Skip to content

Build and Deploy API to Production #10

Build and Deploy API to Production

Build and Deploy API to Production #10

name: Build and Deploy API to Production
on:
workflow_dispatch:
inputs:
commit:
description: "Leave blank to use current HEAD, or provide an override commit SHA"
type: string
required: false
jobs:
ref:
name: Load Commit Ref
runs-on: ubuntu-latest
steps:
- id: ref
uses: passportxyz/gh-workflows/.github/actions/load_commit_ref@v1
with:
commit: ${{ inputs.commit }}
outputs:
version_tag: ${{ steps.ref.outputs.version_tag }}
docker_tag: ${{ steps.ref.outputs.docker_tag }}
refspec: ${{ steps.ref.outputs.refspec }}
run-tests:
name: Run Tests
needs: [ref]
runs-on: ubuntu-latest
# Run a local ceramic nod to test against
services:
ceramic:
image: gitcoinpassport/js-ceramic:3.2.0
ports:
- 7007:7007
steps:
- uses: actions/checkout@v3
- name: Use Node.js 20
uses: actions/setup-node@v3
with:
node-version: 20.8.1
cache: "yarn"
- name: Install Packages
run: yarn install --frozen-lockfile
- name: Run Tests
run: yarn test
- name: Run Linter
run: yarn lint
- name: Workarround for build error
run: rm -rf node_modules/@tendermint
- name: Run Build (ensure that build succeeds)
run: yarn build
- name: Load Secrets
id: op-load-secret
uses: 1password/load-secrets-action@v1
with:
export-env: true
env:
OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
CERAMIC_PRIVATE_KEY: op://DevOps/passport-xyz-production-secrets/ci/CERAMIC_PRIVATE_KEY
- name: Deploy Ceramic Models
working-directory: ./schemas
run: yarn models:deploy-composite
env:
CERAMIC_URL: http://localhost:7007
PRIVATE_KEY: ${{env.CERAMIC_PRIVATE_KEY}}
- name: Run Ceramic Integration Tests
run: yarn test:ceramic-integration
env:
CERAMIC_CLIENT_URL: http://localhost:7007
check-provider-bitmap:
name: Check Provider Bitmaps
runs-on: ubuntu-latest
needs: [ref]
steps:
- uses: actions/checkout@v3
- name: Use Node.js 20
uses: actions/setup-node@v3
with:
node-version: 20.8
cache: "yarn"
- name: Install Packages
run: yarn install --frozen-lockfile
- name: Load Secrets
id: op-load-secret
uses: 1password/load-secrets-action@v1
with:
export-env: true
env:
OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
ALCHEMY_API_KEY: op://DevOps/passport-xyz-production-secrets/ci/ALCHEMY_API_KEY
- name: Check provider bitmaps
uses: ./.github/actions/check-provider-bitmaps
with:
ALCHEMY_API_KEY: ${{ env.ALCHEMY_API_KEY }}
deploy-api:
name: Deploy API to Production
needs: [ref, run-tests, check-provider-bitmap]
uses: ./.github/workflows/build_and_deploy_generic.yml
with:
refspec: ${{ needs.ref.outputs.refspec }}
docker_tag: ${{ needs.ref.outputs.docker_tag }}
environment: production
secrets: inherit