feat: don't create Profiles for Applicants #761
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: 🚀 Deploy | |
on: | |
push: | |
branches: | |
- main | |
tags: | |
- "*" | |
pull_request: | |
types: [opened, synchronize, reopened] | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
permissions: | |
actions: write | |
contents: read | |
jobs: | |
lint: | |
name: ⬣ ESLint | |
runs-on: ubuntu-latest | |
steps: | |
- name: ⬇️ Checkout repo | |
uses: actions/checkout@v4 | |
- name: ⎔ Setup node | |
uses: actions/setup-node@v4 | |
with: | |
node-version: 20 | |
- name: 📥 Download deps | |
uses: bahmutov/npm-install@v1 | |
- name: 🔬 Lint | |
run: npm run lint | |
typecheck: | |
name: ʦ TypeScript | |
runs-on: ubuntu-latest | |
steps: | |
- name: ⬇️ Checkout repo | |
uses: actions/checkout@v4 | |
- name: ⎔ Setup node | |
uses: actions/setup-node@v4 | |
with: | |
node-version: 20 | |
- name: 📥 Download deps | |
uses: bahmutov/npm-install@v1 | |
- name: 🔎 Type check | |
run: npm run typecheck --if-present | |
vitest: | |
name: ⚡ Vitest | |
runs-on: ubuntu-latest | |
env: | |
DATABASE_URL: postgresql://lab_user:lab_pass@localhost/lab_test | |
SESSION_SECRET: asdf_secret | |
steps: | |
- name: ⬇️ Checkout repo | |
uses: actions/checkout@v4 | |
- name: ⎔ Setup node | |
uses: actions/setup-node@v4 | |
with: | |
node-version: 20 | |
- name: 📥 Download deps | |
uses: bahmutov/npm-install@v1 | |
- uses: harmon758/postgresql-action@v1 | |
with: | |
postgresql version: "12" | |
postgresql db: lab_test | |
postgresql user: lab_user | |
postgresql password: lab_pass | |
- name: 🛠 check memory | |
run: cat /proc/meminfo | |
- name: 🛠 Setup Database | |
run: npx prisma migrate reset --force | |
- name: 🛠 check memory | |
run: cat /proc/meminfo | |
- name: ⚡ Run vitest | |
run: npm run test --coverage | |
playwright: | |
name: ⚫️ Playwright | |
timeout-minutes: 60 | |
runs-on: ubuntu-latest | |
env: | |
DATABASE_URL: postgresql://lab_user:lab_pass@localhost/lab_test | |
SESSION_SECRET: asdf_secret | |
BASE_URL: http://localhost:3000 | |
AUTH0_CLIENT_ID: ${{ secrets.AUTH0_CLIENT_ID }} | |
AUTH0_DOMAIN: ${{ secrets.AUTH0_DOMAIN }} | |
AUTH0_CLIENT_SECRET: ${{ secrets.AUTH0_CLIENT_SECRET }} | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: 20 | |
- name: 🏄 Copy test env vars | |
run: cp .env.example .env | |
- uses: harmon758/postgresql-action@v1 | |
with: | |
postgresql version: "12" | |
postgresql db: lab_test | |
postgresql user: lab_user | |
postgresql password: lab_pass | |
- name: 📥 Download deps | |
uses: bahmutov/npm-install@v1 | |
- name: 🛠 Setup Database | |
run: npx prisma migrate reset --force | |
- name: create admin user | |
run: echo "ADMIN_COOKIE=$(npx ts-node --require tsconfig-paths/register ./tasks/create-user.ts 'test@example.com' ADMIN)" >> $GITHUB_ENV | |
- name: Install Playwright | |
run: npm ci && npx playwright install --with-deps | |
