Update garronej/ts-ci action to v2.1.5 #775
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI - CD | |
on: | |
push: | |
branches: | |
- main | |
pull_request: | |
branches: | |
- main | |
jobs: | |
validations: | |
runs-on: ubuntu-latest | |
env: | |
DATABASE_URL: postgresql://sill:pg_password@localhost:5432/sill | |
services: | |
postgres: | |
image: postgres:16-alpine | |
env: | |
POSTGRES_USER: sill | |
POSTGRES_PASSWORD: pg_password | |
POSTGRES_DB: sill | |
ports: | |
- 5432:5432 | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: "20" | |
- uses: bahmutov/npm-install@v1 | |
- name: Build back | |
run: cd api && yarn build | |
- name: Migrate db | |
run: cd api && yarn migrate latest | |
- name: Fullcheck | |
run: yarn fullcheck | |
# | |
check_if_version_upgraded: | |
name: Check if version upgrade | |
if: github.event_name == 'push' | |
runs-on: ubuntu-latest | |
needs: validations | |
outputs: | |
from_version: ${{ steps.step1.outputs.from_version }} | |
to_version: ${{ steps.step1.outputs.to_version }} | |
is_upgraded_version: ${{ steps.step1.outputs.is_upgraded_version }} | |
steps: | |
- uses: garronej/[email protected] | |
id: step1 | |
with: | |
action_name: is_package_json_version_upgraded | |
create_tag: | |
name: Create version tag | |
runs-on: ubuntu-latest | |
needs: | |
- check_if_version_upgraded | |
if: needs.check_if_version_upgraded.outputs.is_upgraded_version == 'true' | |
env: | |
TO_VERSION: ${{ needs.check_if_version_upgraded.outputs.to_version }} | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
- name: Create tag | |
run: | | |
git config --local user.email "[email protected]" | |
git config --local user.name "GitHub Actions" | |
git tag -a v${{ env.TO_VERSION }} -m "Deployment tag for v${{ env.TO_VERSION }}" | |
git push --tags | |
pre-release: | |
runs-on: ubuntu-latest | |
needs: | |
- check_if_version_upgraded | |
- create_tag | |
permissions: | |
contents: write | |
env: | |
PRE_RELEASE_TAG: v${{ needs.check_if_version_upgraded.outputs.to_version }}-rc | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: "20" | |
- uses: bahmutov/npm-install@v1 | |
- run: cd web | |
- name: Build | |
run: yarn build | |
- name: "Generate release candidate on github" | |
uses: softprops/action-gh-release@v2 | |
with: | |
name: Release candidate ${{ env.PRE_RELEASE_TAG }} | |
prerelease: true | |
tag_name: ${{ env.PRE_RELEASE_TAG }} | |
generate_release_notes: true | |
token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Delete old prereleases | |
uses: actions/github-script@v7 | |
with: | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
script: | | |
const excludeTagName = '${{ env.PRE_RELEASE_TAG }}'; | |
const releases = await github.request(`GET /repos/${{ github.repository }}/releases`); | |
const oldPrereleases = releases.data | |
.filter(release => release.prerelease && release.tag_name !== excludeTagName); | |
console.log(`Found ${oldPrereleases.length} old prereleases`); | |
for (const release of oldPrereleases) { | |
console.log(`Deleting prerelease: ${release.tag_name} and the corresponding tag`); | |
await github.request(`DELETE /repos/${{ github.repository }}/releases/${release.id}`); | |
await github.request(`DELETE /repos/${{ github.repository }}/git/refs/tags/${release.tag_name}`); | |
} | |
docker: | |
runs-on: ubuntu-latest | |
needs: | |
- pre-release | |
- check_if_version_upgraded | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: docker/setup-qemu-action@v3 | |
- uses: docker/setup-buildx-action@v3 | |
- uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
- name: Computing Docker image tags | |
