Skip to content

chore(deps): update dependency express to v4.20.0 [security] (#2576) #1106

chore(deps): update dependency express to v4.20.0 [security] (#2576)

chore(deps): update dependency express to v4.20.0 [security] (#2576) #1106

Workflow file for this run

name: Deploy RS School App
on:
push:
branches: [master]
paths-ignore:
- 'tools/bumblebee/**'
concurrency:
group: deploy
cancel-in-progress: true
jobs:
deploy_build_client:
name: Build (Client)
runs-on: ubuntu-latest
steps:
- name: Setup Node.js environment
uses: actions/setup-node@v4
with:
node-version: '20'
- name: Checkout
uses: actions/checkout@v4
# - name: Restore next cache
# uses: actions/cache@v4
# env:
# cache-name: cache-next
# with:
# path: client/.next/cache/
# key: ${{ runner.os }}-${{ env.cache-name }}-${{ github.sha }}
# restore-keys: |
# ${{ runner.os }}-${{ env.cache-name }}-
- name: Restore npm cache
uses: actions/cache@v4
env:
cache-name: cache-npm
with:
path: ~/.npm
key: ${{ runner.os }}-${{ env.cache-name }}-${{ hashFiles('package-lock.json') }}
restore-keys: |
${{ runner.os }}-${{ env.cache-name }}-
- name: Generate a isolated subworkspace for Client
run: npx turbo prune --scope=client --docker
- name: Add lockfile and package.json's and source of isolated subworkspace
run: |
mkdir -p app
cp -r out/json/. app
cp -r out/full/. app
cp -r out/package-lock.json app
cp -r .dockerignore app
cp -r common app/common
- name: Install dependencies
run: npm ci
working-directory: ./app
- name: Test (npm run test:ci)
run: npm run test:ci
working-directory: ./app
- name: Build (npm run build)
env:
NODE_ENV: production
RSSHCOOL_UI_GCP_MAPS_API_KEY: ${{ secrets.RSSHCOOL_UI_GCP_MAPS_API_KEY }}
CDN_HOST: 'https://cdn.rs.school'
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
DO_NOT_TRACK: 1
working-directory: ./app
run: npm run build
- name: Clean modules
working-directory: ./app
run: npm prune --production
- name: Upload to CDN
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: eu-central-1
run: aws s3 cp ./app/client/.next/static s3://cdn.rs.school/_next/static/ --recursive --cache-control "public,max-age=15552000,immutable"
- name: Build container
run: docker build -t ghcr.io/rolling-scopes/rsschool-app-client:master -f client/Dockerfile ./app
- name: Login to GitHub Container Registry
uses: docker/login-action@v1
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Publish "client" container
run: docker push ghcr.io/rolling-scopes/rsschool-app-client:master
deploy_build_server:
name: Build (Server)
runs-on: ubuntu-latest
steps:
- name: Setup Node.js environment
uses: actions/setup-node@v4
with:
node-version: '20'
- name: Checkout
uses: actions/checkout@v4
- name: Restore npm cache
uses: actions/cache@v4
env:
cache-name: cache-npm
with:
path: ~/.npm
key: ${{ runner.os }}-${{ env.cache-name }}-${{ hashFiles('package-lock.json') }}
restore-keys: |
${{ runner.os }}-${{ env.cache-name }}-
- name: Generate a isolated subworkspace for Client
run: npx turbo prune --scope=server --docker
- name: Add lockfile and package.json's and source of isolated subworkspace
run: |
mkdir -p app
cp -r out/json/. app
cp -r out/full/. app
cp -r out/package-lock.json app
cp -r common app/common
- name: Install dependencies
run: npm ci
working-directory: ./app
- name: Test (npm test)
run: npm test
working-directory: ./app
- name: Build (npm run build)
env:
NODE_ENV: production
DO_NOT_TRACK: 1
run: npm run build
working-directory: ./app
- name: Build container
run: docker build -t ghcr.io/rolling-scopes/rsschool-app-server:master -f server/Dockerfile ./app
- name: Login to GitHub Container Registry
uses: docker/login-action@v1
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Publish "server" container
run: docker push ghcr.io/rolling-scopes/rsschool-app-server:master
deploy_build_nestjs:
name: Build (Nest.js)
runs-on: ubuntu-latest
steps:
- name: Setup Node.js environment
uses: actions/setup-node@v4
with:
node-version: '20'
- name: Checkout
uses: actions/checkout@v4
- name: Restore npm cache
uses: actions/cache@v4
env:
cache-name: cache-npm
with:
path: ~/.npm
key: ${{ runner.os }}-${{ env.cache-name }}-${{ hashFiles('package-lock.json') }}
restore-keys: |
${{ runner.os }}-${{ env.cache-name }}-
- name: Generate a isolated subworkspace for Client
run: npx turbo prune --scope=server --scope=nestjs --docker
- name: Add lockfile and package.json's and source of isolated subworkspace
run: |
mkdir -p app
cp -r out/json/. app
cp -r out/full/. app
cp -r out/package-lock.json app
cp -r common app/common
- name: Install dependencies
run: npm ci
working-directory: ./app
# - name: Test (npm test)
# run: npm test
- name: Build (npm run build)
env:
NODE_ENV: production
DO_NOT_TRACK: 1
run: npx turbo run build --filter=nestjs
working-directory: ./app
- name: Build container
run: docker build -t ghcr.io/rolling-scopes/rsschool-app-nestjs:master -f nestjs/Dockerfile ./app
- name: Login to GitHub Container Registry
uses: docker/login-action@v1
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Publish "nestjs" container
run: docker push ghcr.io/rolling-scopes/rsschool-app-nestjs:master
deploy_aws:
name: Deploy to AWS
needs: [deploy_build_client, deploy_build_server, deploy_build_nestjs]
runs-on: ubuntu-latest
env:
PRIVATE_KEY: ${{ secrets.AWS_PRIVATE_KEY }}
HOSTNAME: ${{ secrets.EC2_HOSTNAME }}
USERNAME: ${{ secrets.EC2_USERNAME }}
environment:
name: production
url: https://app.rs.school
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Pull AWS SSM Params
uses: deptno/[email protected]
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: eu-central-1
with:
ssm-path: /prod/app
format: dotenv
output: .env
- name: Pull the latest images
run: |
echo "$PRIVATE_KEY" > private_key && chmod 600 private_key
scp -o StrictHostKeyChecking=no -i private_key ./.env ${USERNAME}@${HOSTNAME}:~/.env
scp -o StrictHostKeyChecking=no -i private_key ./docker-compose.yml ${USERNAME}@${HOSTNAME}:~/docker-compose.yml
scp -o StrictHostKeyChecking=no -i private_key ./setup/nginx/nginx.conf ${USERNAME}@${HOSTNAME}:~/nginx/nginx.conf
ssh -o StrictHostKeyChecking=no -i private_key ${USERNAME}@${HOSTNAME} '
sleep 10
docker-compose pull
'
- name: Restart
run: |
echo "$PRIVATE_KEY" > private_key && chmod 600 private_key
ssh -o StrictHostKeyChecking=no -i private_key ${USERNAME}@${HOSTNAME} '
docker-compose up -d
docker-compose restart nginx
'
- name: Clean up
run: |
echo "$PRIVATE_KEY" > private_key && chmod 600 private_key
ssh -o StrictHostKeyChecking=no -i private_key ${USERNAME}@${HOSTNAME} '
docker system prune -f
'