Merge pull request #117 from shuymn/renovate/toucan-js-3.x #93
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy | |
| on: | |
| push: | |
| branches: | |
| - main | |
| paths-ignore: | |
| - '.github/workflows/**' | |
| - '!.github/workflows/deploy.yml' | |
| - '*.md' | |
| - 'docs/**' | |
| - 'renovate.json' | |
| repository_dispatch: | |
| jobs: | |
| deploy: | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 60 | |
| env: | |
| NO_D1_WARNING: true | |
| steps: | |
| - name: Ensure CF_DEPLOY_DOMAIN and CF_ZONE_ID are defined | |
| run: | | |
| if [ -z "$CF_ZONE_ID" ] | |
| then | |
| echo "CF_ZONE_ID not defined" | |
| exit 1 | |
| fi | |
| if [ -z "$CF_DEPLOY_DOMAIN" ] | |
| then | |
| echo "CF_DEPLOY_DOMAIN not defined" | |
| exit 1 | |
| fi | |
| env: | |
| CF_ZONE_ID: ${{ vars.CF_ZONE_ID }} | |
| CF_DEPLOY_DOMAIN: ${{ vars.CF_DEPLOY_DOMAIN }} | |
| # this is needed to get the lowercase version of the repository_owner name | |
| # and being able to override the suffix when mutliple instances are hosted | |
| # by the same GitHub account. | |
| - name: Set name suffix | |
| run: | | |
| if [ -z "$OVERRIDE_NAME_SUFFIX" ] | |
| then | |
| echo $GH_OWNER | awk '{ print "NAME_SUFFIX=" tolower($0) }' >> ${GITHUB_ENV} | |
| else | |
| echo $OVERRIDE_NAME_SUFFIX | awk '{ print "NAME_SUFFIX=" tolower($0) }' >> ${GITHUB_ENV} | |
| fi | |
| env: | |
| GH_OWNER: ${{ github.repository_owner }} | |
| OVERRIDE_NAME_SUFFIX: ${{ vars.OVERRIDE_NAME_SUFFIX }} | |
| - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3 | |
| - uses: hashicorp/setup-terraform@633666f66e0061ca3b725c73b2ec20cd13a8fdd1 # v2 | |
| - name: Install package | |
| run: | | |
| sudo apt-get -y install jq | |
| - name: Setup node.js | |
| uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3 | |
| with: | |
| node-version: 18 | |
| - name: Configure Cloudflare Images variants | |
| run: | | |
| curl -XPOST https://api.cloudflare.com/client/v4/accounts/${{ secrets.CF_ACCOUNT_ID }}/images/v1/variants \ | |
| -d '{ | |
| "id": "avatar", | |
| "options": { | |
| "metadata": "copyright", | |
| "width": 400, | |
| "height": 400 | |
| } | |
| }' \ | |
| -H 'Authorization: Bearer ${{ secrets.CF_API_TOKEN }}' | |
| curl -XPOST https://api.cloudflare.com/client/v4/accounts/${{ secrets.CF_ACCOUNT_ID }}/images/v1/variants \ | |
| -d '{ | |
| "id": "header", | |
| "options": { | |
| "metadata": "copyright", | |
| "width": 1500, | |
| "height": 500 | |
| } | |
| }' \ | |
| -H 'Authorization: Bearer ${{ secrets.CF_API_TOKEN }}' | |
| curl -XPOST https://api.cloudflare.com/client/v4/accounts/${{ secrets.CF_ACCOUNT_ID }}/images/v1/variants \ | |
| -d '{ | |
| "id": "usercontent", | |
| "options": { | |
| "metadata": "copyright" | |
| } | |
| }' \ | |
| -H 'Authorization: Bearer ${{ secrets.CF_API_TOKEN }}' | |
| - name: Create D1 database | |
| uses: cloudflare/wrangler-action@4c10c1822abba527d820b29e6333e7f5dac2cabd # 2.0.0 | |
| with: | |
| command: d1 create wildebeest-${{ env.NAME_SUFFIX }} | |
| apiToken: ${{ secrets.CF_API_TOKEN }} | |
| continue-on-error: true | |
| env: | |
| CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CF_ACCOUNT_ID }} | |
| - name: retrieve D1 database | |
| uses: cloudflare/wrangler-action@4c10c1822abba527d820b29e6333e7f5dac2cabd # 2.0.0 | |
