Skip to content

fix automatic CI deployement to prod WIP #122

fix automatic CI deployement to prod WIP

fix automatic CI deployement to prod WIP #122

Workflow file for this run

name: CI - CD
on:
push:
branches:
- main
pull_request:
branches:
- main
jobs:
trigger_production_deploy:
name: "Trigger production deploy"
runs-on: ubuntu-latest
environment: production
# concurrency:
# group: deploy-to-production
# cancel-in-progress: true
# needs:
# - docker
# - poke_gitops
# - check_if_version_upgraded
# env:
# TO_VERSION: ${{ needs.check_if_version_upgraded.outputs.to_version }}
steps:
- run: echo "Triggering production deploy"
- name: Set up SSH
run: |
mkdir -p ~/.ssh
echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_ed25519
chmod 600 ~/.ssh/id_ed25519
ssh-keyscan code.gouv.fr >> ~/.ssh/known_hosts
echo --------
ssh -A -T -o StrictHostKeyChecking=no [email protected] "echo \$SSH_AUTH_SOCK && sudo -E -u web ssh-add -l"
echo --------
ssh -vvv -A -o StrictHostKeyChecking=no [email protected] "echo Connected as \$(whoami) && sudo -E -u web ./update-sill-docker-compose.sh v1.42.34"
# ssh -T -A -o StrictHostKeyChecking=no [email protected] "echo Connected as \$(whoami) && sudo -E -u web ./update-sill-docker-compose.sh v${{ env.TO_VERSION }}"
env:
SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
# validations:
# runs-on: ubuntu-latest
# steps:
# - uses: actions/checkout@v4
# - uses: actions/setup-node@v4
# with:
# node-version: "20"
# - uses: bahmutov/npm-install@v1
# - name: Build back
# run: cd api && yarn build
# - name: Fullcheck
# run: yarn fullcheck
# #
# check_if_version_upgraded:
# name: Check if version upgrade
# if: github.event_name == 'push'
# runs-on: ubuntu-latest
# needs: validations
# outputs:
# from_version: ${{ steps.step1.outputs.from_version }}
# to_version: ${{ steps.step1.outputs.to_version }}
# is_upgraded_version: ${{ steps.step1.outputs.is_upgraded_version }}
# steps:
# - uses: garronej/[email protected]
# id: step1
# with:
# action_name: is_package_json_version_upgraded
#
# create_tag:
# name: Create version tag
# runs-on: ubuntu-latest
# needs:
# - check_if_version_upgraded
# if: needs.check_if_version_upgraded.outputs.is_upgraded_version == 'true'
# env:
# TO_VERSION: ${{ needs.check_if_version_upgraded.outputs.to_version }}
# steps:
# - name: Checkout repository
# uses: actions/checkout@v4
# - name: Create tag
# run: |
# git config --local user.email "[email protected]"
# git config --local user.name "GitHub Actions"
# git tag -a v${{ env.TO_VERSION }} -m "Deployment tag for v${{ env.TO_VERSION }}"
# git push --tags
#
# pre-release:
# runs-on: ubuntu-latest
# needs:
# - check_if_version_upgraded
# - create_tag
# permissions:
# contents: write
# env:
# PRE_RELEASE_TAG: v${{ needs.check_if_version_upgraded.outputs.to_version }}-rc
# steps:
# - uses: actions/checkout@v4
# - uses: actions/setup-node@v4
# with:
# node-version: "20"
# - uses: bahmutov/npm-install@v1
# - run: cd web && yarn prepare
# - name: Build
# run: yarn build
# - name: Keycloakify
# run: cd web && npx keycloakify && cd ..
# env:
# XDG_CACHE_HOME: "/home/runner/.cache/yarn"
# - run: mv web/build_keycloak/target/retrocompat-*.jar retrocompat-keycloak-theme.jar
# - run: mv web/build_keycloak/target/*.jar keycloak-theme.jar
# - name: "Generate release candidate on github"
# uses: softprops/action-gh-release@v2
# with:
# name: Release candidate ${{ env.PRE_RELEASE_TAG }}
# prerelease: true
# tag_name: ${{ env.PRE_RELEASE_TAG }}
# generate_release_notes: true
# token: ${{ secrets.GITHUB_TOKEN }}
# files: |
# retrocompat-keycloak-theme.jar
# keycloak-theme.jar
# - name: Delete old prereleases
# uses: actions/github-script@v7
# with:
# github-token: ${{ secrets.GITHUB_TOKEN }}
# script: |
# const excludeTagName = '${{ env.PRE_RELEASE_TAG }}';
# const releases = await github.request(`GET /repos/${{ github.repository }}/releases`);
#
# const oldPrereleases = releases.data
# .filter(release => release.prerelease && release.tag_name !