diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 00000000..c090d411 --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,47 @@ +name: Build and Tag +on: + workflow_call: +jobs: + build: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v2 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v1 + - name: Cache Docker layers + uses: actions/cache@v2 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-buildx-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx- + - name: Login to DockerHub + uses: docker/login-action@v1 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + - name: Login to GitHub Container Registry + uses: docker/login-action@v1 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Build and push + uses: docker/build-push-action@v2 + with: + context: . + file: ./Dockerfile + push: true + tags: ${{ github.repository }}:latest + cache-from: type=local,src=/tmp/.buildx-cache + cache-to: type=local,dest=/tmp/.buildx-cache + - name: Push to GitHub Packages + uses: docker/build-push-action@v2 + with: + context: . + file: ./Dockerfile + push: true + tags: ghcr.io/${{ github.repository }}:latest + cache-from: type=local,src=/tmp/.buildx-cache + cache-to: type=local,dest=/tmp/.buildx-cache \ No newline at end of file diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 7e30f1f3..bf42b843 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -5,143 +5,15 @@ on: - "master" jobs: test: - runs-on: ubuntu-latest - services: - memcached: - image: memcached:1.4.31 - ports: - - 11211/udp - env: - MEMCACHE_SERVERS: "localhost:11211" - SECRET_KEY_BASE: ${{ secrets.SECRET_KEY_BASE }} - SESSION_ENCRYPTED_COOKIE_SALT: ${{ secrets.SESSION_ENCRYPTED_COOKIE_SALT }} - JWT_PRIVATE_KEY: ${{ secrets.JWT_PRIVATE_KEY }} - JWT_PUBLIC_KEY: ${{ secrets.JWT_PUBLIC_KEY }} - AWS_REGION: ${{ secrets.AWS_REGION }} - steps: - - uses: actions/checkout@v3 - - name: Set up Ruby 2.6 - uses: ruby/setup-ruby@v1 - with: - ruby-version: '2.6' - - uses: actions/cache@v3 - with: - path: vendor/bundle - key: ${{ runner.os }}-gems-${{ hashFiles('**/Gemfile.lock') }} - restore-keys: | - ${{ runner.os }}-gems- - - name: Install - run: | - cp .env.build .env - gem install bundler - bundle config path vendor/bundle - bundle install --jobs 4 --retry 3 - - name: Lint and Test - env: - MEMCACHE_SERVERS: "localhost:11211" - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - STAFF_ADMIN_TOKEN: ${{ secrets.STAFF_ADMIN_TOKEN }} - STAFF_PROFILES_ADMIN_TOKEN: ${{ secrets.STAFF_PROFILES_ADMIN_TOKEN }} - run: | - # bundle exec rubocop - bundle exec rspec - echo $? - # - name: Publish code coverage - # uses: paambaati/codeclimate-action@v2.7.5 - # env: - # CC_TEST_REPORTER_ID: ${{ secrets.CC_TEST_REPORTER_ID }} + uses: ./.github/workflows/parallel_ci.yml + secrets: inherit build: needs: test - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v2 - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 - - name: Cache Docker layers - uses: actions/cache@v2 - with: - path: /tmp/.buildx-cache - key: ${{ runner.os }}-buildx-${{ github.sha }} - restore-keys: | - ${{ runner.os }}-buildx- - - name: Login to DockerHub - uses: docker/login-action@v1 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - name: Login to GitHub Container Registry - uses: docker/login-action@v1 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} - - name: Build and push - uses: docker/build-push-action@v2 - with: - context: . - file: ./Dockerfile - push: true - tags: ${{ github.repository }}:latest - cache-from: type=local,src=/tmp/.buildx-cache - cache-to: type=local,dest=/tmp/.buildx-cache - - name: Push to GitHub Packages - uses: docker/build-push-action@v2 - with: - context: . - file: ./Dockerfile - push: true - tags: ghcr.io/${{ github.repository }}:latest - cache-from: type=local,src=/tmp/.buildx-cache - cache-to: