Pin headlines and descriptions implemented (#930) #1676
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Pipeline | |
| on: [push, workflow_dispatch] | |
| env: | |
| REGISTRY: ghcr.io | |
| IMAGE_NAME: ${{ github.repository }} | |
| jobs: | |
| static_analysis: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.11' | |
| - name: Install Dependencies and library | |
| shell: bash | |
| run: | | |
| set -ux | |
| python -m pip install --upgrade pip | |
| pip install -e ".[dev]" | |
| - name: Run mypy | |
| shell: bash | |
| run: mypy captn google_ads openai_agent application.py | |
| - name: Run bandit | |
| shell: bash | |
| run: bandit -c pyproject.toml -r captn | |
| - name: Run Semgrep | |
| shell: bash | |
| run: semgrep scan --config auto --error | |
| test-without-llms: | |
| uses: ./.github/workflows/test.yml | |
| with: | |
| pytest-marks: "not openai" | |
| secrets: inherit # pragma: allowlist secret | |
| test-with-llms: | |
| # Don't run this job for the readonly queue branches | |
| if: ${{ !startsWith(github.ref_name, 'gh-readonly-queue') }} | |
| strategy: | |
| matrix: | |
| pytest-marks: ["openai and (not brief_creation_team and not campaign_creation_team and not weekly_analysis_team and not get_info_from_the_web_page and not fastapi_openapi_team)", "brief_creation_team and openai", "campaign_creation_team and openai", "weekly_analysis_team", "get_info_from_the_web_page", "fastapi_openapi_team"] | |
| fail-fast: false | |
| uses: ./.github/workflows/test.yml | |
| with: | |
| pytest-marks: ${{ matrix.pytest-marks }} | |
| secrets: inherit # pragma: allowlist secret | |
| needs: | |
| - test-without-llms | |
| docker_build_push: | |
| runs-on: ubuntu-22.04 | |
| permissions: | |
| contents: read | |
| packages: write | |
| env: | |
| PORT: ${{ vars.PORT }} | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: 18 | |
| - name: Install wasp | |
| run: curl -sSL https://get.wasp-lang.dev/installer.sh | sh | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - run: docker pull ghcr.io/$GITHUB_REPOSITORY:$GITHUB_REF_NAME || docker pull ghcr.io/$GITHUB_REPOSITORY:dev || true | |
| - run: docker build --build-arg PORT=$PORT -t ghcr.io/$GITHUB_REPOSITORY:${GITHUB_REF_NAME////-} . | |
| - name: Add tag latest if branch is main | |
| if: github.ref_name == 'main' | |
| run: docker tag ghcr.io/$GITHUB_REPOSITORY:$GITHUB_REF_NAME ghcr.io/$GITHUB_REPOSITORY:latest | |
| - name: Push only if branch name is main or dev | |
| if: github.ref_name == 'main' || github.ref_name == 'dev' | |
| run: docker push ghcr.io/$GITHUB_REPOSITORY --all-tags | |
| # https://github.com/marketplace/actions/alls-green#why | |
| check: # This job does nothing and is only used for the branch protection | |
| if: github.event.pull_request.draft == false | |
| needs: | |
| - test-without-llms | |
| - static_analysis | |
| - docker_build_push | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Decide whether the needed jobs succeeded or failed | |
| uses: re-actors/alls-green@release/v1 # nosemgrep | |
| with: | |
| jobs: ${{ toJSON(needs) }} | |
| deploy: | |
| runs-on: ubuntu-22.04 | |
| defaults: | |
| run: | |
| shell: bash | |
| needs: | |
| - check | |
| - test-with-llms | |
| if: github.ref_name == 'main' || github.ref_name == 'dev' | |
| env: | |
| GITHUB_USERNAME: ${{ github.actor }} | |
