fix automatic CI deployement to prod WIP #121
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI - CD | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| branches: | |
| - main | |
| jobs: | |
| trigger_production_deploy: | |
| name: "Trigger production deploy" | |
| runs-on: ubuntu-latest | |
| # environment: production | |
| # concurrency: | |
| # group: deploy-to-production | |
| # cancel-in-progress: true | |
| # needs: | |
| # - docker | |
| # - poke_gitops | |
| # - check_if_version_upgraded | |
| # env: | |
| # TO_VERSION: ${{ needs.check_if_version_upgraded.outputs.to_version }} | |
| steps: | |
| - run: echo "Triggering production deploy" | |
| - name: Set up SSH | |
| run: | | |
| mkdir -p ~/.ssh | |
| echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_ed25519 | |
| chmod 600 ~/.ssh/id_ed25519 | |
| ssh-keyscan code.gouv.fr >> ~/.ssh/known_hosts | |
| ssh -A -o StrictHostKeyChecking=no [email protected] "echo Connected as \$(whoami) && sudo -E -u web ./update-sill-docker-compose.sh v${{ env.TO_VERSION }}" | |
| env: | |
| SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }} | |
| # validations: | |
| # runs-on: ubuntu-latest | |
| # steps: | |
| # - uses: actions/checkout@v4 | |
| # - uses: actions/setup-node@v4 | |
| # with: | |
| # node-version: "20" | |
| # - uses: bahmutov/npm-install@v1 | |
| # - name: Build back | |
| # run: cd api && yarn build | |
| # - name: Fullcheck | |
| # run: yarn fullcheck | |
| # # | |
| # check_if_version_upgraded: | |
| # name: Check if version upgrade | |
| # if: github.event_name == 'push' | |
| # runs-on: ubuntu-latest | |
| # needs: validations | |
| # outputs: | |
| # from_version: ${{ steps.step1.outputs.from_version }} | |
| # to_version: ${{ steps.step1.outputs.to_version }} | |
| # is_upgraded_version: ${{ steps.step1.outputs.is_upgraded_version }} | |
| # steps: | |
| # - uses: garronej/[email protected] | |
| # id: step1 | |
| # with: | |
| # action_name: is_package_json_version_upgraded | |
| # | |
| # create_tag: | |
| # name: Create version tag | |
| # runs-on: ubuntu-latest | |
| # needs: | |
| # - check_if_version_upgraded | |
| # if: needs.check_if_version_upgraded.outputs.is_upgraded_version == 'true' | |
| # env: | |
| # TO_VERSION: ${{ needs.check_if_version_upgraded.outputs.to_version }} | |
| # steps: | |
| # - name: Checkout repository | |
| # uses: actions/checkout@v4 | |
| # - name: Create tag | |
| # run: | | |
| # git config --local user.email "[email protected]" | |
| # git config --local user.name "GitHub Actions" | |
| # git tag -a v${{ env.TO_VERSION }} -m "Deployment tag for v${{ env.TO_VERSION }}" | |
| # git push --tags | |
| # | |
| # pre-release: | |
| # runs-on: ubuntu-latest | |
| # needs: | |
| # - check_if_version_upgraded | |
| # - create_tag | |
| # permissions: | |
| # contents: write | |
| # env: | |
| # PRE_RELEASE_TAG: v${{ needs.check_if_version_upgraded.outputs.to_version }}-rc | |
| # steps: | |
| # - uses: actions/checkout@v4 | |
| # - uses: actions/setup-node@v4 | |
| # with: | |
| # node-version: "20" | |
| # - uses: bahmutov/npm-install@v1 | |
| # - run: cd web && yarn prepare | |
| # - name: Build | |
| # run: yarn build | |
| # - name: Keycloakify | |
| # run: cd web && npx keycloakify && cd .. | |
| # env: | |
| # XDG_CACHE_HOME: "/home/runner/.cache/yarn" | |
| # - run: mv web/build_keycloak/target/retrocompat-*.jar retrocompat-keycloak-theme.jar | |
| # - run: mv web/build_keycloak/target/*.jar keycloak-theme.jar | |
| # - name: "Generate release candidate on github" | |
| # uses: softprops/action-gh-release@v2 | |
| # with: | |
| # name: Release candidate ${{ env.PRE_RELEASE_TAG }} | |
| # prerelease: true | |
| # tag_name: ${{ env.PRE_RELEASE_TAG }} | |
| # generate_release_notes: true | |
| # token: ${{ secrets.GITHUB_TOKEN }} | |
| # files: | | |
| # retrocompat-keycloak-theme.jar | |
| # keycloak-theme.jar | |
| # - name: Delete old prereleases | |
| # uses: actions/github-script@v7 | |
| # with: | |
| # github-token: ${{ secrets.GITHUB_TOKEN }} | |
| # script: | | |
| # const excludeTagName = '${{ env.PRE_RELEASE_TAG }}'; | |
| # const releases = await github.request(`GET /repos/${{ github.repository }}/releases`); | |
