Pass valid host address #752
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Pipeline | |
on: [push, workflow_dispatch] | |
env: | |
REGISTRY: ghcr.io | |
IMAGE_NAME: ${{ github.repository }} | |
jobs: | |
static_analysis: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: '3.10' | |
- name: Uninstall git-lfs | |
run: sudo apt remove -y git-lfs && sudo apt autoremove -y && sudo apt clean -y | |
- name: Install Dependencies and library | |
shell: bash | |
run: | | |
set -ux | |
python -m pip install --upgrade pip | |
pip install -e ".[dev]" | |
- name: Run mypy | |
shell: bash | |
run: mypy captn google_ads openai_agent application.py | |
- name: Run bandit | |
shell: bash | |
run: bandit -c pyproject.toml -r captn | |
- name: Run Semgrep | |
shell: bash | |
run: semgrep scan --config auto --error | |
test: | |
runs-on: ubuntu-latest | |
services: | |
postgres: | |
image: postgres:13 | |
env: | |
POSTGRES_USER: postgres | |
POSTGRES_PASSWORD: postgres | |
POSTGRES_DB: gads | |
ports: | |
- 5432:5432 | |
options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5 | |
env: | |
INFOBIP_API_KEY: "dummy_key" | |
INFOBIP_BASE_URL: "dummy_url" | |
DATABASE_URL: "postgresql://postgres:postgres@localhost:5432/gads" | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set up Python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: "3.10" | |
cache: "pip" | |
cache-dependency-path: pyproject.toml | |
- name: Uninstall git-lfs | |
run: sudo apt remove -y git-lfs && sudo apt autoremove -y && sudo apt clean -y | |
- name: Install Dependencies | |
run: pip install -e ".[dev]" | |
- name: Prisma generate | |
run: prisma generate | |
- name: Create client secrets file | |
run: echo '{"web":{"client_id":"dummy.apps.googleusercontent.com","project_id":"dummy-id","auth_uri":"https://accounts.google.com/o/oauth2/auth","token_uri":"https://oauth2.googleapis.com/token","auth_provider_x509_cert_url":"https://www.googleapis.com/oauth2/v1/certs","client_secret":"dummy-secret","redirect_uris":["http://localhost:9000/login/callback"]}}' > client_secret.json | |
- name: Test | |
run: pytest tests/ci/ | |
docker_build_push: | |
runs-on: ubuntu-22.04 | |
permissions: | |
contents: read | |
packages: write | |
env: | |
PORT: ${{ vars.PORT }} | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: 18 | |
- name: Install wasp | |
run: curl -sSL https://get.wasp-lang.dev/installer.sh | sh | |
- name: Log in to the Container registry | |
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d | |
with: | |
registry: ${{ env.REGISTRY }} | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- run: docker pull ghcr.io/$GITHUB_REPOSITORY:$GITHUB_REF_NAME || docker pull ghcr.io/$GITHUB_REPOSITORY:dev || true | |
- run: docker build --build-arg PORT=$PORT -t ghcr.io/$GITHUB_REPOSITORY:$GITHUB_REF_NAME . | |
- name: Add tag latest if branch is main | |
if: github.ref_name == 'main' | |
run: docker tag ghcr.io/$GITHUB_REPOSITORY:$GITHUB_REF_NAME ghcr.io/$GITHUB_REPOSITORY:latest | |
- name: Push only if branch name is main or dev | |
