true | ||
|
||
- name: Lint by RuboCop | ||
run: | | ||
bundle exec rubocop --parallel | ||
unittest: | ||
name: Unit Test | ||
runs-on: ubuntu-latest | ||
env: | ||
DATABASE_HOST: 127.0.0.1 | ||
DATABASE_PORT: 5432 | ||
DATABASE_USERNAME: postgres | ||
DATABASE_PASSWORD: postgres | ||
RAILS_ENV: test | ||
IMAGEMAGICK_SRC: 7.1.0-50.tar.gz | ||
SLACK_API_TOKEN: xoxb-dummy | ||
SLACK_MESSAGE_CHANNEL: '#test' | ||
services: | ||
db: | ||
image: postgres:12.14 | ||
ports: | ||
- 5432:5432 | ||
env: | ||
POSTGRES_USER: postgres | ||
POSTGRES_PASSWORD: postgres | ||
options: >- | ||
--health-cmd pg_isready | ||
--health-interval 10s | ||
--health-timeout 5s | ||
--health-retries 5 | ||
redis: | ||
image: redis | ||
ports: | ||
- 6379/tcp | ||
steps: | ||
- name: Checkout Repo | ||
uses: actions/checkout@v3 | ||
|
||
- name: apt-get | ||
run: | | ||
sudo apt-get update -y | ||
sudo apt-get -yqq install libpq-dev postgresql-client libfuse2 | ||
- name: check imagemagick | ||
run: | | ||
export PATH=${GITHUB_WORKSPACE}/vendor/imagemagick7/bin:${PATH} | ||
which convert | ||
convert -version | ||
- name: Set up Ruby 3.0.6 | ||
uses: ruby/setup-ruby@v1 | ||
with: | ||
ruby-version: 3.0.6 | ||
bundler-cache: true | ||
|
||
- name: setup Node | ||
uses: actions/setup-node@v3 | ||
with: | ||
node-version: 16.13.0 | ||
cache: 'yarn' | ||
|
||
- name: install yarn | ||
run: | | ||
npm i -g [email protected] | ||
yarn install --frozen-lockfile | ||
- name: create assets precompile cache key | ||
run: | | ||
# use newest commit hash of precompile target files | ||
git rev-parse $(git log --oneline -n 1 app/packs lib/assets Gemfile.lock yarn.lock | awk '{print $1}') > ASSETS_VERSION | ||
- name: asset cache | ||
uses: actions/cache@v3 | ||
with: | ||
path: | | ||
public/packs | ||
public/assets | ||
tmp/cache/assets | ||
public/packs-test | ||
key: asset-precompile-cache-${{ hashFiles('ASSETS_VERSION') }} | ||
restore-keys: | | ||
asset-precompile-cache-${{ hashFiles('ASSETS_VERSION') }} | ||
asset-precompile-cache- | ||
- name: Migrate DB | ||
run: | | ||
bundle exec rails db:create db:migrate | ||
- name: Precompile assets | ||
run: bundle exec rails assets:precompile | ||
- name: Test with RSpec | ||
run: | | ||
bundle exec rails spec |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,95 @@ | ||
name: Deploy to ecs | ||
|
||
on: | ||
workflow_call: | ||
inputs: | ||
role-to-assume: | ||
type: string | ||
required: false | ||
default: arn:aws:iam::887442827229:role/GithubActions_decidim-cfj-cdk-deploy | ||
image-tag: | ||
type: string | ||
required: true | ||
deploy-env: | ||
type: string | ||
required: false | ||
description: "target environment" | ||
default: staging | ||
|
||
permissions: | ||
actions: write | ||
contents: read | ||
id-token: write | ||
|
||
jobs: | ||
deploy: | ||
name: aws cdk | ||
runs-on: ubuntu-latest | ||
timeout-minutes: 1800 | ||
steps: | ||
- uses: actions/checkout@v3 | ||
|
||
- name: Configure AWS Credentials | ||
uses: aws-actions/configure-aws-credentials@v1 | ||
with: | ||
role-to-assume: ${{ inputs.role-to-assume }} | ||
aws-region: ap-northeast-1 | ||
