Update dependency puma to v6.4.2 [SECURITY] - autoclosed #1921
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: build and deploy staging | |
on: | |
pull_request: | |
paths-ignore: | |
- 'CHANGELOG.md' | |
- 'README.md' | |
branches: [master] | |
types: | |
- opened | |
- reopened | |
- synchronize | |
- ready_for_review | |
- unlocked | |
jobs: | |
build: | |
if: github.event.pull_request.draft == false | |
runs-on: ubuntu-20.04 | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Set image tag | |
run: | | |
SHORT_SHA=$(echo $GITHUB_SHA | cut -c 1-7) #pr-s test commit of merged state | |
echo "TAG=ghcr.io/internetee/auction_center:RC-$SHORT_SHA" >> $GITHUB_ENV | |
echo "STATIC_TAG=ghcr.io/internetee/auction_center:STATIC_RC-$SHORT_SHA" >> $GITHUB_ENV | |
echo "REGISTRY_TAG=ghcr.io/internetee/auction_center:REGISTRY_RC-$SHORT_SHA" >> $GITHUB_ENV | |
echo "SHORT_TAG=RC-$SHORT_SHA" >> $GITHUB_ENV | |
- name: Set config files for build | |
run: | | |
cp config/customization.yml.sample config/customization.yml | |
cp config/database.yml.sample config/database.yml | |
ls -l config/ | |
- name: Build rails image | |
env: | |
KEY_BASE: ${{ secrets.KEY_BASE}} | |
run: | | |
docker build -t $TAG --build-arg RAILS_ENV=staging --build-arg SECRET_KEY_BASE="$KEY_BASE" -f Dockerfile.generic . | |
# - name: Build static content image | |
# env: | |
# PASSWORD: ${{ secrets.GHCR }} | |
# run: | | |
# echo $PASSWORD | docker login ghcr.io -u eisbot --password-stdin | |
# docker create -ti --name rails $TAG bash | |
# docker cp rails:/opt/webapps/app/public/ ./public/ | |
# docker build -t $STATIC_TAG -f Dockerfile.generic-static . | |
# - name: Clone registry project | |
# run: | | |
# git clone https://github.com/internetee/registry.git | |
# - name: Build registry image | |
# env: | |
# KEY_BASE: ${{ secrets.KEY_BASE}} | |
# ST_APP: ${{ secrets.ST_REGISTRY_APPLICATION_YML}} | |
# run: | | |
# cd registry | |
# mkdir log | |
# echo $ST_APP | base64 -di > config/application.yml | |
# cp config/database.yml.sample config/database.yml | |
# sed -i -e 's/LABEL org.opencontainers.image.source=https:\/\/github.com\/internetee\/registry/LABEL org.opencontainers.image.source=https:\/\/github.com\/internetee\/auction_center/' Dockerfile.preinstalled_gems | |
# docker build -t $REGISTRY_TAG --build-arg RAILS_ENV=staging --build-arg SECRET_KEY_BASE="$KEY_BASE" -f Dockerfile.preinstalled_gems . | |
# - name: Push Docker images to gh container registry | |
# run: | | |
# docker push $TAG | |
# docker push $STATIC_TAG | |
# docker push $REGISTRY_TAG | |
# - name: Get pull request reference number | |
# run: | | |
# echo "$GITHUB_REF" | |
# echo "PR_REF=$(cat /home/runner/work/_temp/_github_workflow/event.json | jq -r '.number')" >> $GITHUB_ENV | |
# echo $(cat /home/runner/work/_temp/_github_workflow/event.json | jq -r '.number') | |
# - name: Get repo name | |
# run: | | |
# OIFS=$IFS | |
# IFS='/' | |
# read -a parts <<< "$GITHUB_REPOSITORY" | |
# IFS=OIFS | |
# echo "REPO=${parts[1]}" >> $GITHUB_ENV | |
# - name: Set deploy config | |
# env: | |
# OVPN: ${{ secrets.OVPN }} | |
# VPN_PWD: ${{ secrets.VPN_PWD }} | |
# P12: ${{ secrets.P12 }} | |
# K_CONFIG: ${{ secrets.KUBE_CONFIG }} | |
# SSH_KEY: ${{ secrets.EISBOT_SSH_KEY }} | |
# run: | | |
# echo $VPN_PWD | base64 -di > client.pwd | |
# chmod 0600 client.pwd | |
# echo $OVPN | base64 -di > config.ovpn | |
# echo $P12 | base64 -di > cert.p12 | |
# mkdir -p ~/.ssh | |
# echo $SSH_KEY | base64 -di > ~/.ssh/key | |
# chmod 0600 ~/.ssh/key | |
# mkdir -p $REPO/$PR_REF | |
# cd $REPO/$PR_REF | |
# echo "$SHORT_SHA" > TAG | |
# echo $K_CONFIG | base64 -di > kubeconfig | |
# chmod 0600 kubeconfig | |
# - name: Install Open VPN | |
# run: sudo apt-get install openvpn | |
# - name: Deploy from remote server | |
# timeout-minutes: 5 | |
# run: | | |
# sudo openvpn --config config.ovpn --askpass client.pwd --auth-nocache --daemon& | |
# sleep 15 | |
# ping -c 1 192.168.99.12 | |
# eval `ssh-agent` | |
# touch ~/.ssh/known_hosts | |
# ssh-add ~/.ssh/key | |
# ssh-keyscan 192.168.99.12 > ~/.ssh/known_hosts | |
# rsync -av "$REPO" [email protected]:/home/runner/ | |
# ssh -T [email protected] << EOSSH | |
# bash | |
# cd "$REPO"/"$PR_REF" | |
# export KUBECONFIG=./kubeconfig | |
# helm repo add eisrepo https://internetee.github.io/helm-charts/ | |
# helm repo update | |
# helm upgrade --install auction-st-"$PR_REF" --set image.tag="$SHORT_TAG",reference="$PR_REF",scheduler.enabled="true" eisrepo/auction -n auction | |
# helm upgrade --install auction-reg-api-"$PR_REF" --set nameOverride="reg-api-auction",image.repository="ghcr.io/internetee/auction_center",image.tag="REGISTRY_"$SHORT_TAG"",reference="$PR_REF" eisrepo/registry-api -n reg-api | |
# rm kubeconfig | |
# echo "server obs.tld.ee | |
# zone pilv.tld.ee | |
# update add auction-"$PR_REF".pilv.tld.ee. 3600 CNAME riigi.pilv.tld.ee. | |
# update add reg-api-auction-"$PR_REF".pilv.tld.ee. 3600 CNAME riigi.pilv.tld.ee. | |
# send | |
# " | nsupdate -k ~/Kgh-runner.infra.tld.ee.+165+27011.key | |
# if [ "$?" -eq "0" ]; then | |
# echo "CNAME update success" | |
# else | |
# echo "CNAME update failed" | |
# fi | |
# EOSSH | |
# - name: Notify developers | |
# timeout-minutes: 1 | |
# env: | |
# NOTIFICATION_URL: ${{ secrets.NOTIFICATION_URL}} | |
# run: | | |
# curl -i -X POST --data-urlencode 'payload={ | |
# "text": "##### Build and deploy from pull request has been succesful :tada:\n | |
# | Project | Branch | :net: | | |
# |:-----------|:----------------------:|:------------------------------------------:| | |
# | **'$REPO'**|'${{ github.head_ref }}'| https://auction-'$PR_REF'.pilv.tld.ee | | |
# " | |
# }' $NOTIFICATION_URL | |