CI: drop CircleCI configuration file and scripts #8
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI/CD Pipeline | |
on: | |
workflow_dispatch: | |
push: | |
jobs: | |
prepare-to-run: | |
runs-on: ubuntu-latest | |
outputs: | |
default-branch: ${{ steps.default-branch.outputs.branch }} | |
image-tag: ${{ steps.tag.outputs.image_tag }} | |
steps: | |
- name: Determine default Git branch name | |
id: default-branch | |
run: | | |
echo "branch=$(sed -e 's/^.*\///' < .git/refs/remotes/origin/HEAD)" >> "$GITHUB_OUTPUT" | |
- name: Determine image tag | |
id: tag | |
run: | | |
if [[ "${{ github.ref_name }}" == "{{ steps.default-branch.outputs.branch }}" ]]; then | |
echo "image_tag=sha-${{ github.sha }}" >> "$GITHUB_OUTPUT" | |
else | |
echo "image_tag=${{ github.ref_name }}-sha-${{ github.sha }}" >> "$GITHUB_OUTPUT" | |
fi | |
test: | |
needs: | |
- prepare-to-run | |
runs-on: ubuntu-latest | |
env: | |
BUNDLE_PATH: vendor/bundle | |
RAILS_ENV: test | |
services: | |
postgres: | |
image: postgres:latest | |
env: | |
POSTGRES_USER: postgres | |
POSTGRES_HOST_AUTH_METHOD: trust | |
ports: | |
- 5432:5432 | |
options: >- | |
--health-cmd pg_isready | |
--health-interval 10s | |
--health-timeout 5s | |
--health-retries 5 | |
redis: | |
image: redis:6.2.6-alpine | |
ports: | |
- 6379:6379 | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: ruby/setup-ruby@v1 | |
with: | |
# ruby-version is read from .ruby-version file. | |
bundler-cache: true # runs 'bundle install' and caches installed gems automatically | |
- run: bundle exec rails db:setup db:migrate | |
- name: Run tests | |
run: script/ci/pipeline.sh tests "bundle exec rake" | |
- name: Upload test results | |
uses: actions/upload-artifact@v4 | |
with: | |
path: tmp/test-results | |
retention-days: 5 | |
prepare-app-image: | |
needs: | |
- prepare-to-run | |
permissions: | |
id-token: write | |
contents: read | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Log into Heroku Docker registry | |
uses: docker/login-action@v3 | |
with: | |
registry: registry.heroku.com | |
username: ${{ secrets.HEROKU_REGISTRY_USERNAME }} | |
password: ${{ secrets.HEROKU_REGISTRY_TOKEN }} | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
aws-region: ${{ secrets.AWS_REGION }} | |
role-to-assume: ${{ secrets.AWS_ECR_ACCESS_ROLE_ARN }} | |
- name: Log into AWS ECR | |
uses: docker/login-action@v3 | |
with: | |
registry: ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ secrets.AWS_REGION }}.amazonaws.com | |
- name: Build and push Docker image with revision and latest tags | |
uses: docker/build-push-action@v5 | |
with: | |
build-args: | | |
RUBY_VERSION=3.2.3 | |
REVISION=${{ github.sha }} | |
context: . | |
push: true | |
tags: | | |
${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ secrets.AWS_REGION }}.amazonaws.com/pipeline:${{ needs.prepare-to-run.outputs.image-tag }} | |
registry.heroku.com/ci-pipeline/app:${{ github.sha }} | |
deploy: | |
if: github.ref == 'refs/heads/${{ needs.prepare-to-run.outputs.default-branch }}' | |
needs: | |
- test | |
- prepare-to-run | |
- prepare-app-image | |
concurrency: | |
group: deploy-to-production-${{ github.ref }} | |
cancel-in-progress: false | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout Pipeline repository | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ needs.prepare-to-run.outputs.default-branch }} | |
fetch-depth: 0 | |
- name: Checkout stack repository | |
uses: actions/checkout@v4 | |
with: | |
repository: barsoom/stack | |
path: stack | |
token: ${{ secrets.STACK_TOKEN }} | |
sparse-checkout: | | |
applications/pipeline/values.yaml | |
script/ci/deploy.sh | |
script/ci/ensure_revision_is_newer_than_deployed_revision.sh | |
- name: Ensure revision is newer than deployed revision | |
run: stack/script/ci/ensure_revision_is_newer_than_deployed_revision.sh | |
- name: Update values.yaml with new image tag | |
run: | | |
NEW_TAG="${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ secrets.AWS_REGION }}.amazonaws.com/pipeline:sha-${{ github.sha }}" | |
sed -i "s|image:.*|image: $NEW_TAG|g" stack/applications/pipeline/values.yaml | |
- name: Deploy to Stack | |
run: stack/script/ci/deploy.sh | |
- name: Deploy to Heroku | |
env: | |
HEROKU_REGISTRY_TOKEN: ${{ secrets.HEROKU_REGISTRY_TOKEN }} | |
run: script/ci/pipeline.sh deploy_production "script/ci/deploy_from_github_actions.sh ci-pipeline ${{ github.sha }}" |