Merge branch 'main' of https://github.com/iftt-jonathan/jwt-pizza-ser… #12
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI Pipeline | |
on: | |
push: | |
branches: | |
- main | |
workflow_dispatch: | |
jobs: | |
build: | |
name: Build | |
runs-on: ubuntu-latest | |
outputs: | |
version: ${{ steps.set_version.outputs.version }} | |
services: | |
mysql: | |
image: mysql:8.0.29 | |
env: | |
MYSQL_ROOT_PASSWORD: tempdbpassword | |
MYSQL_DATABASE: pizza | |
ports: | |
- "3306:3306" | |
options: >- | |
--health-cmd "mysqladmin ping -ptempdbpassword" | |
--health-interval 10s | |
--health-start-period 10s | |
--health-timeout 5s | |
--health-retries 10 | |
steps: | |
- name: Checkout repo | |
uses: actions/checkout@v4 | |
- name: Setup Node | |
uses: actions/setup-node@v4 | |
with: | |
node-version: "20.x" | |
- name: Install dependencies | |
run: npm ci | |
- name: Lint | |
run: npm run lint | |
- name: Write config file | |
run: | | |
echo "module.exports = { | |
jwtSecret: '${{ secrets.JWT_SECRET }}', | |
db: { | |
connection: { | |
host: '127.0.0.1', | |
user: 'root', | |
password: 'tempdbpassword', | |
database: 'pizza', | |
connectTimeout: 60000, | |
}, | |
listPerPage: 10, | |
}, | |
factory: { | |
url: 'https://pizza-factory.cs329.click', | |
apiKey: '${{ secrets.FACTORY_API_KEY }}', | |
}, | |
metrics: { | |
source: 'jwt-pizza-service', | |
userId: ${{ secrets.METRICS_USER_ID }}, | |
url: '${{ secrets.METRICS_URL }}', | |
apiKey: '${{ secrets.METRICS_API_KEY }}', | |
}, | |
};" > src/config.js | |
- name: Tests | |
run: npm test | |
- name: set version | |
id: set_version | |
run: | | |
version=$(date +'%Y%m%d.%H%M%S') | |
echo "version=$version" >> "$GITHUB_OUTPUT" | |
printf '{"version": "%s" }' "$version" > src/version.json | |
- name: Update coverage | |
run: | | |
coverage_pct=$(grep -o '"pct":[0-9.]*' coverage/coverage-summary.json | head -n 1 | cut -d ':' -f 2) | |
color=$(echo "$coverage_pct < 80" | bc -l | awk '{if ($1) print "yellow"; else print "green"}') | |
curl https://img.shields.io/badge/Coverage-$coverage_pct%25-$color -o coverageBadge.svg | |
git config user.name github-actions | |
git config user.email github-actions@github.com | |
git add . | |
git commit -m "generated" | |
git push | |
- name: Create dist | |
run: | | |
mkdir dist | |
cp Dockerfile dist | |
cp -r src/* dist | |
cp *.json dist | |
sed -i "s/root/${{ secrets.DB_USERNAME }}/g" dist/config.js | |
sed -i "s/tempdbpassword/${{ secrets.DB_PASSWORD }}/g" dist/config.js | |
sed -i "s/127.0.0.1/${{ secrets.DB_HOSTNAME }}/g" dist/config.js | |
- name: Update distribution artifact | |
uses: actions/upload-artifact@v4 | |
with: | |
name: package | |
path: dist/ | |
deploy: | |
runs-on: ubuntu-latest | |
permissions: | |
id-token: write | |
needs: build | |
env: | |
version: ${{needs.build.outputs.version}} | |
steps: | |
- name: Download distribution artifact | |
uses: actions/download-artifact@v4 | |
with: | |
name: package | |
- name: Create OIDC token to AWS | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
audience: sts.amazonaws.com | |
aws-region: us-east-1 | |
role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT }}:role/${{ secrets.CI_IAM_ROLE }} | |
- name: Login to Amazon ECR | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v2 | |
- name: Set up machine emulation | |
uses: docker/setup-qemu-action@v3 | |
- name: Set up Docker build | |
uses: docker/setup-buildx-action@v3 | |
- name: Build and push container image | |
id: build-image | |
env: | |
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
ECR_REPOSITORY: 'jwt-pizza-service' | |
run: | | |
docker build --platform=linux/arm64 -t $ECR_REGISTRY/$ECR_REPOSITORY --push . | |
echo "image=$ECR_REGISTRY/$ECR_REPOSITORY:latest" >> $GITHUB_OUTPUT | |
- name: Download task definition | |
run: | | |
aws ecs describe-task-definition --region us-east-1 --task-definition jwt-pizza-service --query taskDefinition > task-definition.json | |
echo $(cat task-definition.json | jq 'del(.taskDefinitionArn, .requiresAttributes, .compatibilities, .revision, .status, .registeredAt, .registeredBy)') > task-definition.json | |
- name: Create new task definition | |
id: task-def | |
uses: aws-actions/amazon-ecs-render-task-definition@v1 | |
with: | |
task-definition: task-definition.json | |
container-name: jwt-pizza-service | |
image: ${{ steps.build-image.outputs.image }} | |
- name: Deploy new task definition | |
uses: aws-actions/amazon-ecs-deploy-task-definition@v1 | |
with: | |
task-definition: ${{ steps.task-def.outputs.task-definition }} | |
service: jwt-pizza-service | |
cluster: jwt-pizza-service | |
wait-for-service-stability: false |