| with: | |
| command: d1 list --json | jq -r '.[] | select(.name == "wildebeest-${{ env.NAME_SUFFIX }}") | .uuid' | awk '{print "d1_id="$1}' >> $GITHUB_ENV | |
| apiToken: ${{ secrets.CF_API_TOKEN }} | |
| preCommands: | | |
| echo "*** pre commands ***" | |
| apt-get update && apt-get -y install jq | |
| echo "******" | |
| env: | |
| CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CF_ACCOUNT_ID }} | |
| - name: migrate D1 database | |
| uses: cloudflare/wrangler-action@4c10c1822abba527d820b29e6333e7f5dac2cabd # 2.0.0 | |
| with: | |
| command: d1 migrations apply wildebeest-${{ env.NAME_SUFFIX }} | |
| apiToken: ${{ secrets.CF_API_TOKEN }} | |
| preCommands: | | |
| echo "*** pre commands ***" | |
| echo -e "[[d1_databases]]\nbinding=\"DATABASE\"\ndatabase_name=\"wildebeest-${{ env.NAME_SUFFIX }}\"\ndatabase_id=\"${{ env.d1_id }}\"" >> wrangler.toml | |
| echo "******" | |
| env: | |
| CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CF_ACCOUNT_ID }} | |
| - name: retrieve Zero Trust organization | |
| run: | | |
| auth_domain=$(curl https://api.cloudflare.com/client/v4/accounts/${{ secrets.CF_ACCOUNT_ID }}/access/organizations \ | |
| -H 'Authorization: Bearer ${{ secrets.CF_API_TOKEN }}' | jq -r '.result.auth_domain') | |
| printf "auth_domain=$auth_domain" >> $GITHUB_ENV | |
| - name: retrieve Terraform state KV namespace | |
| uses: cloudflare/wrangler-action@4c10c1822abba527d820b29e6333e7f5dac2cabd # 2.0.0 | |
| with: | |
| command: kv:namespace list | jq -r '.[] | select( .title == "wildebeest-terraform-${{ env.NAME_SUFFIX }}-state" ) | .id' | awk '{print "tfstate_kv="$1}' >> $GITHUB_ENV | |
| apiToken: ${{ secrets.CF_API_TOKEN }} | |
| preCommands: | | |
| echo "*** pre commands ***" | |
| apt-get update && apt-get -y install jq | |
| echo "******" | |
| env: | |
| CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CF_ACCOUNT_ID }} | |
| - name: Init | |
| run: terraform init | |
| working-directory: ./tf | |
| - name: download Terraform state | |
| uses: cloudflare/wrangler-action@4c10c1822abba527d820b29e6333e7f5dac2cabd # 2.0.0 | |
| with: | |
| command: kv:key get --namespace-id=${{ env.tfstate_kv }} terraform.tfstate > ./tf/terraform.tfstate | |
| postCommands: | | |
| echo "*** post commands ***" | |
| chmod 777 ./tf/terraform.tfstate | |
| echo "******" | |
| apiToken: ${{ secrets.CF_API_TOKEN }} | |
| env: | |
| CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CF_ACCOUNT_ID }} | |
| if: ${{ env.tfstate_kv != '' }} | |
| - name: download VAPID keys | |
| uses: cloudflare/wrangler-action@4c10c1822abba527d820b29e6333e7f5dac2cabd # 2.0.0 | |
| with: | |
| command: kv:key get --namespace-id=${{ env.tfstate_kv }} vapid_jwk | jq . > ./tf/vapid_jwk | |
| apiToken: ${{ secrets.CF_API_TOKEN }} | |
| preCommands: | | |
| echo "*** pre commands ***" | |
| apt-get update && apt-get -y install jq | |
| echo "******" | |
| env: | |
| CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CF_ACCOUNT_ID }} | |
| continue-on-error: true | |
| if: ${{ env.tfstate_kv != '' }} | |
| - name: generate VAPID keys if needed | |
| run: | | |
| sudo chmod 777 ./tf/vapid_jwk || true | |
| if [ ! -s ./tf/vapid_jwk ] | |
| then | |
| node ./scripts/generate-vapid-keys.mjs > ./tf/vapid_jwk | |