id: step1 | |
env: | |
TO_VERSION: ${{ needs.check_if_version_upgraded.outputs.to_version }} | |
run: | | |
OUT_API=$GITHUB_REPOSITORY-api:$TO_VERSION,$GITHUB_REPOSITORY-api:latest | |
OUT_API=$(echo "$OUT_API" | awk '{print tolower($0)}') | |
echo ::set-output name=docker_api_tags::$OUT_API | |
OUT_WEB=$GITHUB_REPOSITORY-web:$TO_VERSION,$GITHUB_REPOSITORY-web:latest | |
OUT_WEB=$(echo "$OUT_WEB" | awk '{print tolower($0)}') | |
echo ::set-output name=docker_web_tags::$OUT_WEB | |
- uses: docker/build-push-action@v5 | |
with: | |
push: true | |
context: . | |
file: ./Dockerfile.api | |
tags: ${{ steps.step1.outputs.docker_api_tags }} | |
- uses: docker/build-push-action@v5 | |
with: | |
push: true | |
context: . | |
file: ./Dockerfile.web | |
tags: ${{ steps.step1.outputs.docker_web_tags }} | |
poke_gitops: | |
name: "Poke gitops" | |
runs-on: ubuntu-latest | |
needs: | |
- docker | |
steps: | |
- uses: peter-evans/repository-dispatch@v3 | |
with: | |
token: ${{ secrets.PAT_PRIVATE_REPO_DISPATCH }} | |
event-type: update_sill | |
repository: codegouvfr/paris-sspcloud | |
trigger_pre_production_deploy: | |
name: "Trigger pre-production deploy" | |
runs-on: ubuntu-latest | |
concurrency: | |
group: deploy-to-pre-production | |
cancel-in-progress: true | |
needs: | |
- pre-release | |
- check_if_version_upgraded | |
env: | |
TO_VERSION: ${{ needs.check_if_version_upgraded.outputs.to_version }} | |
steps: | |
- run: echo "Triggering production deploy" | |
- name: Set up SSH | |
run: | | |
mkdir -p ~/.ssh | |
echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_ed25519 | |
chmod 600 ~/.ssh/id_ed25519 | |
ssh-keyscan code.gouv.fr >> ~/.ssh/known_hosts | |
ssh -o StrictHostKeyChecking=no [email protected] "bash -c 'eval \"\$(ssh-agent -s)\" && ssh-add ~/.ssh/sill-data && ./update-sill-preprod.sh v${{ env.TO_VERSION }}'" | |
env: | |
SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }} | |
trigger_production_deploy: | |
name: "Trigger production deploy" | |
runs-on: ubuntu-latest | |
environment: production | |
concurrency: | |
group: deploy-to-production | |
cancel-in-progress: true | |
needs: | |
- trigger_pre_production_deploy | |
- check_if_version_upgraded | |
env: | |
TO_VERSION: ${{ needs.check_if_version_upgraded.outputs.to_version }} | |
steps: | |
- run: echo "Triggering production deploy" | |
- name: Set up SSH | |
run: | | |
mkdir -p ~/.ssh | |
echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_ed25519 | |
chmod 600 ~/.ssh/id_ed25519 | |
ssh-keyscan code.gouv.fr >> ~/.ssh/known_hosts | |
ssh -o StrictHostKeyChecking=no [email protected] "bash -c 'eval \"\$(ssh-agent -s)\" && ssh-add ~/.ssh/sill-data && ./update-sill-docker-compose.sh v${{ env.TO_VERSION }}'" | |
env: | |
SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }} | |
create_github_release: | |
name: "Create release notes" | |
runs-on: ubuntu-latest | |
needs: | |
- trigger_production_deploy | |
- check_if_version_upgraded | |
- create_tag | |
if: | | |
needs.check_if_version_upgraded.outputs.is_upgraded_version == 'true' && github.event_name == 'push' | |
# We create a release only when all of the above are validated: | |
# - we are on default branch | |
# - version has been upgraded | |
# - we have pushed to production | |
env: | |
TO_VERSION: ${{ needs.check_if_version_upgraded.outputs.to_version }} | |
steps: | |
- name: "Generate release candidate on github" | |
uses: softprops/action-gh-release@v2 | |
with: | |
name: Release v${{ env.TO_VERSION }} | |
prerelease: false | |
tag_name: v${{ env.TO_VERSION }} | |
generate_release_notes: true | |
token: ${{ secrets.GITHUB_TOKEN }} |