|
||
- name: Login to Amazon ECR | ||
id: login-ecr | ||
uses: aws-actions/amazon-ecr-login@v1 | ||
|
||
- name: Check if ECR Image exists with tag | ||
if: contains(github.ref, 'tags/v') | ||
env: | ||
IMAGE_TAG: ${{ inputs.image-tag }} | ||
ECR_REPOSITORY: ${{ secrets.AWS_ECR_REPO_NAME }} | ||
run: | | ||
EXIT_CODE=0 | ||
aws ecr describe-images --repository-name=$ECR_REPOSITORY --image-ids=imageTag=$IMAGE_TAG 2> /dev/null || EXIT_CODE=$? | ||
if [[ $EXIT_CODE != 0 ]]; then | ||
echo "${IMAGE_TAG} image tag not found" | ||
exit 1 | ||
fi | ||
- name: Checkout decidim-cfj cdk | ||
uses: actions/checkout@v3 | ||
with: | ||
repository: codeforjapan/decidim-cfj-cdk | ||
path: decidim-cfj-cdk | ||
|
||
- name: Setup Node | ||
uses: actions/setup-node@v1 | ||
with: | ||
node-version: '18' | ||
|
||
- name: Cache node modules | ||
id: cache-npm | ||
uses: actions/cache@v3 | ||
env: | ||
cache-name: cache-node-modules | ||
with: | ||
# npm cache files are stored in `~/.npm` on Linux/macOS | ||
path: ~/.npm | ||
key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('**/yarn.lock') }} | ||
restore-keys: | | ||
${{ runner.os }}-build-${{ env.cache-name }}- | ||
${{ runner.os }}-build- | ||
${{ runner.os }}- | ||
- name: Install dependencies | ||
run: npm install | ||
working-directory: decidim-cfj-cdk | ||
|
||
- name: Install dependencies | ||
run: npm install -g aws-cdk | ||
working-directory: decidim-cfj-cdk | ||
|
||
- name: cdk deploy | ||
run: cdk -c stage=$DEPLOY_ENV -c tag=$IMAGE_TAG deploy --all --require-approval never | ||
working-directory: decidim-cfj-cdk | ||
env: | ||
AWS_DEFAULT_REGION: 'ap-northeast-1' | ||
DEPLOY_ENV: ${{ inputs.deploy-env }} | ||
IMAGE_TAG: ${{ inputs.deploy-env }}-${{ inputs.image-tag }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
name: Release | ||
|
||
permissions: write-all | ||
|
||
on: | ||
workflow_call: | ||
outputs: | ||
tag_name: | ||
description: image tag name | ||
value: ${{ jobs.release.outputs.tag_name }} | ||
created: | ||
description: whether release is created or not | ||
value: ${{ jobs.release.outputs.created }} | ||
|
||
jobs: | ||
release: | ||
name: Release Please | ||
runs-on: ubuntu-latest | ||
outputs: | ||
created: ${{ steps.release.outputs.release_created }} | ||
tag_name: ${{ env.IMAGE_TAG }} | ||
steps: | ||
- uses: google-github-actions/release-please-action@v3 | ||
id: release | ||
with: | ||
release-type: ruby | ||
- name: Export Released Version for Image Tag | ||
if: ${{ steps.release.outputs.release_created }} | ||
run: | | ||
echo "IMAGE_TAG=${{ steps.release.outputs.tag_name }}" >> $GITHUB_ENV | ||
- name: Export Commit SHA for Image Tag | ||
if: ${{ !steps.release.outputs.release_created }} | ||
run: | | ||
sha=$(echo "${{ github.sha }}" | cut -c1-7) | ||
echo "IMAGE_TAG=$sha" >> $GITHUB_ENV |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
name: Pull request Check & test | ||
|
||
permissions: write-all | ||
|
||
on: | ||
pull_request: | ||
types: [opened, synchronize, reopened] | ||
|
||
jobs: | ||
check: | ||
name: Check | ||
uses: ./.github/workflows/_check.yaml |
Oops, something went wrong.