| # | |
| # const oldPrereleases = releases.data | |
| # .filter(release => release.prerelease && release.tag_name !== excludeTagName); | |
| # | |
| # console.log(`Found ${oldPrereleases.length} old prereleases`); | |
| # | |
| # for (const release of oldPrereleases) { | |
| # console.log(`Deleting prerelease: ${release.tag_name} and the corresponding tag`); | |
| # await github.request(`DELETE /repos/${{ github.repository }}/releases/${release.id}`); | |
| # await github.request(`DELETE /repos/${{ github.repository }}/git/refs/tags/${release.tag_name}`); | |
| # } | |
| # | |
| # docker: | |
| # runs-on: ubuntu-latest | |
| # needs: | |
| # - check_if_version_upgraded | |
| # - create_tag | |
| # - pre-release | |
| # steps: | |
| # - uses: actions/checkout@v4 | |
| # - uses: docker/setup-qemu-action@v3 | |
| # - uses: docker/setup-buildx-action@v3 | |
| # - uses: docker/login-action@v3 | |
| # with: | |
| # username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| # password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| # - name: Computing Docker image tags | |
| # id: step1 | |
| # env: | |
| # TO_VERSION: ${{ needs.check_if_version_upgraded.outputs.to_version }} | |
| # run: | | |
| # OUT_API=$GITHUB_REPOSITORY-api:$TO_VERSION,$GITHUB_REPOSITORY-api:latest | |
| # OUT_API=$(echo "$OUT_API" | awk '{print tolower($0)}') | |
| # echo ::set-output name=docker_api_tags::$OUT_API | |
| # | |
| # OUT_WEB=$GITHUB_REPOSITORY-web:$TO_VERSION,$GITHUB_REPOSITORY-web:latest | |
| # OUT_WEB=$(echo "$OUT_WEB" | awk '{print tolower($0)}') | |
| # echo ::set-output name=docker_web_tags::$OUT_WEB | |
| # | |
| # - uses: docker/build-push-action@v5 | |
| # with: | |
| # push: true | |
| # context: . | |
| # target: api | |
| # tags: ${{ steps.step1.outputs.docker_api_tags }} | |
| # - uses: docker/build-push-action@v5 | |
| # with: | |
| # push: true | |
| # context: . | |
| # target: web | |
| # tags: ${{ steps.step1.outputs.docker_web_tags }} | |
| # | |
| # poke_gitops: | |
| # name: "Poke gitops" | |
| # runs-on: ubuntu-latest | |
| # needs: | |
| # - docker | |
| # steps: | |
| # - uses: peter-evans/repository-dispatch@v3 | |
| # with: | |
| # token: ${{ secrets.PAT_PRIVATE_REPO_DISPATCH }} | |
| # event-type: update_sill | |
| # repository: codegouvfr/paris-sspcloud | |
| # | |
| # trigger_production_deploy: | |
| # name: "Trigger production deploy" | |
| # runs-on: ubuntu-latest | |
| # environment: production | |
| # concurrency: | |
| # group: deploy-to-production | |
| # cancel-in-progress: true | |
| # needs: | |
| # - docker | |
| # - poke_gitops | |
| # - check_if_version_upgraded | |
| # env: | |
| # TO_VERSION: ${{ needs.check_if_version_upgraded.outputs.to_version }} | |
| # steps: | |
| # - run: echo "Triggering production deploy" | |
| # - name: Set up SSH | |
| # run: | | |
| # mkdir -p ~/.ssh | |
| # echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_ed25519 | |
| # chmod 600 ~/.ssh/id_ed25519 | |
| # ssh-keyscan code.gouv.fr >> ~/.ssh/known_hosts | |
| # ssh -A -o StrictHostKeyChecking=no [email protected] "echo Connected as \$(whoami) && sudo -E -u web ./update-sill-docker-compose.sh v${{ env.TO_VERSION }}" | |
| # env: | |
| # SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }} | |
| # | |
| # create_github_release: | |
| # name: "Create release notes" | |
| # runs-on: ubuntu-latest | |
| # needs: | |
| # - trigger_production_deploy | |
| # - check_if_version_upgraded | |
| # - create_tag | |
| # if: | | |
| # needs.check_if_version_upgraded.outputs.is_upgraded_version == 'true' && github.event_name == 'push' | |
| # # We create a release only when all of the above are validated: | |
| # # - we are on default branch | |
| # # - version has been upgraded | |
| # # - we have pushed to production | |
| # env: | |
| # TO_VERSION: ${{ needs.check_if_version_upgraded.outputs.to_version }} | |
| # steps: | |
| # - name: "Generate release candidate on github" | |
| # uses: softprops/action-gh-release@v2 | |
| # with: | |
| # name: Release v${{ env.TO_VERSION }} | |
| # prerelease: false | |
| # tag_name: v${{ env.TO_VERSION }} | |
| # generate_release_notes: true | |
| # token: ${{ secrets.GITHUB_TOKEN }} |