-
Notifications
You must be signed in to change notification settings - Fork 1
201 lines (169 loc) · 6.6 KB
/
release-ci.yml
File metadata and controls
201 lines (169 loc) · 6.6 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
name: Release Prod
on:
release:
types: [ published ]
workflow_dispatch:
inputs:
image_tag:
description: Docker image tag to build and deploy
required: true
type: string
deploy_ref:
description: Git ref or tag to checkout on the server
required: true
type: string
jobs:
test:
name: Tests
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Set up Python 3.11
uses: actions/setup-python@v4
with:
python-version: 3.11
- name: cache poetry install
uses: actions/cache@v4
with:
path: ~/.local
key: poetry-1.2.2-0
- uses: snok/install-poetry@v1
with:
version: 1.2.2
virtualenvs-create: true
virtualenvs-in-project: true
- name: cache deps
id: cache-deps
uses: actions/cache@v4
with:
path: .venv
key: pydeps-${{ hashFiles('**/poetry.lock') }}
- run: poetry install
- run: poetry run pip install setuptools
- name: Run tests
run: poetry run python manage.py test
env:
DEBUG: True
build:
name: Build Image
runs-on: ubuntu-latest
needs: [ test ]
outputs:
image_tag: ${{ steps.vars.outputs.image_tag }}
deploy_ref: ${{ steps.vars.outputs.deploy_ref }}
steps:
- name: "Checkout repository"
uses: actions/checkout@v3
with:
ref: ${{ github.event_name == 'release' && github.event.release.tag_name || github.event.inputs.deploy_ref }}
- name: Resolve image tag
id: vars
run: |
if [ "${{ github.event_name }}" = "release" ]; then
image_tag='${{ github.event.release.tag_name }}'
deploy_ref='${{ github.event.release.tag_name }}'
else
image_tag='${{ github.event.inputs.image_tag }}'
deploy_ref='${{ github.event.inputs.deploy_ref }}'
fi
if [ -z "$image_tag" ]; then
echo "IMAGE_TAG is empty" >&2
exit 1
fi
if [ -z "$deploy_ref" ]; then
echo "DEPLOY_REF is empty" >&2
exit 1
fi
echo "image_tag=$image_tag" >> "$GITHUB_OUTPUT"
echo "deploy_ref=$deploy_ref" >> "$GITHUB_OUTPUT"
- name: "Set up QEMU"
uses: docker/setup-qemu-action@v3
- name: "Set up Docker Buildx"
uses: docker/setup-buildx-action@v3
- name: "Login to GitHub Registry"
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: ghcr.io/procollab-github/api
tags: |
type=raw,value=${{ steps.vars.outputs.image_tag }}
- name: Build and push container
uses: docker/build-push-action@v5
with:
context: .
file: Dockerfile
push: true
cache-from: type=gha
cache-to: type=gha,mode=max
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
deploy:
name: Deploy
runs-on: ubuntu-latest
needs: [ build ]
steps:
- name: Deploy to server
uses: garygrossgarten/github-action-ssh@release
with:
host: ${{ secrets.SERVER_HOST }}
username: ${{ secrets.SERVER_USER }}
password: ${{ secrets.SERVER_PASSWORD }}
command: |
set -eu
export IMAGE_TAG="${{ needs.build.outputs.image_tag }}"
export DEPLOY_REF="${{ needs.build.outputs.deploy_ref }}"
echo "Deploying IMAGE_TAG=${IMAGE_TAG} from DEPLOY_REF=${DEPLOY_REF}"
if [ "$(id -un)" = "app" ]; then
git -C /home/app/procollab-backend fetch --all --tags --prune
git -C /home/app/procollab-backend checkout --detach "${DEPLOY_REF}"
git -C /home/app/procollab-backend rev-parse HEAD
else
sudo -u app git -C /home/app/procollab-backend fetch --all --tags --prune
sudo -u app git -C /home/app/procollab-backend checkout --detach "${DEPLOY_REF}"
sudo -u app git -C /home/app/procollab-backend rev-parse HEAD
fi
cd /home/app/procollab-backend
docker container prune -f
docker image prune -a -f
docker compose -f docker-compose.prod-ci.yml -p prod pull
rm -f .env
touch .env
echo "DJANGO_SECRET_KEY=${{ secrets.DJANGO_SECRET_KEY }}" >> .env
echo "DATABASE_NAME=${{ secrets.DATABASE_NAME }}" >> .env
echo "DATABASE_PASSWORD=${{ secrets.DATABASE_PASSWORD }}" >> .env
echo "DATABASE_USER=${{ secrets.DATABASE_USER }}" >> .env
echo "DATABASE_HOST=${{ secrets.DATABASE_HOST }}" >> .env
echo "DATABASE_PORT=${{ secrets.DATABASE_PORT }}" >> .env
echo "SELECTEL_ACCOUNT_ID=${{ secrets.SELECTEL_ACCOUNT_ID }}" >> .env
echo "SELECTEL_CONTAINER_NAME=${{ secrets.SELECTEL_CONTAINER_NAME }}" >> .env
echo "SELECTEL_CONTAINER_PASSWORD=${{ secrets.SELECTEL_CONTAINER_PASSWORD }}" >> .env
echo "SELECTEL_CONTAINER_USERNAME=${{ secrets.SELECTEL_CONTAINER_USERNAME }}" >> .env
echo "EMAIL_USER=${{ secrets.EMAIL_USER }}" >> .env
echo "UNISENDER_GO_API_KEY=${{ secrets.UNISENDER_GO_API_KEY }}" >> .env
chmod 600 .env
docker compose -f docker-compose.prod-ci.yml -p prod config >/dev/null
docker compose -f docker-compose.prod-ci.yml -p prod up -d --remove-orphans
if [ "$(id -u)" -eq 0 ]; then
nginx -t
systemctl reload nginx
else
sudo nginx -t
sudo systemctl reload nginx
fi
for attempt in $(seq 1 24); do
root_status="$(curl -k -s -o /dev/null -w '%{http_code}' https://api.procollab.ru/ || true)"
admin_status="$(curl -k -s -o /dev/null -w '%{http_code}' https://api.procollab.ru/admin/login/ || true)"
if [ "$root_status" = "401" ] && [ "$admin_status" = "200" ]; then
echo "Smoke check passed on attempt ${attempt}"
exit 0
fi
sleep 5
done
echo "Smoke check failed: /=${root_status} /admin/login/=${admin_status}"
exit 1