forked from IntersectMBO/govtool
-
Notifications
You must be signed in to change notification settings - Fork 0
186 lines (160 loc) · 6.54 KB
/
merge.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
name: Check,Build,Deploy
on:
push:
branches:
- develop
- test
- staging
- main
permissions:
contents: write
pull-requests: write
packages: write
env:
ENVIRONMENT: ${{ (github.ref_name == 'main' && 'prod-govtool') || (github.ref_name == 'staging' && 'pre-prod-govtool') || (github.ref_name == 'test' && 'qa-govtool') || (github.ref_name == 'develop' && 'dev-govtool') }}
jobs:
check-build-deploy:
environment: ${{ (github.ref_name == 'main' && 'prod-govtool') || (github.ref_name == 'staging' && 'pre-prod-govtool') || (github.ref_name == 'test' && 'qa-govtool') || (github.ref_name == 'develop' && 'dev-govtool') }}
strategy:
matrix:
include:
- workdir: ./govtool/backend
name: govtool-backend
dockerfile: ./govtool/backend/Dockerfile.qovery
image: ghcr.io/${{ github.repository }}-govtool-backend
qovery_container_name: govtool-backend
- workdir: ./govtool/frontend
name: govtool-frontend
dockerfile: ./govtool/frontend/Dockerfile.qovery
image: ghcr.io/${{ github.repository }}-govtool-frontend
qovery_container_name: govtool-frontend
- workdir: ./govtool/metadata-validation
name: govtool-metadata-validation
dockerfile: ./govtool/metadata-validation/Dockerfile
image: ghcr.io/${{ github.repository }}-govtool-metadata-validation
qovery_container_name: govtool-metadata-validation
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Set TAG Environment Variable
id: set_tag
run: |
if [ "${{ github.ref_name }}" = "main" ]; then
echo "TAG=${{ github.sha }}" >> $GITHUB_ENV
else
echo "TAG=${{ github.ref_name }}-${{ github.sha }}" >> $GITHUB_ENV
fi
- name: Lint Dockerfile
id: hadolint
uses: hadolint/[email protected]
with:
failure-threshold: error
format: json
dockerfile: ${{ matrix.dockerfile }}
# output-file: hadolint_output.json
- name: Save Hadolint output
id: save_hadolint_output
if: always()
run: cd ${{ matrix.workdir }} && echo "$HADOLINT_RESULTS" | jq '.' > hadolint_output.json
- name: Print Dockerfile lint output
run: |
cd ${{ matrix.workdir }}
echo "-----HADOLINT RESULT-----"
echo "Outcome: ${{ steps.hadolint.outcome }}"
echo "-----DETAILS--------"
cat hadolint_output.json
echo "--------------------"
- name: Code lint
id: code_lint
run: |
cd ${{ matrix.workdir }}
if [ ! -f lint.sh ]; then
echo "lint skipped" | tee code_lint_output.txt
exit 0
fi
set -o pipefail
sudo chmod +x lint.sh && ./lint.sh 2>&1 | tee code_lint_output.txt
- name: Unit tests
id: unit_tests
run: |
cd ${{ matrix.workdir }}
if [ ! -f unit-test.sh ]; then
echo "unit tests skipped" | tee code_lint_output.txt
exit 0
fi
set -o pipefail
sudo chmod +x unit-test.sh && ./unit-test.sh 2>&1 | tee unit_test_output.txt
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Cache Docker layers
uses: actions/cache@v3
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ github.sha }}
restore-keys: |
${{ runner.os }}-buildx-
- id: image_lowercase
uses: ASzc/change-string-case-action@v6
with:
string: ${{ matrix.image }}
- name: Build Docker image
uses: docker/build-push-action@v5
with:
context: ${{ matrix.workdir }}
file: ${{ matrix.dockerfile }}
tags: ${{ steps.image_lowercase.outputs.lowercase }}:${{ env.TAG }}
load: true
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache
build-args: |
VITE_APP_ENV=${{ secrets.VITE_APP_ENV }}
VITE_BASE_URL=${{ secrets.VITE_BASE_URL }}
VITE_METADATA_API_URL=${{ secrets.VITE_METADATA_API_URL }}
VITE_GTM_ID=${{ secrets.VITE_GTM_ID }}
VITE_NETWORK_FLAG=${{ secrets.VITE_NETWORK_FLAG }}
VITE_SENTRY_DSN=${{ secrets.VITE_SENTRY_DSN }}
NPMRC_TOKEN=${{ secrets.NPMRC_TOKEN }}
VITE_USERSNAP_SPACE_API_KEY=${{ secrets.VITE_USERSNAP_SPACE_API_KEY }}
VITE_IS_PROPOSAL_DISCUSSION_FORUM_ENABLED=${{ secrets.VITE_IS_PROPOSAL_DISCUSSION_FORUM_ENABLED }}
VITE_PDF_API_URL=${{ secrets.VITE_PDF_API_URL }}
- name: Login to GHCR
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Scan Docker image with Dockle
id: dockle
run: |
wget https://github.com/goodwithtech/dockle/releases/download/v0.4.14/dockle_0.4.14_Linux-64bit.tar.gz
tar zxvf dockle_0.4.14_Linux-64bit.tar.gz
sudo mv dockle /usr/local/bin
dockle --exit-level fatal --format json --output ${{ matrix.workdir }}/dockle_scan_output.json ${{ steps.image_lowercase.outputs.lowercase }}:${{ env.TAG }}
echo " dockle exited w/ $?"
cat ${{ matrix.workdir }}/dockle_scan_output.json
echo "outcome=success" >> $GITHUB_OUTPUT
- name: Push Docker image to GHCR
run: |
docker push ${{ steps.image_lowercase.outputs.lowercase }}:${{ env.TAG }}
- name: Deploy with Qovery
if: github.ref == 'refs/heads/develop'
env:
QOVERY_CLI_ACCESS_TOKEN: ${{secrets.QOVERY_CLI_ACCESS_TOKEN }}
run: |
echo "Deploying on $ENVIRONMENT"
echo "Organization - ${{ vars.ORGANIZATION }}"
echo "Project - ${{ vars.PROJECT }}"
# Download and install Qovery CLI
curl -s https://get.qovery.com | bash
qovery container list \
--organization ${{ vars.ORGANIZATION }} \
--project ${{ vars.PROJECT }} \
--environment $ENVIRONMENT
qovery container deploy \
--organization ${{ vars.ORGANIZATION }} \
--project ${{ vars.PROJECT }} \
--environment $ENVIRONMENT \
--container ${{ matrix.qovery_container_name }} \
--tag ${{ env.TAG }} \
--watch