Merge pull request #443 from openownership/staging #550
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| # Publish `master` as Docker `latest` image. | |
| branches: | |
| - main | |
| - staging | |
| # Publish `v1.2.3` tags as releases. | |
| tags: | |
| - v* | |
| # Run tests for any PRs. | |
| pull_request: | |
| branches: | |
| - main | |
| - staging | |
| #################################################################################################### | |
| # SET THESE VARIABLES FOR YOUR PROJECT | |
| #################################################################################################### | |
| env: | |
| CACHE_IMAGE: ghcr.io/hactar-is/openownership | |
| PHASE_PROJECT: open-ownership | |
| SENTRY_PROJECT: openownership | |
| REPO_NAME: openownership | |
| # These are the same across projects | |
| PHASE_HOST: https://phase.hacnet.dev | |
| PHASE_SERVICE_TOKEN: ${{ secrets.PHASE_TOKEN }} | |
| PHASE_TOKEN: ${{ secrets.PHASE_TOKEN }} | |
| SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} | |
| SENTRY_ORG: hactar | |
| # Leave these as is | |
| DOCKER_BUILDKIT: 1 | |
| COMPOSE_DOCKER_CLI_BUILD: 1 | |
| # These vars will be needed in GitHub Secrets | |
| # PHASE_TOKEN | |
| # GHCR_TOKEN | |
| # DEPLOY_KEY_PRIVATE | |
| # SENTRY_AUTH_TOKEN | |
| #################################################################################################### | |
| # Everything below here is the same for every project, just make sure you've set the vars above. | |
| #################################################################################################### | |
| jobs: | |
| test: | |
| runs-on: ubuntu-latest | |
| if: "! contains(github.event.head_commit.message, '[skip ci]')" | |
| steps: | |
| - uses: actions/checkout@v2 | |
| - uses: actions/setup-python@v2 | |
| with: | |
| python-version: '3.x' | |
| - name: Install Phase CLI | |
| run: | | |
| curl -fsSL https://pkg.phase.dev/install.sh | sudo bash | |
| - name: Run tests | |
| run: | | |
| export $(phase secrets export --app $PHASE_PROJECT --env development POSTGRES_USER POSTGRES_PASSWORD POSTGRES_DB REDIS_PASSWORD | xargs) | |
| echo ${{ secrets.GHCR_TOKEN }} | docker login ghcr.io -u hactarbot3000 --password-stdin | |
| docker compose -f docker-compose.test.yml pull | |
| docker compose -f docker-compose.test.yml run --rm web | |
| - name: Report coverage to Codacy | |
| run: | | |
| export $(phase secrets export --app $PHASE_PROJECT --env development CODACY_PROJECT_TOKEN | xargs) | |
| pip3 install codacy-coverage | |
| python-codacy-coverage -r ${{github.workspace}}/app/coverage.xml | |
| deploy_staging: | |
| runs-on: ubuntu-latest | |
| needs: test | |
| if: github.ref == 'refs/heads/staging' && ! contains(github.event.head_commit.message, '[skip ci]') && ! contains(github.event.head_commit.message, '[skip deploy]') | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v2 | |
| with: | |
| fetch-depth: 0 | |
| - name: Install Phase CLI | |
| run: | | |
| curl -fsSL https://pkg.phase.dev/install.sh | sudo bash | |
| - name: Deploy to staging | |
| env: | |
| SSH_AUTH_SOCK: /tmp/ssh_agent.sock | |
| run: | | |
| export $(phase secrets export --app $PHASE_PROJECT --env development _IP_STAGING | xargs) | |
| mkdir -p ~/.ssh | |
| ssh-agent -a $SSH_AUTH_SOCK > /dev/null | |
| ssh-keyscan github.com >> ~/.ssh/known_hosts | |
| ssh-keyscan $_IP_STAGING >> ~/.ssh/known_hosts | |
| ssh-add - <<< "${{ secrets.DEPLOY_KEY_PRIVATE }}" | |
| git remote add staging ssh://deploy@$_IP_STAGING/srv/repos/$REPO_NAME.git | |
| git push staging staging -f | |
| sentry_release_stg: | |
| runs-on: ubuntu-latest | |
| needs: deploy_staging | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v2 | |
| with: | |
| fetch-depth: 0 | |
| - name: Create Sentry release | |
| uses: getsentry/action-release@v1 | |
| with: | |
| environment: staging | |
| ignore_missing: true | |
| deploy_production: | |
| runs-on: ubuntu-latest | |
| needs: test | |
| if: github.ref == 'refs/heads/main' && ! contains(github.event.head_commit.message, '[skip ci]') && ! contains(github.event.head_commit.message, '[skip deploy]') | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v2 | |
| with: | |
| fetch-depth: 0 | |
| - name: Install Phase CLI | |
| run: | | |
| curl -fsSL https://pkg.phase.dev/install.sh | sudo bash | |
| - name: Deploy to production | |
| env: | |
| SSH_AUTH_SOCK: /tmp/ssh_agent.sock | |
| run: | | |
| export $(phase secrets export --app $PHASE_PROJECT --env development _IP_PRODUCTION | xargs) | |
| mkdir -p ~/.ssh | |
| ssh-agent -a $SSH_AUTH_SOCK > /dev/null | |
| ssh-keyscan github.com >> ~/.ssh/known_hosts | |
| ssh-keyscan $_IP_PRODUCTION >> ~/.ssh/known_hosts | |
| ssh-add - <<< "${{ secrets.DEPLOY_KEY_PRIVATE }}" | |
| git remote add production ssh://deploy@$_IP_PRODUCTION/srv/repos/$REPO_NAME.git | |
| git push production main -f | |
| sentry_release_prd: | |
| runs-on: ubuntu-latest | |
| needs: deploy_production | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v2 | |
| with: | |
| fetch-depth: 0 | |
| - name: Create Sentry release | |
| uses: getsentry/action-release@v1 | |
| with: | |
| environment: production | |
| ignore_missing: true |