| echo "VAPID keys generated" | |
| fi | |
| - name: Publish DO | |
| uses: cloudflare/wrangler-action@4c10c1822abba527d820b29e6333e7f5dac2cabd # 2.0.0 | |
| with: | |
| apiToken: ${{ secrets.CF_API_TOKEN }} | |
| command: publish --config do/wrangler.toml | |
| env: | |
| CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CF_ACCOUNT_ID }} | |
| - name: Retrieve DO namespace | |
| run: | | |
| curl https://api.cloudflare.com/client/v4/accounts/${{ secrets.CF_ACCOUNT_ID }}/workers/durable_objects/namespaces \ | |
| -H 'Authorization: Bearer ${{ secrets.CF_API_TOKEN }}' \ | |
| | jq -r '.result[] | select( .script == "wildebeest-do" ) | .id' | awk '{print "do_cache_id="$1}' >> $GITHUB_ENV | |
| - name: Configure | |
| run: terraform plan && terraform apply -auto-approve | |
| working-directory: ./tf | |
| env: | |
| TF_VAR_cloudflare_account_id: ${{ secrets.CF_ACCOUNT_ID }} | |
| TF_VAR_cloudflare_api_token: ${{ secrets.CF_API_TOKEN }} | |
| TF_VAR_cloudflare_zone_id: ${{ vars.CF_ZONE_ID }} | |
| TF_VAR_cloudflare_deploy_domain: ${{ vars.CF_DEPLOY_DOMAIN }} | |
| TF_VAR_name_suffix: ${{ env.NAME_SUFFIX }} | |
| TF_VAR_d1_id: ${{ env.d1_id }} | |
| TF_VAR_do_cache_id: ${{ env.do_cache_id }} | |
| TF_VAR_access_auth_domain: ${{ env.auth_domain }} | |
| TF_VAR_wd_instance_title: ${{ vars.INSTANCE_TITLE }} | |
| TF_VAR_wd_admin_email: ${{ vars.ADMIN_EMAIL }} | |
| TF_VAR_wd_instance_description: ${{ vars.INSTANCE_DESCR }} | |
| TF_VAR_sentry_dsn: ${{ secrets.SENTRY_DSN }} | |
| TF_VAR_sentry_access_client_id: ${{ secrets.SENTRY_ACCESS_CLIENT_ID }} | |
| TF_VAR_sentry_access_client_secret: ${{ secrets.SENTRY_ACCESS_CLIENT_SECRET }} | |
| - name: retrieve Terraform state KV namespace | |
| uses: cloudflare/wrangler-action@4c10c1822abba527d820b29e6333e7f5dac2cabd # 2.0.0 | |
| with: | |
| command: kv:namespace list | jq -r '.[] | select( .title == "wildebeest-terraform-${{ env.NAME_SUFFIX }}-state" ) | .id' | awk '{print "tfstate_kv="$1}' >> $GITHUB_ENV | |
| apiToken: ${{ secrets.CF_API_TOKEN }} | |
| preCommands: | | |
| echo "*** pre commands ***" | |
| apt-get update && apt-get -y install jq | |
| echo "******" | |
| env: | |
| CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CF_ACCOUNT_ID }} | |
| if: ${{ env.tfstate_kv == '' }} | |
| - name: store VAPID keys state | |
| uses: cloudflare/wrangler-action@4c10c1822abba527d820b29e6333e7f5dac2cabd # 2.0.0 | |
| with: | |
| command: kv:key put --namespace-id=${{ env.tfstate_kv }} vapid_jwk --path=./tf/vapid_jwk | |
| apiToken: ${{ secrets.CF_API_TOKEN }} | |
| env: | |
| CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CF_ACCOUNT_ID }} | |
| - name: store Terraform state | |
| uses: cloudflare/wrangler-action@4c10c1822abba527d820b29e6333e7f5dac2cabd # 2.0.0 | |
| with: | |
| command: kv:key put --namespace-id=${{ env.tfstate_kv }} terraform.tfstate --path=./tf/terraform.tfstate | |
| apiToken: ${{ secrets.CF_API_TOKEN }} | |
| env: | |
| CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CF_ACCOUNT_ID }} | |
| - name: Create Queue | |
| uses: cloudflare/wrangler-action@4c10c1822abba527d820b29e6333e7f5dac2cabd # 2.0.0 | |
| with: | |
| command: queues create wildebeest-${{ env.NAME_SUFFIX }} | |
| apiToken: ${{ secrets.CF_API_TOKEN }} | |