if: github.ref_name == 'main' || github.ref_name == 'dev' | |
run: docker push ghcr.io/$GITHUB_REPOSITORY --all-tags | |
deploy: | |
runs-on: ubuntu-22.04 | |
defaults: | |
run: | |
shell: bash | |
needs: [static_analysis, test, docker_build_push] | |
if: github.ref_name == 'main' || github.ref_name == 'dev' | |
env: | |
GITHUB_USERNAME: ${{ github.actor }} | |
GITHUB_PASSWORD: ${{ secrets.GITHUB_TOKEN }} | |
DEVELOPER_TOKEN: ${{ secrets.DEVELOPER_TOKEN }} | |
PORT: ${{ vars.PORT }} | |
DOMAIN: ${{ github.ref_name == 'main' && vars.PROD_DOMAIN || vars.STAGING_DOMAIN }} | |
REDIRECT_DOMAIN: ${{ github.ref_name == 'main' && vars.PROD_REDIRECT_DOMAIN || vars.STAGING_REDIRECT_DOMAIN }} | |
CLIENT_SECRET: ${{ github.ref_name == 'main' && secrets.PROD_CLIENT_SECRET || secrets.STAGING_CLIENT_SECRET }} | |
DATABASE_URL: ${{ github.ref_name == 'main' && secrets.PROD_DATABASE_URL || secrets.STAGING_DATABASE_URL }} | |
REACT_APP_API_URL: ${{ github.ref_name == 'main' && secrets.PROD_REACT_APP_API_URL || secrets.STAGING_REACT_APP_API_URL }} | |
AZURE_API_VERSION: ${{ github.ref_name == 'main' && secrets.PROD_AZURE_API_VERSION || secrets.STAGING_AZURE_API_VERSION }} | |
AZURE_API_ENDPOINT: ${{ github.ref_name == 'main' && secrets.PROD_AZURE_API_ENDPOINT || secrets.STAGING_AZURE_API_ENDPOINT }} | |
AZURE_GPT4_MODEL: ${{ github.ref_name == 'main' && secrets.PROD_AZURE_GPT4_MODEL || secrets.STAGING_AZURE_GPT4_MODEL }} | |
AZURE_GPT35_MODEL: ${{ github.ref_name == 'main' && secrets.PROD_AZURE_GPT35_MODEL || secrets.STAGING_AZURE_GPT35_MODEL }} | |
AZURE_OPENAI_API_KEY_SWEDEN: ${{ github.ref_name == 'main' && secrets.PROD_AZURE_OPENAI_API_KEY_SWEDEN || secrets.STAGING_AZURE_OPENAI_API_KEY_SWEDEN }} | |
INFOBIP_API_KEY: ${{ github.ref_name == 'main' && secrets.PROD_INFOBIP_API_KEY || secrets.STAGING_INFOBIP_API_KEY }} | |
INFOBIP_BASE_URL: ${{ github.ref_name == 'main' && secrets.PROD_INFOBIP_BASE_URL || secrets.STAGING_INFOBIP_BASE_URL }} | |
SSH_KEY: ${{ github.ref_name == 'main' && secrets.PROD_SSH_KEY || secrets.STAGING_SSH_KEY }} | |
steps: | |
- uses: actions/checkout@v3 # Don't change it to cheackout@v4. V4 is not working with container image. | |
# This is to fix GIT not liking owner of the checkout dir - https://github.com/actions/runner/issues/2033#issuecomment-1204205989 | |
- run: chown -R $(id -u):$(id -g) $PWD | |
- run: if [[ $GITHUB_REF_NAME == "main" ]]; then echo "TAG=latest" >> $GITHUB_ENV ; else echo "TAG=dev" >> $GITHUB_ENV ; fi; | |
- run: echo "PATH=$PATH:/github/home/.local/bin" >> $GITHUB_ENV | |
- run: 'which ssh-agent || ( apt-get update -y && apt-get install openssh-client git -y )' | |
- run: eval $(ssh-agent -s) | |
- run: mkdir -p ~/.ssh | |
- run: chmod 700 ~/.ssh | |
- run: ssh-keyscan "$DOMAIN" >> ~/.ssh/known_hosts | |
- run: chmod 644 ~/.ssh/known_hosts | |
- run: echo "$SSH_KEY" | base64 --decode > key.pem | |
- run: chmod 600 key.pem | |
- run: ssh -o StrictHostKeyChecking=no -i key.pem azureuser@"$DOMAIN" "docker images" | |
- run: bash scripts/deploy.sh | |
- run: rm key.pem |