working-directory: ./playwright | |
- name: Run Playwright tests | |
run: npx playwright test | |
working-directory: ./playwright | |
- uses: actions/upload-artifact@v4 | |
if: always() | |
with: | |
name: playwright-report | |
path: playwright/playwright-report/ | |
retention-days: 30 | |
sonarqube: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
# Disabling shallow clone is recommended for improving relevancy of reporting | |
fetch-depth: 0 | |
- name: SonarQube Scan | |
uses: sonarsource/sonarqube-scan-action@master | |
env: | |
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
SONAR_HOST_URL: ${{ secrets.SONAR_HOST }} | |
deploy: | |
name: 🚀 Deploy | |
runs-on: ubuntu-latest | |
environment: dev | |
needs: [lint, typecheck, vitest, sonarqube] | |
# only build/deploy main branch on pushes | |
if: ${{ (github.ref == 'refs/heads/main') && github.event_name == 'push' }} | |
env: | |
NODE_ENV: production | |
steps: | |
- name: ⬇️ Checkout repo | |
uses: actions/checkout@v4 | |
- name: 👀 Read app props | |
uses: Muchaszewski/read-json-action@1.0.0 | |
id: app_props | |
with: | |
path: "package.json" | |
properties: "[name, engines.node]" | |
- name: Prepare Server For Build | |
uses: appleboy/ssh-action@master | |
with: | |
host: ${{ secrets.LIGHTSAIL_IP }} | |
username: ${{ secrets.LIGHTSAIL_USER }} | |
key: ${{ secrets.SSH_PRIVATE_KEY }} | |
script: | | |
rm -rf ~/projectlab/tmp | |
mkdir -p ~/projectlab/tmp | |
- name: Copy Files To Lightsail Instance | |
uses: wlixcc/SFTP-Deploy-Action@v1.0 | |
with: | |
username: ${{ secrets.LIGHTSAIL_USER }} | |
server: ${{ secrets.LIGHTSAIL_IP }} | |
ssh_private_key: ${{ secrets.SSH_PRIVATE_KEY }} | |
local_path: "./*" | |
remote_path: "/home/admin/projectlab/tmp/" | |
args: "-o ConnectTimeout=60" | |
- name: Configure Server | |
uses: appleboy/ssh-action@master | |
env: | |
DB_URL: ${{ secrets.DB_URL }} | |
DATABASE_URL: postgresql://admin:password@localhost/projectlab | |
SESSION_SECRET: ${{ secrets.SESSION_SECRET }} | |
BASE_URL: ${{ secrets.BASE_URL }} | |
AUTH0_CLIENT_ID: ${{ secrets.AUTH0_CLIENT_ID }} | |
AUTH0_DOMAIN: ${{ secrets.AUTH0_DOMAIN }} | |
AUTH0_CLIENT_SECRET: ${{ secrets.AUTH0_CLIENT_SECRET }} | |
GOOGLE_APPLICATION_CREDENTIALS: ${{ secrets.GOOGLE_APPLICATION_CREDENTIALS }} | |
GITHUB_KEY: ${{ secrets.API_GITHUB_KEY }} | |
DEV_URL: ${{ secrets.DEV_URL }} | |
with: | |
timeout: 60s | |
command_timeout: 30m | |
envs: DB_URL,DATABASE_URL,SESSION_SECRET,BASE_URL,AUTH0_CLIENT_ID,AUTH0_DOMAIN,AUTH0_CLIENT_SECRET,GOOGLE_APPLICATION_CREDENTIALS,GITHUB_KEY,DEV_URL | |
host: ${{ secrets.LIGHTSAIL_IP }} | |
username: ${{ secrets.LIGHTSAIL_USER }} | |
key: ${{ secrets.SSH_PRIVATE_KEY }} | |
script_stop: true | |
script: | | |
# ignore failure on pm2 stop (first time?) | |
pm2 stop all || true | |
echo "*** Step: *** Replace app folders" | |
rm -rf ~/projectlab/app | |