| continue-on-error: true | |
| env: | |
| CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CF_ACCOUNT_ID }} | |
| - name: Publish consumer | |
| uses: cloudflare/wrangler-action@4c10c1822abba527d820b29e6333e7f5dac2cabd # 2.0.0 | |
| with: | |
| apiToken: ${{ secrets.CF_API_TOKEN }} | |
| preCommands: | | |
| echo "*** pre commands ***" | |
| echo -e "name = \"wildebeest-consumer-${{ env.NAME_SUFFIX }}\"\n" >> consumer/wrangler.toml | |
| echo -e "[[queues.consumers]]\n" >> consumer/wrangler.toml | |
| echo -e "max_batch_size = 10\n" >> consumer/wrangler.toml | |
| echo -e "max_batch_timeout = 30\n" >> consumer/wrangler.toml | |
| echo -e "max_retries = 10\n" >> consumer/wrangler.toml | |
| echo -e "queue = \"wildebeest-${{ env.NAME_SUFFIX }}\"\n" >> consumer/wrangler.toml | |
| echo -e "[[d1_databases]]\nbinding=\"DATABASE\"\ndatabase_name=\"wildebeest-${{ env.NAME_SUFFIX }}\"\ndatabase_id=\"${{ env.d1_id }}\"\n" >> consumer/wrangler.toml | |
| echo -e "[durable_objects]\n" >> consumer/wrangler.toml | |
| echo -e "bindings=[" >> consumer/wrangler.toml | |
| echo -e "{name=\"DO_CACHE\",class_name=\"WildebeestCache\",script_name=\"wildebeest-do\"}," >> consumer/wrangler.toml | |
| echo -e "]" >> consumer/wrangler.toml | |
| echo -e "[vars]\n" >> consumer/wrangler.toml | |
| echo -e "DOMAIN=\"${{ vars.CF_DEPLOY_DOMAIN }}\"\n" >> consumer/wrangler.toml | |
| echo -e "ADMIN_EMAIL=\"${{ vars.ADMIN_EMAIL }}\"\n" >> consumer/wrangler.toml | |
| corepack pnpm install | |
| corepack pnpm --dir consumer install | |
| echo "******" | |
| command: publish --config consumer/wrangler.toml | |
| env: | |
| CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CF_ACCOUNT_ID }} | |
| - name: add Queue producer to Pages | |
| run: | | |
| curl https://api.cloudflare.com/client/v4/accounts/${{ secrets.CF_ACCOUNT_ID }}/pages/projects/wildebeest-${{ env.NAME_SUFFIX }} \ | |
| -XPATCH \ | |
| -H 'Authorization: Bearer ${{ secrets.CF_API_TOKEN }}' \ | |
| -d '{ | |
| "deployment_configs": { | |
| "production": { | |
| "queue_producers": { | |
| "QUEUE": { | |
| "name": "wildebeest-${{ env.NAME_SUFFIX }}" | |
| } | |
| } | |
| } | |
| } | |
| }' > /dev/null | |
| - name: Publish | |
| uses: cloudflare/wrangler-action@4c10c1822abba527d820b29e6333e7f5dac2cabd # 2.0.0 | |
| with: | |
| apiToken: ${{ secrets.CF_API_TOKEN }} | |
| preCommands: | | |
| echo "*** pre commands ***" | |
| # setup pnpm | |
| corepack enable | |
| # generate package-lock.json | |
| pnpm install && npm install --package-lock-only | |
| pnpm --dir frontend install && npm --prefix frontend install --package-lock-only | |
| # delete node_modules | |
| rm -rf node_modules frontend/node_modules | |
| # reinstall modules and build | |
| npm install --frozen-lockfile && npm --prefix frontend install --frozen-lockfile | |
| npm --prefix frontend run build | |
| cp -rv ./frontend/dist/* . | |
| # remove folder that aren't needed in Pages before we upload | |
| rm -rf ./tf ./scripts ./.github ./.npm ./consumer ./do ./*.md ./.cache ./.local ./.pnpm-store | |
| echo "******" | |
| command: pages publish --project-name=wildebeest-${{ env.NAME_SUFFIX }} . | |
| env: | |
| CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CF_ACCOUNT_ID }} | |
| COMMIT_HASH: ${{ github.sha }} |