Skip to content

Commit

Permalink
Merge pull request #573 from ayuki-joto/refactor/actions
Browse files Browse the repository at this point in the history 
Refactor/actions
  • Loading branch information
@ayuki-joto
ayuki-joto authored Nov 9, 2023
2 parents 1a75b15 + aa1a665 commit c639b32
Show file tree
Hide file tree
Showing 10 changed files with 390 additions and 308 deletions.
56 changes: 56 additions & 0 deletions .github/workflows/_build.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
name: build image

on:
workflow_call:
inputs:
image-tags:
type: string
required: true
description: "comma separated container image tags"
role-to-assume:
description: "role arn to be assumed"
default: 'arn:aws:iam::887442827229:role/GithubActions_decidim-cfj-cdk-deploy'
type: string
required: false
deploy-env:
type: string
required: false
description: "target environment"
default: staging

jobs:
build:
name: Build
runs-on: ubuntu-latest
steps:
- name: Checkout Repo
uses: actions/checkout@v3

- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-region: "ap-northeast-1"
role-duration-seconds: 1200
role-to-assume: "${{ inputs.role-to-assume }}"

- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1

- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v1

- name: Docker Build
uses: docker/build-push-action@v3
with:
push: true
builder: ${{ steps.buildx.outputs.name }}
tags: ${{ steps.login-ecr.outputs.registry }}/${{ secrets.AWS_ECR_REPO_NAME }}:${{ inputs.deploy-env }}-${{ inputs.image-tags }}
file: ./Dockerfile
context: ./
cache-from: type=gha
cache-to: type=gha,mode=max



119 changes: 119 additions & 0 deletions .github/workflows/_check.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,119 @@
name: Check

on:
workflow_call:
inputs:
ruby-version:
type: string
required: false
default: 3.0.6

jobs:
rubocop:
name: Rubocop
permissions:
actions: write
contents: read
id-token: write
runs-on: ubuntu-latest
steps:
- name: Checkout Repo
uses: actions/checkout@v3

- uses: ruby/setup-ruby@v1
with:
ruby-version: ${{ inputs.ruby-version }}
bundler-cache: true

- name: Lint by RuboCop
run: |
bundle exec rubocop --parallel
unittest:
name: Unit Test
runs-on: ubuntu-latest
env:
DATABASE_HOST: 127.0.0.1
DATABASE_PORT: 5432
DATABASE_USERNAME: postgres
DATABASE_PASSWORD: postgres
RAILS_ENV: test
IMAGEMAGICK_SRC: 7.1.0-50.tar.gz
SLACK_API_TOKEN: xoxb-dummy
SLACK_MESSAGE_CHANNEL: '#test'
services:
db:
image: postgres:12.14
ports:
- 5432:5432
env:
POSTGRES_USER: postgres
POSTGRES_PASSWORD: postgres
options: >-
--health-cmd pg_isready
--health-interval 10s
--health-timeout 5s
--health-retries 5
redis:
image: redis
ports:
- 6379/tcp
steps:
- name: Checkout Repo
uses: actions/checkout@v3

- name: apt-get
run: |
sudo apt-get update -y
sudo apt-get -yqq install libpq-dev postgresql-client libfuse2
- name: check imagemagick
run: |
export PATH=${GITHUB_WORKSPACE}/vendor/imagemagick7/bin:${PATH}
which convert
convert -version
- name: Set up Ruby 3.0.6
uses: ruby/setup-ruby@v1
with:
ruby-version: 3.0.6
bundler-cache: true

- name: setup Node
uses: actions/setup-node@v3
with:
node-version: 16.13.0
cache: 'yarn'

- name: install yarn
run: |
npm i -g [email protected]
yarn install --frozen-lockfile
- name: create assets precompile cache key
run: |
# use newest commit hash of precompile target files
git rev-parse $(git log --oneline -n 1 app/packs lib/assets Gemfile.lock yarn.lock | awk '{print $1}') > ASSETS_VERSION
- name: asset cache
uses: actions/cache@v3
with:
path: |
public/packs
public/assets
tmp/cache/assets
public/packs-test
key: asset-precompile-cache-${{ hashFiles('ASSETS_VERSION') }}
restore-keys: |
asset-precompile-cache-${{ hashFiles('ASSETS_VERSION') }}
asset-precompile-cache-
- name: Migrate DB
run: |
bundle exec rails db:create db:migrate
- name: Precompile assets
run: bundle exec rails assets:precompile
- name: Test with RSpec
run: |
bundle exec rails spec
95 changes: 95 additions & 0 deletions .github/workflows/_deploy.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,95 @@
name: Deploy to ecs