== excludeTagName);
#
# console.log(`Found ${oldPrereleases.length} old prereleases`);
#
# for (const release of oldPrereleases) {
# console.log(`Deleting prerelease: ${release.tag_name} and the corresponding tag`);
# await github.request(`DELETE /repos/${{ github.repository }}/releases/${release.id}`);
# await github.request(`DELETE /repos/${{ github.repository }}/git/refs/tags/${release.tag_name}`);
# }
#
# docker:
# runs-on: ubuntu-latest
# needs:
# - check_if_version_upgraded
# - create_tag
# - pre-release
# steps:
# - uses: actions/checkout@v4
# - uses: docker/setup-qemu-action@v3
# - uses: docker/setup-buildx-action@v3
# - uses: docker/login-action@v3
# with:
# username: ${{ secrets.DOCKERHUB_USERNAME }}
# password: ${{ secrets.DOCKERHUB_TOKEN }}
# - name: Computing Docker image tags
# id: step1
# env:
# TO_VERSION: ${{ needs.check_if_version_upgraded.outputs.to_version }}
# run: |
# OUT_API=$GITHUB_REPOSITORY-api:$TO_VERSION,$GITHUB_REPOSITORY-api:latest
# OUT_API=$(echo "$OUT_API" | awk '{print tolower($0)}')
# echo ::set-output name=docker_api_tags::$OUT_API
#
# OUT_WEB=$GITHUB_REPOSITORY-web:$TO_VERSION,$GITHUB_REPOSITORY-web:latest
# OUT_WEB=$(echo "$OUT_WEB" | awk '{print tolower($0)}')
# echo ::set-output name=docker_web_tags::$OUT_WEB
#
# - uses: docker/build-push-action@v5
# with:
# push: true
# context: .
# target: api
# tags: ${{ steps.step1.outputs.docker_api_tags }}
# - uses: docker/build-push-action@v5
# with:
# push: true
# context: .
# target: web
# tags: ${{ steps.step1.outputs.docker_web_tags }}
#
# poke_gitops:
# name: "Poke gitops"
# runs-on: ubuntu-latest
# needs:
# - docker
# steps:
# - uses: peter-evans/repository-dispatch@v3
# with:
# token: ${{ secrets.PAT_PRIVATE_REPO_DISPATCH }}
# event-type: update_sill
# repository: codegouvfr/paris-sspcloud
#
# trigger_production_deploy:
# name: "Trigger production deploy"
# runs-on: ubuntu-latest
# environment: production
# concurrency:
# group: deploy-to-production
# cancel-in-progress: true
# needs:
# - docker
# - poke_gitops
# - check_if_version_upgraded
# env:
# TO_VERSION: ${{ needs.check_if_version_upgraded.outputs.to_version }}
# steps:
# - run: echo "Triggering production deploy"
# - name: Set up SSH
# run: |
# mkdir -p ~/.ssh
# echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_ed25519
# chmod 600 ~/.ssh/id_ed25519
# ssh-keyscan code.gouv.fr >> ~/.ssh/known_hosts
# ssh -A -o StrictHostKeyChecking=no [email protected] "echo Connected as \$(whoami) && sudo -E -u web ./update-sill-docker-compose.sh v${{ env.TO_VERSION }}"
# env:
# SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
#
# create_github_release:
# name: "Create release notes"
# runs-on: ubuntu-latest
# needs:
# - trigger_production_deploy
# - check_if_version_upgraded
# - create_tag
# if: |
# needs.check_if_version_upgraded.outputs.is_upgraded_version == 'true' && github.event_name == 'push'
# # We create a release only when all of the above are validated:
# # - we are on default branch
# # - version has been upgraded
# # - we have pushed to production
# env:
# TO_VERSION: ${{ needs.check_if_version_upgraded.outputs.to_version }}
# steps:
# - name: "Generate release candidate on github"
# uses: softprops/action-gh-release@v2
# with:
# name: Release v${{ env.TO_VERSION }}
# prerelease: false
# tag_name: v${{ env.TO_VERSION }}
# generate_release_notes: true
# token: ${{ secrets.GITHUB_TOKEN }}