-
Notifications
You must be signed in to change notification settings - Fork 0
112 lines (100 loc) · 6.49 KB
/
workflow.yaml
File metadata and controls
112 lines (100 loc) · 6.49 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
on:
push:
branches:
- main
pull_request:
jobs:
test:
name: Run tests
runs-on: ubuntu-latest
if: github.ref != 'refs/heads/main'
steps:
- name: "Checkout"
uses: actions/checkout@main
- name: "Create .env file"
run: |
echo "POSTGRES_USER=everglot_app_user" >> .env
echo "POSTGRES_PASSWORD=everglot_app_pass" >> .env
echo "POSTGRES_DB=everglot_app_db" >> .env
echo "SESSION_COOKIE_VALIDATION_SECRETS=[\"MySecretCookieValidationSecret123\"]" >> .env
echo "AGORA_APP_CERTIFICATE=whatever" >> .env
echo "SENDINBLUE_API_KEY=whatever" >> .env
echo 'REFRESH_TOKEN_SECRET_KEY={"crv":"Ed25519","d":"6DP9P6p05zwmBEkKWf9V-6UIQySu-hGQjPMrrX6AsrA","x":"htZAKmONXOeoTirYdzme8b29RkS1FdvLRtRplB8exVY","kty":"OKP","kid":"b02ae71f-8d61-4435-85ea-0de3d223f3bd"}' >> .env
echo 'REFRESH_TOKEN_JWKS={"keys":[{"crv":"Ed25519","x":"htZAKmONXOeoTirYdzme8b29RkS1FdvLRtRplB8exVY","kty":"OKP","kid":"b02ae71f-8d61-4435-85ea-0de3d223f3bd"}]}' >> .env
cat .env
- name: "Setup server-side Firebase credentials file"
run: |
echo "${{ secrets.FIREBASE_SERVICE_ACCOUNT_JSON_BASE64 }}" | base64 -d > src/firebaseServiceAccount.json
- name: Build app docker image
run: docker-compose -f docker-compose.yml -f docker-compose.ci.yml build --build-arg NODE_ENV=development --parallel everglot-app
- name: Start database
run: docker-compose -f docker-compose.yml -f docker-compose.ci.yml up -d everglot-db
# Run app as if it were in production.
- name: Migrate database and start app
run: docker-compose -f docker-compose.yml -f docker-compose.ci.yml up -d everglot-app
- name: Run linter
run: docker-compose -f docker-compose.yml -f docker-compose.ci.yml run --entrypoint "/bin/sh -c" everglot-app-ci "npm run lint"
continue-on-error: true
- name: Run tests
run: docker-compose -f docker-compose.yml -f docker-compose.ci.yml run --entrypoint entrypoints/ci-after-app.sh everglot-app-ci mispipe "npm run test" "npx roarr pretty-print --fe '{\"context.logLevel\":{gt:20}}'"
build:
name: Build, Push and Deploy
runs-on: ubuntu-latest
if: github.ref == 'refs/heads/main'
steps:
- name: Checkout main
uses: actions/checkout@main
with:
ref: main
- name: Checkout k8s-setup repo
uses: actions/checkout@main
with:
repository: everglotapp/k8s-setup
token: ${{ secrets.GH_ACCESS_TOKEN }}
path: k8s-setup
ref: main
- name: "Setup server-side Firebase credentials file"
run: |
echo "${{ secrets.FIREBASE_SERVICE_ACCOUNT_JSON_BASE64 }}" | base64 -d > src/firebaseServiceAccount.json
- name: Build container image
run: docker build -t registry.digitalocean.com/everglot/everglot:latest .
- name: Install doctl
uses: digitalocean/action-doctl@v2.1.0
with:
token: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}
- name: Log in to DigitalOcean Container Registry with short-lived credentials
run: doctl registry login --expiry-seconds 600
- name: Push image to DigitalOcean Container Registry
run: docker push registry.digitalocean.com/everglot/everglot:latest
- name: Save DigitalOcean kubeconfig with short-lived credentials
run: doctl kubernetes cluster kubeconfig save --expiry-seconds 600 k8s-1-20-2-do-0-ams3-1612982708095
- name: Create or update Kubernetes Secrets
run: |
kubectl delete secret postgres --ignore-not-found
kubectl create secret generic postgres --from-literal=postgres-password='${{ secrets.PGPASSWORD }}'
kubectl delete secret session --ignore-not-found
kubectl create secret generic session --from-literal=session-cookie-validation-secrets='${{ secrets.SESSION_COOKIE_VALIDATION_SECRETS }}'
kubectl delete secret agora --ignore-not-found
kubectl create secret generic agora --from-literal=agora-app-certificate='${{ secrets.AGORA_APP_CERTIFICATE }}'
kubectl delete secret adminemails --ignore-not-found
kubectl create secret generic adminemails --from-literal=admin-emails='${{ secrets.ADMIN_EMAILS }}'
kubectl delete secret sendinblueapikey --ignore-not-found
kubectl create secret generic sendinblueapikey --from-literal=sendinblue-api-key='${{ secrets.SENDINBLUE_API_KEY }}'
kubectl delete secret demouseremail --ignore-not-found
kubectl create secret generic demouseremail --from-literal=demo-user-email='${{ secrets.DEMO_USER_EMAIL }}'
kubectl delete secret demotoken --ignore-not-found
kubectl create secret generic demotoken --from-literal=demo-token='${{ secrets.DEMO_TOKEN }}'
kubectl delete secret demo2useremail --ignore-not-found
kubectl create secret generic demo2useremail --from-literal=demo2-user-email='${{ secrets.DEMO2_USER_EMAIL }}'
kubectl delete secret demo2token --ignore-not-found
kubectl create secret generic demo2token --from-literal=demo2-token='${{ secrets.DEMO2_TOKEN }}'
kubectl delete secret refreshtokensecretkey --ignore-not-found
kubectl create secret generic refreshtokensecretkey --from-literal=refresh-token-secret-key='${{ secrets.REFRESH_TOKEN_SECRET_KEY }}'
kubectl delete secret refreshtokenjwks --ignore-not-found
kubectl create secret generic refreshtokenjwks --from-literal=refresh-token-jwks='${{ secrets.REFRESH_TOKEN_JWKS }}'
- name: Deploy Config to DigitalOcean Kubernetes
run: kubectl apply -f $GITHUB_WORKSPACE/k8s-setup/everglot/service-deployment.yml
- name: Rollout Deployment to DigitalOcean Kubernetes
run: kubectl rollout restart deployment/everglot
- name: Verify deployment
run: kubectl rollout status deployment/everglot