🔧 Build and Deploy #458
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Workflow for build and auto-deploy of branches | |
name: 🔧 Build and Deploy | |
on: | |
# Push includes PR merge | |
push: | |
branches: | |
- main | |
- staging | |
- development | |
paths: | |
# Workflow is triggered only if src changes | |
- src/** | |
# Allow manual trigger | |
workflow_dispatch: | |
jobs: | |
pytest: | |
uses: hotosm/gh-workflows/.github/workflows/[email protected] | |
with: | |
image_name: ghcr.io/${{ github.repository }}/backend | |
build_context: src/backend | |
compose_service: api | |
compose_command: wait-for-it fmtm-db:5432 --strict -- wait-for-it central:8383 --strict --timeout=30 -- pytest | |
tag_override: ci-${{ github.ref_name }} | |
secrets: inherit | |
frontend-tests: | |
uses: hotosm/gh-workflows/.github/workflows/[email protected] | |
with: | |
working_dir: src/frontend | |
backend-build: | |
uses: hotosm/gh-workflows/.github/workflows/[email protected] | |
needs: [pytest] | |
with: | |
context: src/backend | |
build_target: prod | |
image_name: ghcr.io/${{ github.repository }}/backend | |
frontend-build: | |
uses: hotosm/gh-workflows/.github/workflows/[email protected] | |
needs: [frontend-tests] | |
with: | |
context: src/frontend | |
dockerfile: prod.dockerfile | |
build_target: prod | |
image_name: ghcr.io/${{ github.repository }}/frontend | |
smoke-test-backend: | |
runs-on: ubuntu-latest | |
needs: [backend-build] | |
environment: | |
name: ${{ github.ref_name }} | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
- name: Vars and Secrets to Env | |
env: | |
GIT_BRANCH: ${{ github.ref_name }} | |
TAG_OVERRIDE: ${{ needs.backend-build.outputs.image_tag }} | |
VARS_CONTEXT: ${{ toJson(vars) }} | |
SECRETS_CONTEXT: ${{ toJson(secrets) }} | |
run: | | |
# Random delimeter string for security | |
delim=$(dd if=/dev/urandom bs=15 count=1 status=none | base64) | |
# Parse JSON with multiline strings, using delimeter (Github specific) | |
to_envs() { jq -r "to_entries[] | \"\(.key)<<$delim\n\(.value)\n$delim\n\""; } | |
# Set all vars | |
echo "GIT_BRANCH=${GIT_BRANCH}" >> $GITHUB_ENV | |
echo "TAG_OVERRIDE=${TAG_OVERRIDE}" >> $GITHUB_ENV | |
echo "${VARS_CONTEXT}" | to_envs >> $GITHUB_ENV | |
echo "${SECRETS_CONTEXT}" | to_envs >> $GITHUB_ENV | |
- name: Create .env file | |
run: | | |
# Get a8m/envsubst (required for default vals syntax ${VAR:-default}) | |
echo "Downloading envsubst" | |
curl -L https://github.com/a8m/envsubst/releases/download/v1.2.0/envsubst-`uname -s`-`uname -m` -o envsubst | |
chmod +x envsubst | |
echo "Substituing variables from .env.example --> .env" | |
./envsubst < .env.example > .env | |
echo "GIT_BRANCH=${GIT_BRANCH}" >> .env | |
echo "TAG_OVERRIDE=${TAG_OVERRIDE}" >> .env | |
- name: Backend smoke test | |
run: | | |
# Migrate db first, so api works | |
docker compose up migrations --exit-code-from migrations | |
# Run without migrations (give exit code 0) | |
docker compose up -d \ | |
--no-deps --wait --wait-timeout 60 \ | |
central-db central central-proxy s3 api | |
smoke-test-frontend: | |
runs-on: ubuntu-latest | |
needs: [frontend-build] | |
environment: | |
name: ${{ github.ref_name }} | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
- name: Frontend smoke test | |
run: echo "Not implemented" | |
deploy-containers: | |
needs: | |
- smoke-test-backend | |
- smoke-test-frontend | |
uses: hotosm/gh-workflows/.github/workflows/[email protected] | |
with: | |
environment: ${{ github.ref_name }} | |
docker_compose_file: "docker-compose.${{ github.ref_name }}.yml" | |
secrets: inherit |