mkdir -p ~/projectlab/app | |
cp -R ~/projectlab/tmp/. ~/projectlab/app/ | |
cd ~/projectlab/app | |
echo "*** Step: *** Create .env file" | |
echo DATABASE_URL="$DATABASE_URL" >> .env | |
echo SESSION_SECRET="$SESSION_SECRET" >> .env | |
echo BASE_URL="$BASE_URL" >> .env | |
echo AUTH0_CLIENT_ID="$AUTH0_CLIENT_ID" >> .env | |
echo AUTH0_DOMAIN="$AUTH0_DOMAIN" >> .env | |
echo AUTH0_CLIENT_SECRET="$AUTH0_CLIENT_SECRET" >> .env | |
echo GOOGLE_APPLICATION_CREDENTIALS="$GOOGLE_APPLICATION_CREDENTIALS" >> .env | |
echo GITHUB_KEY="$GITHUB_KEY" >> .env | |
echo DEV_URL="$DEV_URL" >> .env | |
echo "*** Step: *** npm ci and build" | |
npm ci # install | |
npm run build | |
echo "*** Step: *** Load prod database and run migrations and seeds" | |
pg_dump --dbname $DB_URL --clean --if-exists > db.sql | |
sudo -u postgres psql -c "DROP DATABASE IF EXISTS projectlab;" | |
sudo -u postgres psql -c "CREATE DATABASE projectlab;" | |
sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE projectlab TO admin;" | |
psql -d "$DATABASE_URL" < db.sql | |
npx -y prisma migrate deploy # first npx with -y to avoid prompt to install | |
npx prisma db seed | |
echo "*** Step: *** Schedule cron to update profiles" | |
chmod +x /home/admin/projectlab/app/profilesmigration.sh | |
echo "0 13 * * * /home/admin/projectlab/app/profilesmigration.sh" | crontab - | |
echo "*** Cron job to get github activity ****" | |
chmod +x /home/admin/projectlab/app/githubActivity.sh | |
{ | |
line="0 0 * * * /home/admin/projectlab/app/githubActivity.sh" | |
crontab -l | grep -Fv "$line" | |
echo "$line" | |
} | crontab - | |
echo "*** Step: *** Start pm2 service" | |
pm2 start ecosystem.config.js | |
pm2 save | |
# echo "*** Step: ** Run Playwright tests" | |
# echo "ADMIN_COOKIE=$(npx ts-node --require tsconfig-paths/register ./tasks/create-user.ts 'test@example.com' ADMIN)" >> .env | |
# npx playwright install --with-deps | |
# npx playwright test | |
echo "*** Step: ** Cleanup" | |
rm -rf ~/projectlab/tmp | |
deploy-prod: | |
name: 🚀 Deploy Prod | |
runs-on: ubuntu-latest | |
environment: prod | |
needs: [lint, typecheck, vitest, sonarqube, playwright] | |
# only build/deploy prod on new version tags (v1.0.0) | |
if: startsWith(github.ref, 'refs/tags/v') | |
env: | |
NODE_ENV: production | |
steps: | |
- name: ⬇️ Checkout repo | |
uses: actions/checkout@v4 | |
- name: 👀 Read app props | |
uses: Muchaszewski/read-json-action@1.0.0 | |
id: app_props | |
with: | |
path: "package.json" | |
properties: "[name, engines.node]" | |
- name: Prepare Server For Build | |
uses: appleboy/ssh-action@master | |
with: | |
host: ${{ secrets.LIGHTSAIL_IP }} | |
username: ${{ secrets.LIGHTSAIL_USER }} | |
key: ${{ secrets.SSH_PRIVATE_KEY }} | |
script: | | |
rm -rf ~/projectlab/tmp | |
mkdir -p ~/projectlab/tmp | |
- name: Copy Files To Lightsail Instance | |
uses: wlixcc/SFTP-Deploy-Action@v1.0 | |
