diff --git a/.github/workflows/_update_terraform.yml b/.github/workflows/_update_terraform.yml new file mode 100644 index 0000000..10ed7d8 --- /dev/null +++ b/.github/workflows/_update_terraform.yml @@ -0,0 +1,60 @@ +name: Update Terraform +on: + workflow_call: + secrets: + PERSONAL_ACCESS_TOKEN: + required: true + inputs: + image_tag: + description: Tag for the image for docker/ghcr registries + required: true + type: string + deployment_environment: + description: The terraform target environment + required: true + type: string + default: staging +jobs: + update: + runs-on: ubuntu-latest + env: + GIT_SHA: ${{ github.sha }} + GIT_TAG: ${{ inputs.image_tag }} + steps: + - name: Checkout terraform config repo + uses: actions/checkout@v4 + with: + # public repo with terraform configuration + repository: 'datacite/mastino' + persist-credentials: false + - name: Setup dokerize and template parameters + run: | + git config --local user.email "action@github.com" + git config --local user.name "GitHub Action" + wget https://github.com/jwilder/dockerize/releases/download/v0.6.0/dockerize-linux-amd64-v0.6.0.tar.gz + tar -xzvf dockerize-linux-amd64-v0.6.0.tar.gz + rm dockerize-linux-amd64-v0.6.0.tar.gz + + - name: Conditionally update staging environment + if: ${{ (inputs.deployment_environment == 'staging') }} + run: | + ./dockerize -template stage/services/levriero/_levriero.auto.tfvars.tmpl:stage/services/levriero/_levriero.auto.tfvars + git add stage/services/levriero/_levriero.auto.tfvars + git commit -m "Adding levriero git variables for commit ${{ github.sha }}" + + - name: Conditionally update production/test environments + if: ${{ (inputs.deployment_environment == 'production') }} + run: | + ./dockerize -template prod-eu-west/services/levriero/_levriero.auto.tfvars.tmpl:prod-eu-west/services/levriero/_levriero.auto.tfvars + ./dockerize -template test/services/levriero/_levriero.auto.tfvars.tmpl:test/services/levriero/_levriero.auto.tfvars + + git add prod-eu-west/services/levriero/_levriero.auto.tfvars + git add test/services/levriero/_levriero.auto.tfvars + git commit -m "Adding levriero git variables for tag ${{ inputs.image_tag }}" + - name: Push changes + uses: ad-m/github-push-action@v0.6.0 + with: + github_token: ${{ secrets.PERSONAL_ACCESS_TOKEN }} + repository: 'datacite/mastino' + branch: 'refs/heads/master' + tags: false diff --git a/.github/workflows/branch_to_staging.yml b/.github/workflows/branch_to_staging.yml new file mode 100644 index 0000000..91b044f --- /dev/null +++ b/.github/workflows/branch_to_staging.yml @@ -0,0 +1,21 @@ +name: Build/Deploy Branch to Staging +on: + workflow_dispatch: +jobs: + test: + uses: ./.github/workflows/parallel_ci.yml + secrets: inherit + call_build_and_push: + needs: test + uses: ./.github/workflows/build.yml + with: + image_name: ${{ github.repository }} + image_tag: ${{ github.ref_name }} + secrets: inherit + deploy: + needs: [test, call_build_and_push] + uses: ./.github/workflows/_update_terraform.yml + with: + image_tag: ${{ github.ref_name }} + deployment_environment: staging + secrets: inherit diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 0000000..6379bd8 --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,54 @@ +name: Build and Tag +on: + workflow_call: + secrets: + DOCKERHUB_USERNAME: + required: true + DOCKERHUB_TOKEN: + required: true + inputs: + image_name: + description: The name of the image for docker/ghcr registries + required: true + type: string + image_tag: + description: Tag for the image for docker/ghcr registries + required: true + type: string +jobs: + build: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + - name: Cache Docker layers + uses: actions/cache@v4 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-buildx-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx- + - name: Login to DockerHub + uses: docker/login-action@v2 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + - name: Login to GitHub Container Registry + uses: docker/login-action@v2 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Build and Push + uses: docker/build-push-action@v4 + with: + context: . + file: ./Dockerfile + push: true + tags: | + ${{ inputs.image_name }}:${{ inputs.image_tag }} + ghcr.io/${{ inputs.image_name }}:${{ inputs.image_tag }} + cache-from: type=local,src=/tmp/.buildx-cache + cache-to: type=local,dest=/tmp/.buildx-cache diff --git a/Dockerfile b/Dockerfile index 65463c5..4ab184a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -33,6 +33,11 @@ COPY vendor/docker/00_app_env.conf /etc/nginx/conf.d/00_app_env.conf # Use Amazon NTP servers COPY vendor/docker/ntp.conf /etc/ntp.conf +# Add Runit script for shoryuken workers +WORKDIR /home/app/webapp +RUN mkdir /etc/service/shoryuken +ADD vendor/docker/shoryuken.sh /etc/service/shoryuken/run + # Copy webapp folder COPY . /home/app/webapp/ RUN mkdir -p tmp/pids && \ @@ -41,7 +46,6 @@ RUN mkdir -p tmp/pids && \ chmod -R 755 /home/app/webapp # Install Ruby gems -COPY Gemfile* /home/app/webapp/ WORKDIR /home/app/webapp RUN mkdir -p vendor/bundle && \ chown -R app:app . && \ @@ -54,10 +58,6 @@ RUN mkdir -p vendor/bundle && \ RUN rm -f /etc/service/sshd/down && \ /etc/my_init.d/00_regen_ssh_host_keys.sh -# Add Runit script for shoryuken workers -RUN mkdir /etc/service/shoryuken -ADD vendor/docker/shoryuken.sh /etc/service/shoryuken/run - # Run additional scripts during container startup (i.e. not at build time) RUN mkdir -p /etc/my_init.d