Skip to content

don't auth in non default branch #141

don't auth in non default branch

don't auth in non default branch #141

Workflow file for this run

name: CI/CD Pipeline
on:
workflow_dispatch:
push:
jobs:
test:
runs-on: ubuntu-latest
env:
BUNDLE_PATH: vendor/bundle
RAILS_ENV: test
services:
postgres:
image: postgres:latest
env:
POSTGRES_USER: postgres
POSTGRES_HOST_AUTH_METHOD: trust
ports:
- 5432:5432
options: >-
--health-cmd pg_isready
--health-interval 10s
--health-timeout 5s
--health-retries 5
redis:
image: redis:6.2.6-alpine
ports:
- 6379:6379
steps:
- uses: actions/checkout@v4
- uses: ruby/setup-ruby@v1
with:
# ruby-version is read from .ruby-version file.
bundler-cache: true # runs 'bundle install' and caches installed gems automatically
- run: bundle exec rails db:setup db:migrate
- name: Run tests
run: bundle exec rake
- name: Upload test results
uses: actions/upload-artifact@v4
with:
path: tmp/test-results
retention-days: 5
build:
permissions:
id-token: write
contents: read
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Configure AWS credentials
if: github.ref_name == github.event.repository.default_branch
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{ secrets.AWS_REGION }}
role-to-assume: ${{ secrets.AWS_ECR_ACCESS_ROLE_ARN }}
- name: Log into AWS ECR
if: github.ref_name == github.event.repository.default_branch
uses: docker/login-action@v3
with:
registry: ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ secrets.AWS_REGION }}.amazonaws.com
- name: Determine ruby version
id: ruby-version
run: |
echo "ruby_version=$(cat .ruby-version)" >> "$GITHUB_OUTPUT"
- name: Build and push
uses: docker/build-push-action@v6
with:
build-args: |
RUBY_VERSION=${{ steps.ruby-version.outputs.ruby_version }}
REVISION=${{ github.sha }}
context: .
push: ${{ github.ref_name == github.event.repository.default_branch }}
tags: |
${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ secrets.AWS_REGION }}.amazonaws.com/${{ github.event.repository.name }}:sha-${{ github.sha }}
deploy:
if: github.ref_name == github.event.repository.default_branch
needs:
- test
- build
concurrency:
group: deploy-to-production
cancel-in-progress: false
runs-on: ubuntu-latest
steps:
- name: Checkout Pipeline repository
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Checkout stack repository
uses: actions/checkout@v4
with:
repository: barsoom/stack
path: stack
token: ${{ secrets.STACK_TOKEN }}
sparse-checkout: |
applications/pipeline/values.yaml
script/ci/deploy.sh
script/ci/ensure_revision_is_newer_than_deployed_revision.sh
- name: Ensure revision is newer than deployed revision
run: stack/script/ci/ensure_revision_is_newer_than_deployed_revision.sh
- name: Update values.yaml with new image tag
run: |
NEW_TAG="${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ secrets.AWS_REGION }}.amazonaws.com/${{ github.event.repository.name }}:sha-${{ github.sha }}"
sed -i "s|image:.*|image: $NEW_TAG|g" stack/applications/pipeline/values.yaml
- name: Deploy
run: stack/script/ci/deploy.sh pipeline.auctionet.dev