with: | |
username: ${{ secrets.LIGHTSAIL_USER }} | |
server: ${{ secrets.LIGHTSAIL_IP }} | |
ssh_private_key: ${{ secrets.SSH_PRIVATE_KEY }} | |
local_path: "./*" | |
remote_path: "/home/admin/projectlab/tmp/" | |
args: "-o ConnectTimeout=60" | |
- name: Configure Server | |
uses: appleboy/ssh-action@master | |
env: | |
DB_URL: ${{ secrets.DB_URL }} | |
# On prod DATABASE_URL = DB_URL | |
DATABASE_URL: ${{ secrets.DB_URL }} | |
SESSION_SECRET: ${{ secrets.SESSION_SECRET }} | |
BASE_URL: ${{ secrets.BASE_URL }} | |
AUTH0_CLIENT_ID: ${{ secrets.AUTH0_CLIENT_ID }} | |
AUTH0_DOMAIN: ${{ secrets.AUTH0_DOMAIN }} | |
AUTH0_CLIENT_SECRET: ${{ secrets.AUTH0_CLIENT_SECRET }} | |
GOOGLE_APPLICATION_CREDENTIALS: ${{ secrets.GOOGLE_APPLICATION_CREDENTIALS }} | |
GITHUB_KEY: ${{ secrets.API_GITHUB_KEY }} | |
with: | |
timeout: 60s | |
command_timeout: 30m | |
envs: DB_URL,DATABASE_URL,SESSION_SECRET,BASE_URL,AUTH0_CLIENT_ID,AUTH0_DOMAIN,AUTH0_CLIENT_SECRET,GOOGLE_APPLICATION_CREDENTIALS,GITHUB_KEY | |
host: ${{ secrets.LIGHTSAIL_IP }} | |
username: ${{ secrets.LIGHTSAIL_USER }} | |
key: ${{ secrets.SSH_PRIVATE_KEY }} | |
script_stop: true | |
script: | | |
# ignore failure on pm2 delete (first time?) | |
# use delete to also reload .env variables | |
pm2 delete projectlab || true | |
echo "*** Step: *** Replace app folders" | |
rm -rf ~/projectlab/app | |
mkdir -p ~/projectlab/app | |
cp -R ~/projectlab/tmp/. ~/projectlab/app/ | |
cd ~/projectlab/app | |
echo "*** Step: *** Create .env file" | |
echo DATABASE_URL="$DATABASE_URL" >> .env | |
echo SESSION_SECRET="$SESSION_SECRET" >> .env | |
echo BASE_URL="$BASE_URL" >> .env | |
echo AUTH0_CLIENT_ID="$AUTH0_CLIENT_ID" >> .env | |
echo AUTH0_DOMAIN="$AUTH0_DOMAIN" >> .env | |
echo AUTH0_CLIENT_SECRET="$AUTH0_CLIENT_SECRET" >> .env | |
echo GOOGLE_APPLICATION_CREDENTIALS="$GOOGLE_APPLICATION_CREDENTIALS" >> .env | |
echo GITHUB_KEY="$GITHUB_KEY" >> .env | |
echo "*** Step: *** npm ci and build" | |
npm ci # install | |
npm run build | |
echo "*** Step: *** Load prod database and run migrations and seeds" | |
pg_dump --dbname $DB_URL --clean --if-exists > db.sql ## Just for a quick backup | |
npx -y prisma migrate deploy # first npx with -y to avoid prompt to install | |
npx prisma db seed | |
echo "*** Step: *** Schedule cron to update profiles" | |
chmod +x /home/admin/projectlab/app/profilesmigration.sh | |
echo "0 13 * * * /home/admin/projectlab/app/profilesmigration.sh" | crontab - | |
echo "*** Cron job to get github activity ****" | |
chmod +x /home/admin/projectlab/app/githubActivity.sh | |
{ | |
line="0 9,21 * * * /home/admin/projectlab/app/githubActivity.sh" | |
crontab -l | grep -Fv "$line" | |
echo "$line" | |
} | crontab - | |
echo "*** Step: *** Start pm2 service" | |
pm2 start ecosystem.config.js | |
pm2 save | |
echo "*** Step: ** Cleanup" | |
rm -rf ~/projectlab/tmp |