Merge pull request #23 from lehors/unlicensed #4
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Update models | |
| on: | |
| push: | |
| branches: | |
| - main | |
| paths: | |
| - 'models/**' | |
| workflow_dispatch: | |
| inputs: | |
| environment: | |
| description: 'Create or update models on environment' | |
| required: true | |
| type: environment | |
| default: 'Stage' | |
| jobs: | |
| setup-check: | |
| runs-on: ubuntu-latest | |
| environment: ${{ inputs.environment || 'Production' }} | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Check environment variables | |
| uses: ./.github/actions/setup-check | |
| with: | |
| deploy_host: ${{ secrets.DEPLOY_HOST }} | |
| deploy_user: ${{ secrets.DEPLOY_USER }} | |
| deploy_path: ${{ secrets.DEPLOY_PATH }} | |
| deploy_key: ${{ secrets.DEPLOY_KEY }} | |
| update-models: | |
| runs-on: ubuntu-latest | |
| needs: setup-check | |
| environment: ${{ inputs.environment || 'Production' }} | |
| permissions: | |
| id-token: write | |
| contents: read | |
| env: | |
| DEPLOY_HOST: ${{ secrets.DEPLOY_HOST }} | |
| DEPLOY_USER: ${{ secrets.DEPLOY_USER }} | |
| DEPLOY_PATH: ${{ secrets.DEPLOY_PATH }} | |
| AWS_ENABLED: ${{ secrets.AWS_ACCOUNT != '' && secrets.AWS_REGION != '' && secrets.AWS_SECURITY_GROUP != '' }} | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Configure AWS credentials | |
| if: ${{ env.AWS_ENABLED == 'true' }} | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-region: ${{ secrets.AWS_REGION }} | |
| role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT }}:role/MOT-SSH | |
| - name: Get runners public IP address | |
| if: ${{ env.AWS_ENABLED == 'true' }} | |
| id: ip | |
| uses: haythem/[email protected] | |
| - name: Authorize IP address | |
| if: ${{ env.AWS_ENABLED == 'true' }} | |
| id: auth-ip | |
| uses: ./.github/actions/authorize-ip | |
| with: | |
| ip: ${{ steps.ip.outputs.ipv4 }} | |
| sgid: ${{ secrets.AWS_SECURITY_GROUP }} | |
| - name: Start ssh-agent and add key | |
| uses: webfactory/[email protected] | |
| with: | |
| ssh-private-key: ${{ secrets.DEPLOY_KEY }} | |
| - name: Add server to known hosts | |
| run: ssh-keyscan -H $DEPLOY_HOST >> ~/.ssh/known_hosts | |
| - name: Check for model changes on push | |
| if: ${{ github.event_name == 'push' }} | |
| run: | | |
| git fetch origin main | |
| git diff \ | |
| --name-only \ | |
| --diff-filter=AM origin/main...${{ github.sha }} | \ | |
| grep '^models/.*\.yml$' > models.txt || true | |
| - name: Check for model changes on workflow_dispatch | |
| if: ${{ github.event_name == 'workflow_dispatch' }} | |
| run: | | |
| git fetch origin ${{ github.ref_name }} | |
| mkdir tmp | |
| rsync -az \ | |
| --include="*.yml" \ | |
| --exclude="*" \ | |
| $DEPLOY_USER@$DEPLOY_HOST:$DEPLOY_PATH/models/ ./tmp/ | |
| find tmp/ -maxdepth 1 -type f | while read -r file; do | |
| basefile=$(basename "$file") | |
| if [ -f "models/$basefile" ]; then | |
| git diff --name-only --no-index "$file" "models/$basefile" || true | |
| fi | |
| done > models.txt | |
| rm -rf tmp | |
| - name: Set model sync trigger | |
| id: model_check | |
| run: | | |
| echo "sync=$([ -s models.txt ] && echo true || echo false)" >> $GITHUB_ENV | |
| - name: Sync models | |
| if: ${{ env.sync == 'true' }} | |
| run: | | |
| rsync -az \ | |
| --files-from=models.txt \ | |
| ./ $DEPLOY_USER@$DEPLOY_HOST:$DEPLOY_PATH/ | |
| ssh $DEPLOY_USER@$DEPLOY_HOST << EOF | |
| cd $DEPLOY_PATH | |
| ./vendor/bin/drush scr scripts/sync_models.php | |
| ./vendor/bin/drush cr | |
| EOF | |
| - name: No changes | |
| if: ${{ env.sync == 'false' }} | |
| run: echo "No model changes detected. Skipping" | |
| - name: Revoke IP address | |
| if: ${{ steps.auth-ip.outcome == 'success' }} | |
| uses: ./.github/actions/revoke-ip | |
| with: | |
| ip: ${{ steps.ip.outputs.ipv4 }} | |
| sgid: ${{ secrets.AWS_SECURITY_GROUP }} |