enforce lowercase for repo name #83
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and deploy | ||
| on: | ||
| push: | ||
| branches: main | ||
| paths-ignore: | ||
| - "README.md" | ||
| workflow_dispatch: | ||
| concurrency: | ||
| group: "build-and-deploy" | ||
| cancel-in-progress: false | ||
| env: | ||
| NODE_VERSION: "20.18.2" | ||
| AWS_REGION: us-east-1 | ||
| WAFRN_EMAIL: ${{ vars.WAFRN_EMAIL }} | ||
| DB_HOST: ${{ vars.DB_HOST }} | ||
| DB_USER: ${{ vars.DB_USER }} | ||
| CRAWLER_DIR: ${{ vars.CRAWLER_DIR }} | ||
| ADMIN_HANDLES: ${{ vars.ADMIN_HANDLES }} | ||
| DOKS_CLUSTER_NAME: ${{ vars.DOKS_CLUSTER_NAME }} | ||
| DOKS_REGION: ${{ vars.DOKS_REGION }} | ||
| WAFRN_PASSWORD: ${{ secrets.WAFRN_PASSWORD }} | ||
| DB_PWD: ${{ secrets.DB_PWD }} | ||
| GH_TOKEN: ${{ secrets.GH_TOKEN }} | ||
| DIGITALOCEAN_ACCESS_TOKEN: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }} | ||
| permissions: | ||
| id-token: write | ||
| contents: read | ||
| packages: write | ||
| jobs: | ||
| tag: | ||
| if: "!contains(github.event.head_commit.message, '[no ci]')" | ||
| runs-on: ubuntu-latest | ||
| permissions: | ||
| contents: write | ||
| issues: write | ||
| pull-requests: write | ||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@v4 | ||
| with: | ||
| fetch-depth: 0 | ||
| - name: Get latest tag and commit SHA | ||
| id: tag_check | ||
| run: | | ||
| LATEST_TAG=$(git describe --tags `git rev-list --tags --max-count=1`) | ||
| echo "Latest tag: $LATEST_TAG" | ||
| # Get commit SHA of the latest tag | ||
| TAG_COMMIT_SHA=$(git rev-list -n 1 $LATEST_TAG 2>/dev/null || echo "0000000") | ||
| # Compare with current commit SHA | ||
| if [ "$TAG_COMMIT_SHA" = "$GITHUB_SHA" ]; then | ||
| echo "Current commit already tagged. Skipping new tag." | ||
| echo "create_new_tag=false" >> $GITHUB_OUTPUT | ||
| else | ||
| echo "New commit detected. Creating new tag." | ||
| echo "create_new_tag=true" >> $GITHUB_OUTPUT | ||
| echo "latest_tag=$LATEST_TAG" >> $GITHUB_OUTPUT | ||
| fi | ||
| - name: Increment version (if needed) | ||
| if: steps.tag_check.outputs.create_new_tag == 'true' | ||
| id: increment_version | ||
| run: | | ||
| LATEST_TAG="${{ steps.tag_check.outputs.latest_tag }}" | ||
| # Split into major.minor.patch | ||
| MAJOR=$(echo $LATEST_TAG | cut -d'.' -f1) | ||
| MINOR=$(echo $LATEST_TAG | cut -d'.' -f2) | ||
| PATCH=$(echo $LATEST_TAG | cut -d'.' -f3) | ||
| # Increment patch version | ||
| NEW_PATCH=$((PATCH + 1)) | ||
| NEW_VERSION="$MAJOR.$MINOR.$NEW_PATCH" | ||
| echo "new_version=$NEW_VERSION" >> $GITHUB_OUTPUT | ||
| echo "New version: $NEW_VERSION" | ||
| - name: Create new tag (if needed) | ||
| if: steps.tag_check.outputs.create_new_tag == 'true' | ||
| uses: actions/github-script@v6 | ||
| with: | ||
| script: | | ||
| const version = "${{ steps.increment_version.outputs.new_version }}"; | ||
| await github.rest.git.createRef({ | ||
| owner: context.repo.owner, | ||
| repo: context.repo.repo, | ||
| ref: `refs/tags/${version}`, | ||
| sha: context.sha | ||
| }); | ||
| build-publish: | ||
| needs: [tag] | ||
| runs-on: ubuntu-latest | ||
| strategy: | ||
| matrix: | ||
| service: ["crawl", "post", "send-dms"] | ||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@v4 | ||
| with: | ||
| fetch-depth: 0 | ||
| fetch-tags: true | ||
| - name: Get Version | ||
| id: version | ||
| run: echo "version=$(git describe --tags `git rev-list --tags --max-count=1`)" >> $GITHUB_OUTPUT | ||