type=local,dest=/tmp/.buildx-cache + uses: ./.github/workflows/build.yml + secrets: inherit deploy: needs: [test, build] - runs-on: ubuntu-latest - env: - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} - steps: - - name: Checkout - uses: actions/checkout@v2 - with: - ref: ${{ github.event.pull_request.head.sha }} - - name: Extract variables - shell: bash - run: | - echo "::set-output name=BRANCH::$(echo ${GITHUB_REF#refs/heads/} | sed 's/\//_/g')" - echo "::set-output name=TAG::$(git tag --points-at HEAD)" - echo "::set-output name=GIT_SHA::$(git rev-parse HEAD)" - echo "::set-output name=GIT_SHA_SHORT::$(git rev-parse --short HEAD)" - echo "::set-output name=MESSAGE::$(git log --format=%B -n 1 ${{ github.event.after }})" - id: extract_variables - - - name: Checkout terraform config repo - uses: actions/checkout@v2 - with: - # public repo with terraform configuration - repository: 'datacite/mastino' - persist-credentials: false - - name: Commit changes to terraform config repository - # use go template in terraform config repository to update git sha and tag - # commit and push changes to trigger terraform workflow - run: | - export GIT_SHA=${{ steps.extract_variables.outputs.GIT_SHA_SHORT }} - export GIT_TAG=${{ steps.extract_variables.outputs.TAG }} - - export VERSION_FILENAME=stage/services/levriero/_levriero.auto.tfvars - - sed -e "s/{{ .Env.GIT_SHA }}/$GIT_SHA/g" -e "s/{{ .Env.GIT_TAG }}/$GIT_TAG/g" $VERSION_FILENAME.tmpl > $VERSION_FILENAME - - git config --local user.email "action@github.com" - git config --local user.name "GitHub Action" - git add $VERSION_FILENAME - git commit -m "Adding levriero git variables for commit ${{ steps.extract_variables.outputs.GIT_SHA }}" - - name: Push changes - uses: ad-m/github-push-action@v0.6.0 - with: - github_token: ${{ secrets.PERSONAL_ACCESS_TOKEN }} - repository: 'datacite/mastino' - branch: 'refs/heads/master' - tags: false + uses: ./.github/workflows/update_terraform.yml + secrets: inherit diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml index b7763ef1..83a9dd3d 100644 --- a/.github/workflows/pull_request.yml +++ b/.github/workflows/pull_request.yml @@ -5,6 +5,6 @@ on: - master workflow_dispatch: jobs: - parallel-test: + test: uses: ./.github/workflows/parallel_ci.yml secrets: inherit \ No newline at end of file diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index ccea08da..eba28e3e 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -4,50 +4,8 @@ on: types: [published] jobs: test: - runs-on: ubuntu-latest - services: - memcached: - image: memcached:1.4.31 - ports: - - 11211/udp - env: - MEMCACHE_SERVERS: "localhost:11211" - SECRET_KEY_BASE: ${{ secrets.SECRET_KEY_BASE }} - SESSION_ENCRYPTED_COOKIE_SALT: ${{ secrets.SESSION_ENCRYPTED_COOKIE_SALT }} - JWT_PRIVATE_KEY: ${{ secrets.JWT_PRIVATE_KEY }} - JWT_PUBLIC_KEY: ${{ secrets.JWT_PUBLIC_KEY }} - AWS_REGION: ${{ secrets.AWS_REGION }} - steps: - - uses: actions/checkout@v3 - - name: Set up Ruby 2.6 - uses: ruby/setup-ruby@v1 - with: - ruby-version: '2.6' - - uses: actions/cache@v3 - with: - path: vendor/bundle - key: ${{ runner.os }}-gems-${{ hashFiles('**/Gemfile.lock') }} - restore-keys: | - ${{ runner.os }}-gems- - - name: Install - run: | - cp .env.build .env - gem install bundler - bundle config path vendor/bundle - bundle install --jobs 4 --retry 3 - - name: Lint and Test - env: - MEMCACHE_SERVERS: "localhost:11211" - STAFF_ADMIN_TOKEN: ${{ secrets.STAFF_ADMIN_TOKEN }} - STAFF_PROFILES_ADMIN_TOKEN: ${{ secrets.STAFF_PROFILES_ADMIN_TOKEN }} - run: | - # bundle exec rubocop - bundle exec rspec - echo $? - # - name: Publish code coverage - # uses: paambaati/codeclimate-action@v2.7.5 - # env: - # CC_TEST_REPORTER_ID: ${{ secrets.CC_TEST_REPORTER_ID }} + uses: ./.github/workflows/parallel_ci.yml + secrets: inherit build: needs: test @@ -100,47 +58,5 @@ jobs: deploy: needs: [test, build] - runs-on: ubuntu-latest - env: - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} - steps: - - name: Checkout - uses: actions/checkout@v2 - - - name: Extract variables - shell: bash - run: | - echo "::set-output name=BRANCH::$(echo ${GITHUB_REF#refs/heads/} | sed 's/\//_/g')" - echo "::set-output name=TAG::$(git tag --points-at HEAD)" - echo "::set-output name=GIT_SHA::$(git rev-parse HEAD)" - echo "::set-output name=GIT_SHA_SHORT::$(git rev-parse --short HEAD)" - id: extract_variables - - - name: Checkout terraform config repo - uses: actions/checkout@v2 - with: - # public repo with terraform configuration - repository: 'datacite/mastino' - persist-credentials: false - - name: Commit changes to terraform config repository - # use go template in terraform config repository to update git sha and tag - # commit and push changes to trigger terraform workflow - run: | - export GIT_SHA=${{ steps.extract_variables.outputs.GIT_SHA_SHORT }} - export GIT_TAG=${{ steps.extract_variables.outputs.TAG }} - - export VERSION_FILENAME=prod-eu-west/services/levriero/_levriero.auto.tfvars - - sed -e "s/{{ .Env.GIT_SHA }}/$GIT_SHA/g" -e "s/{{ .Env.GIT_TAG }}/$GIT_TAG/g" $VERSION_FILENAME.tmpl > $VERSION_FILENAME - - git config --local user.email "action@github.com" - git config --local user.name "GitHub Action" - git add $VERSION_FILENAME - git commit -m "Adding levriero git variables for tag ${{ steps.extract_variables.outputs.GIT_TAG }}" - - name: Push changes - uses: ad-m/github-push-action@v0.6.0 - with: - github_token: ${{ secrets.PERSONAL_ACCESS_TOKEN }} - repository: 'datacite/mastino' - branch: 'refs/heads/master' - tags: false + uses: ./.github/workflows/update_terraform.yml + secrets: inherit diff --git a/.github/workflows/update_terraform.yml b/.github/workflows/update_terraform.yml new file mode 100644 index 00000000..a5d2af20 --- /dev/null +++ b/.github/workflows/update_terraform.yml @@ -0,0 +1,51 @@ +name: Update Terraform +on: + workflow_call: +jobs: + update-terraform: + runs-on: ubuntu-latest + env: + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + steps: + - name: Checkout + uses: actions/checkout@v2 + with: + ref: ${{ github.event.pull_request.head.sha }} + - name: Extract variables + shell: bash + run: | + echo "::set-output name=BRANCH::$(echo ${GITHUB_REF#refs/heads/} | sed 's/\//_/g')" + echo "::set-output name=TAG::$(git tag --points-at HEAD)" + echo "::set-output name=GIT_SHA::$(git rev-parse HEAD)" + echo "::set-output name=GIT_SHA_SHORT::$(git rev-parse --short HEAD)" + echo "::set-output name=MESSAGE::$(git log --format=%B -n 1 ${{ github.event.after }})" + id: extract_variables + + - name: Checkout terraform config repo + uses: actions/checkout@v2 + with: + # public repo with terraform configuration + repository: "datacite/mastino" + persist-credentials: false + - name: Commit changes to terraform config repository + # use go template in terraform config repository to update git sha and tag + # commit and push changes to trigger terraform workflow + run: | + export GIT_SHA=${{ steps.extract_variables.outputs.GIT_SHA_SHORT }} + export GIT_TAG=${{ steps.extract_variables.outputs.TAG }} + + export VERSION_FILENAME=stage/services/levriero/_levriero.auto.tfvars + + sed -e "s/{{ .Env.GIT_SHA }}/$GIT_SHA/g" -e "s/{{ .Env.GIT_TAG }}/$GIT_TAG/g" $VERSION_FILENAME.tmpl > $VERSION_FILENAME + + git config --local user.email "action@github.com" + git config --local user.name "GitHub Action" + git add $VERSION_FILENAME + git commit -m "Adding levriero git variables for commit ${{ steps.extract_variables.outputs.GIT_SHA }}" + - name: Push changes + uses: ad-m/github-push-action@v0.6.0 + with: + github_token: ${{ secrets.PERSONAL_ACCESS_TOKEN }} + repository: "datacite/mastino" + branch: "refs/heads/master" + tags: false