on:
workflow_call:
inputs:
role-to-assume:
type: string
required: false
default: arn:aws:iam::887442827229:role/GithubActions_decidim-cfj-cdk-deploy
image-tag:
type: string
required: true
deploy-env:
type: string
required: false
description: "target environment"
default: staging

permissions:
actions: write
contents: read
id-token: write

jobs:
deploy:
name: aws cdk
runs-on: ubuntu-latest
timeout-minutes: 1800
steps:
- uses: actions/checkout@v3

- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v1
with:
role-to-assume: ${{ inputs.role-to-assume }}
aws-region: ap-northeast-1

- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1

- name: Check if ECR Image exists with tag
if: contains(github.ref, 'tags/v')
env:
IMAGE_TAG: ${{ inputs.image-tag }}
ECR_REPOSITORY: ${{ secrets.AWS_ECR_REPO_NAME }}
run: |
EXIT_CODE=0
aws ecr describe-images --repository-name=$ECR_REPOSITORY --image-ids=imageTag=$IMAGE_TAG 2> /dev/null || EXIT_CODE=$?
if [[ $EXIT_CODE != 0 ]]; then
echo "${IMAGE_TAG} image tag not found"
exit 1
fi
- name: Checkout decidim-cfj cdk
uses: actions/checkout@v3
with:
repository: codeforjapan/decidim-cfj-cdk
path: decidim-cfj-cdk

- name: Setup Node
uses: actions/setup-node@v1
with:
node-version: '18'

- name: Cache node modules
id: cache-npm
uses: actions/cache@v3
env:
cache-name: cache-node-modules
with:
# npm cache files are stored in `~/.npm` on Linux/macOS
path: ~/.npm
key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('**/yarn.lock') }}
restore-keys: |
${{ runner.os }}-build-${{ env.cache-name }}-
${{ runner.os }}-build-
${{ runner.os }}-
- name: Install dependencies
run: npm install
working-directory: decidim-cfj-cdk

- name: Install dependencies
run: npm install -g aws-cdk
working-directory: decidim-cfj-cdk

- name: cdk deploy
run: cdk -c stage=$DEPLOY_ENV -c tag=$IMAGE_TAG deploy --all --require-approval never
working-directory: decidim-cfj-cdk
env:
AWS_DEFAULT_REGION: 'ap-northeast-1'
DEPLOY_ENV: ${{ inputs.deploy-env }}
IMAGE_TAG: ${{ inputs.deploy-env }}-${{ inputs.image-tag }}
35 changes: 35 additions & 0 deletions .github/workflows/_release.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
name: Release

permissions: write-all

on:
workflow_call:
outputs:
tag_name:
description: image tag name
value: ${{ jobs.release.outputs.tag_name }}
created:
description: whether release is created or not
value: ${{ jobs.release.outputs.created }}

jobs:
release:
name: Release Please
runs-on: ubuntu-latest
outputs:
created: ${{ steps.release.outputs.release_created }}
tag_name: ${{ env.IMAGE_TAG }}
steps:
- uses: google-github-actions/release-please-action@v3
id: release
with:
release-type: ruby
- name: Export Released Version for Image Tag
if: ${{ steps.release.outputs.release_created }}
run: |
echo "IMAGE_TAG=${{ steps.release.outputs.tag_name }}" >> $GITHUB_ENV
- name: Export Commit SHA for Image Tag
if: ${{ !steps.release.outputs.release_created }}
run: |
sha=$(echo "${{ github.sha }}" | cut -c1-7)
echo "IMAGE_TAG=$sha" >> $GITHUB_ENV
12 changes: 12 additions & 0 deletions .github/workflows/branch.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
name: Pull request Check & test

permissions: write-all

on:
pull_request:
types: [opened, synchronize, reopened]

jobs:
check:
name: Check
uses: ./.github/workflows/_check.yaml
Loading

0 comments on commit c639b32

Please sign in to comment.