-
Notifications
You must be signed in to change notification settings - Fork 5
134 lines (116 loc) · 4.03 KB
/
update_models.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
name: Update models
on:
push:
branches:
- main
paths:
- 'models/**'
workflow_dispatch:
inputs:
environment:
description: 'Create or update models on environment'
required: true
type: environment
default: 'Stage'
jobs:
setup-check:
runs-on: ubuntu-latest
environment: ${{ inputs.environment || 'Production' }}
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Check environment variables
uses: ./.github/actions/setup-check
with:
deploy_host: ${{ secrets.DEPLOY_HOST }}
deploy_user: ${{ secrets.DEPLOY_USER }}
deploy_path: ${{ secrets.DEPLOY_PATH }}
deploy_key: ${{ secrets.DEPLOY_KEY }}
update-models:
runs-on: ubuntu-latest
needs: setup-check
environment: ${{ inputs.environment || 'Production' }}
permissions:
id-token: write
contents: read
env:
DEPLOY_HOST: ${{ secrets.DEPLOY_HOST }}
DEPLOY_USER: ${{ secrets.DEPLOY_USER }}
DEPLOY_PATH: ${{ secrets.DEPLOY_PATH }}
AWS_ENABLED: ${{ secrets.AWS_ACCOUNT != '' && secrets.AWS_REGION != '' && secrets.AWS_SECURITY_GROUP != '' }}
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Configure AWS credentials
if: ${{ env.AWS_ENABLED == 'true' }}
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{ secrets.AWS_REGION }}
role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT }}:role/MOT-SSH
- name: Get runners public IP address
if: ${{ env.AWS_ENABLED == 'true' }}
id: ip
uses: haythem/[email protected]
- name: Authorize IP address
if: ${{ env.AWS_ENABLED == 'true' }}
id: auth-ip
uses: ./.github/actions/authorize-ip
with:
ip: ${{ steps.ip.outputs.ipv4 }}
sgid: ${{ secrets.AWS_SECURITY_GROUP }}
- name: Start ssh-agent and add key
uses: webfactory/[email protected]
with:
ssh-private-key: ${{ secrets.DEPLOY_KEY }}
- name: Add server to known hosts
run: ssh-keyscan -H $DEPLOY_HOST >> ~/.ssh/known_hosts
- name: Check for model changes on push
if: ${{ github.event_name == 'push' }}
run: |
git fetch origin main
git diff \
--name-only \
--diff-filter=AM origin/main...${{ github.sha }} | \
grep '^models/.*\.yml$' > models.txt || true
- name: Check for model changes on workflow_dispatch
if: ${{ github.event_name == 'workflow_dispatch' }}
run: |
git fetch origin ${{ github.ref_name }}
mkdir tmp
rsync -az \
--include="*.yml" \
--exclude="*" \
$DEPLOY_USER@$DEPLOY_HOST:$DEPLOY_PATH/models/ ./tmp/
find tmp/ -maxdepth 1 -type f | while read -r file; do
basefile=$(basename "$file")
if [ -f "models/$basefile" ]; then
git diff --name-only --no-index "$file" "models/$basefile" || true
fi
done > models.txt
rm -rf tmp
- name: Set model sync trigger
id: model_check
run: |
echo "sync=$([ -s models.txt ] && echo true || echo false)" >> $GITHUB_ENV
- name: Sync models
if: ${{ env.sync == 'true' }}
run: |
rsync -az \
--files-from=models.txt \
./ $DEPLOY_USER@$DEPLOY_HOST:$DEPLOY_PATH/
ssh $DEPLOY_USER@$DEPLOY_HOST << EOF
cd $DEPLOY_PATH
./vendor/bin/drush scr scripts/sync_models.php
./vendor/bin/drush cr
EOF
- name: No changes
if: ${{ env.sync == 'false' }}
run: echo "No model changes detected. Skipping"
- name: Revoke IP address
if: ${{ steps.auth-ip.outcome == 'success' }}
uses: ./.github/actions/revoke-ip
with:
ip: ${{ steps.ip.outputs.ipv4 }}
sgid: ${{ secrets.AWS_SECURITY_GROUP }}