forked from joakimk/pipeline
-
Notifications
You must be signed in to change notification settings - Fork 1
147 lines (134 loc) · 4.7 KB
/
ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
name: CI/CD Pipeline
on:
workflow_dispatch:
push:
jobs:
prepare-to-run:
runs-on: ubuntu-latest
outputs:
default-branch: ${{ steps.default-branch.outputs.branch }}
image-tag: ${{ steps.tag.outputs.image_tag }}
steps:
- name: Determine default Git branch name
id: default-branch
run: |
echo "branch=$(sed -e 's/^.*\///' < .git/refs/remotes/origin/HEAD)" >> "$GITHUB_OUTPUT"
- name: Determine image tag
id: tag
run: |
if [[ "${{ github.ref_name }}" == "{{ steps.default-branch.outputs.branch }}" ]]; then
echo "image_tag=sha-${{ github.sha }}" >> "$GITHUB_OUTPUT"
else
echo "image_tag=${{ github.ref_name }}-sha-${{ github.sha }}" >> "$GITHUB_OUTPUT"
fi
test:
needs:
- prepare-to-run
runs-on: ubuntu-latest
env:
BUNDLE_PATH: vendor/bundle
RAILS_ENV: test
services:
postgres:
image: postgres:latest
env:
POSTGRES_USER: postgres
POSTGRES_HOST_AUTH_METHOD: trust
ports:
- 5432:5432
options: >-
--health-cmd pg_isready
--health-interval 10s
--health-timeout 5s
--health-retries 5
redis:
image: redis:6.2.6-alpine
ports:
- 6379:6379
steps:
- uses: actions/checkout@v4
- uses: ruby/setup-ruby@v1
with:
# ruby-version is read from .ruby-version file.
bundler-cache: true # runs 'bundle install' and caches installed gems automatically
- run: bundle exec rails db:setup db:migrate
- name: Run tests
run: script/ci/pipeline.sh tests "bundle exec rake"
- name: Upload test results
uses: actions/upload-artifact@v4
with:
path: tmp/test-results
retention-days: 5
prepare-app-image:
needs:
- prepare-to-run
permissions:
id-token: write
contents: read
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Log into Heroku Docker registry
uses: docker/login-action@v3
with:
registry: registry.heroku.com
username: ${{ secrets.HEROKU_REGISTRY_USERNAME }}
password: ${{ secrets.HEROKU_REGISTRY_TOKEN }}
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{ secrets.AWS_REGION }}
role-to-assume: ${{ secrets.AWS_ECR_ACCESS_ROLE_ARN }}
- name: Log into AWS ECR
uses: docker/login-action@v3
with:
registry: ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ secrets.AWS_REGION }}.amazonaws.com
- name: Build and push Docker image with revision and latest tags
uses: docker/build-push-action@v5
with:
build-args: |
RUBY_VERSION=3.2.3
REVISION=${{ github.sha }}
context: .
push: true
tags: |
${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ secrets.AWS_REGION }}.amazonaws.com/pipeline:${{ needs.prepare-to-run.outputs.image-tag }}
registry.heroku.com/ci-pipeline/app:${{ github.sha }}
deploy:
if: github.ref == 'refs/heads/${{ needs.prepare-to-run.outputs.default-branch }}'
needs:
- test
- prepare-to-run
- prepare-app-image
concurrency:
group: deploy-to-production-${{ github.ref }}
cancel-in-progress: false
runs-on: ubuntu-latest
steps:
- name: Checkout Pipeline repository
uses: actions/checkout@v4
with:
ref: ${{ needs.prepare-to-run.outputs.default-branch }}
fetch-depth: 0
- name: Checkout stack repository
uses: actions/checkout@v4
with:
repository: barsoom/stack
path: stack
token: ${{ secrets.STACK_TOKEN }}
sparse-checkout: |
applications/pipeline/values.yaml
script/ci/deploy.sh
script/ci/ensure_revision_is_newer_than_deployed_revision.sh
- name: Ensure revision is newer than deployed revision
run: stack/script/ci/ensure_revision_is_newer_than_deployed_revision.sh
- name: Update values.yaml with new image tag
run: |
NEW_TAG="${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ secrets.AWS_REGION }}.amazonaws.com/pipeline:sha-${{ github.sha }}"
sed -i "s|image:.*|image: $NEW_TAG|g" stack/applications/pipeline/values.yaml
- name: Deploy to Stack
run: stack/script/ci/deploy.sh
- name: Deploy to Heroku
env:
HEROKU_REGISTRY_TOKEN: ${{ secrets.HEROKU_REGISTRY_TOKEN }}
run: script/ci/pipeline.sh deploy_production "script/ci/deploy_from_github_actions.sh ci-pipeline ${{ github.sha }}"