| - name: Docker Login | ||
| uses: docker/login-action@v3.3.0 | ||
| with: | ||
| registry: ghcr.io | ||
| username: ${{ github.actor }} | ||
| password: ${{ env.GH_TOKEN }} | ||
| - name: Build and Push | ||
| uses: docker/build-push-action@v6.5.0 | ||
| with: | ||
| context: . | ||
| file: ${{ matrix.service }}.Dockerfile | ||
| push: true | ||
| tags: | | ||
|
Check failure on line 117 in .github/workflows/build-and-deploy.yml
|
||
| ghcr.io/${{ github.repository_owner }}/${{ github.event.repository.name | lower }}/${{ matrix.service }}:${{ steps.version.outputs.version }} | ||
| ghcr.io/${{ github.repository_owner }}/${{ github.event.repository.name | lower }}/${{ matrix.service }}:latest | ||
| build-args: | | ||
| NODE_ENV=production | ||
| deploy: | ||
| needs: [build-publish] | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@v4 | ||
| with: | ||
| fetch-depth: 0 | ||
| fetch-tags: true | ||
| - name: Get Version | ||
| id: version | ||
| run: echo "version=$(git describe --tags `git rev-list --tags --max-count=1`)" >> $GITHUB_OUTPUT | ||
| - name: Configure DigitalOcean CLI | ||
| uses: digitalocean/action-doctl@v2 | ||
| with: | ||
| token: ${{ env.DIGITALOCEAN_ACCESS_TOKEN }} | ||
| - name: Configure Kubeconfig | ||
| run: | | ||
| doctl kubernetes cluster kubeconfig save ${{ env.DOKS_CLUSTER_NAME }} | ||
| kubectl config use-context do-${{ env.DOKS_REGION }}-${{ env.DOKS_CLUSTER_NAME }} | ||
| - name: Create ConfigMap and Secret | ||
| run: | | ||
| # Base64 encode secrets | ||
| DB_PWD_B64=$(printf '%s' "${{ env.DB_PWD }}" | base64 -w0) | ||
| WAFRN_PASSWORD_B64=$(printf '%s' "${{ env.WAFRN_PASSWORD }}" | base64 -w0) | ||
| # Create config.yaml with actual values | ||
| cat <<EOF | kubectl apply -f - | ||
| apiVersion: v1 | ||
| kind: ConfigMap | ||
| metadata: | ||
| name: columnistos-config | ||
| namespace: columnistos | ||
| data: | ||
| WAFRN_EMAIL: "${{ env.WAFRN_EMAIL }}" | ||
| DB_HOST: "${{ env.DB_HOST }}" | ||
| DB_USER: "${{ env.DB_USER }}" | ||
| CRAWLER_DIR: "${{ env.CRAWLER_DIR }}" | ||
| ADMIN_HANDLES: "${{ env.ADMIN_HANDLES }}" | ||
| --- | ||
| apiVersion: v1 | ||
| kind: Secret | ||
| metadata: | ||
| name: columnistos-secret | ||
| namespace: columnistos | ||
| type: Opaque | ||
| data: | ||
| DB_PWD: "$DB_PWD_B64" | ||
| WAFRN_PASSWORD: "$WAFRN_PASSWORD_B64" | ||
| EOF | ||
| - name: Create Registry Secret | ||
| run: | | ||
| kubectl create secret docker-registry ghcr-secret \ | ||
| --namespace=columnistos \ | ||
| --docker-server=ghcr.io \ | ||
| --docker-username=${{ github.actor }} \ | ||
| --docker-password=${{ env.GH_TOKEN }} \ | ||
| --dry-run=client -o yaml | kubectl apply -n columnistos -f - | ||
| - name: Apply and Update Manifests | ||
| run: | | ||
| # Replace placeholders in YAML | ||
| sed -i "s/__GH_OWNER__/${{ github.repository_owner }}/g" k8s/scripts.yaml | ||
| sed -i "s/__GH_REPO__/${{ github.event.repository.name | lower }}/g" k8s/scripts.yaml | ||
| sed -i "s/__VERSION__/${{ steps.version.outputs.version }}/g" k8s/scripts.yaml | ||
| # Apply manifests | ||
| kubectl apply -n columnistos -f k8s/scripts.yaml | ||
| - name: Update Deployment | ||
| run: | | ||
| for service in crawl post send-dms; do | ||
| kubectl set image cronjob/$service -n columnistos \ | ||
| $service=ghcr.io/${{ github.repository_owner }}/${{ github.event.repository.name | lower }}/$service:${{ steps.version.outputs.version }} \ | ||
| --record | ||
| done | ||