| GITHUB_PASSWORD: ${{ secrets.GITHUB_TOKEN }} | |
| DEVELOPER_TOKEN: ${{ secrets.DEVELOPER_TOKEN }} | |
| PORT: ${{ vars.PORT }} | |
| DOMAIN: ${{ github.ref_name == 'main' && vars.PROD_DOMAIN || vars.STAGING_DOMAIN }} | |
| REDIRECT_DOMAIN: ${{ github.ref_name == 'main' && vars.PROD_REDIRECT_DOMAIN || vars.STAGING_REDIRECT_DOMAIN }} | |
| CLIENT_SECRET: ${{ github.ref_name == 'main' && secrets.PROD_CLIENT_SECRET || secrets.STAGING_CLIENT_SECRET }} | |
| DATABASE_URL: ${{ github.ref_name == 'main' && secrets.PROD_DATABASE_URL || secrets.STAGING_DATABASE_URL }} | |
| REACT_APP_API_URL: ${{ github.ref_name == 'main' && secrets.PROD_REACT_APP_API_URL || secrets.STAGING_REACT_APP_API_URL }} | |
| AZURE_API_VERSION: ${{ github.ref_name == 'main' && secrets.PROD_AZURE_API_VERSION || secrets.STAGING_AZURE_API_VERSION }} | |
| AZURE_API_ENDPOINT: ${{ github.ref_name == 'main' && secrets.PROD_AZURE_API_ENDPOINT || secrets.STAGING_AZURE_API_ENDPOINT }} | |
| AZURE_API_ENDPOINT_GPT4O: ${{ github.ref_name == 'main' && secrets.PROD_AZURE_API_ENDPOINT_GPT4O || secrets.STAGING_AZURE_API_ENDPOINT_GPT4O }} | |
| AZURE_GPT4_MODEL: ${{ github.ref_name == 'main' && secrets.PROD_AZURE_GPT4_MODEL || secrets.STAGING_AZURE_GPT4_MODEL }} | |
| AZURE_GPT4O_MODEL: ${{ github.ref_name == 'main' && secrets.PROD_AZURE_GPT4O_MODEL || secrets.STAGING_AZURE_GPT4O_MODEL }} | |
| AZURE_GPT35_MODEL: ${{ github.ref_name == 'main' && secrets.PROD_AZURE_GPT35_MODEL || secrets.STAGING_AZURE_GPT35_MODEL }} | |
| AZURE_OPENAI_API_KEY: ${{ github.ref_name == 'main' && secrets.PROD_AZURE_OPENAI_API_KEY || secrets.STAGING_AZURE_OPENAI_API_KEY }} | |
| AZURE_OPENAI_API_KEY_GPT4O: ${{ github.ref_name == 'main' && secrets.PROD_AZURE_OPENAI_API_KEY_GPT4O || secrets.STAGING_AZURE_OPENAI_API_KEY_GPT4O }} | |
| INFOBIP_API_KEY: ${{ github.ref_name == 'main' && secrets.PROD_INFOBIP_API_KEY || secrets.STAGING_INFOBIP_API_KEY }} | |
| INFOBIP_BASE_URL: ${{ github.ref_name == 'main' && secrets.PROD_INFOBIP_BASE_URL || secrets.STAGING_INFOBIP_BASE_URL }} | |
| SSH_KEY: ${{ github.ref_name == 'main' && secrets.PROD_SSH_KEY || secrets.STAGING_SSH_KEY }} | |
| GOOGLE_SHEETS_OPENAPI_URL: ${{ github.ref_name == 'main' && vars.PROD_GOOGLE_SHEETS_OPENAPI_URL || vars.STAGING_GOOGLE_SHEETS_OPENAPI_URL }} | |
| steps: | |
| - uses: actions/checkout@v3 # Don't change it to cheackout@v4. V4 is not working with container image. | |
| # This is to fix GIT not liking owner of the checkout dir - https://github.com/actions/runner/issues/2033#issuecomment-1204205989 | |
| - run: chown -R $(id -u):$(id -g) $PWD | |
| - run: if [[ $GITHUB_REF_NAME == "main" ]]; then echo "TAG=latest" >> $GITHUB_ENV ; else echo "TAG=dev" >> $GITHUB_ENV ; fi; | |
| - run: echo "PATH=$PATH:/github/home/.local/bin" >> $GITHUB_ENV | |
| - run: 'which ssh-agent || ( apt-get update -y && apt-get install openssh-client git gettext -y )' | |
| - run: eval $(ssh-agent -s) | |
| - run: mkdir -p ~/.ssh | |
| - run: chmod 700 ~/.ssh | |
| - run: ssh-keyscan "$DOMAIN" >> ~/.ssh/known_hosts | |
| - run: chmod 644 ~/.ssh/known_hosts | |
| - run: echo "$SSH_KEY" | base64 --decode > key.pem | |
| - run: chmod 600 key.pem | |
| - run: ssh -o StrictHostKeyChecking=no -i key.pem azureuser@"$DOMAIN" "docker images" | |
| - run: bash scripts/deploy.sh | |
| - run: rm key.pem |