-
Notifications
You must be signed in to change notification settings - Fork 159
173 lines (171 loc) · 6.61 KB
/
build-and-test.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
name: Continuous Integration
on:
push:
pull_request:
schedule:
# Every four hours, avoiding o'clock because GitHub actions
# are slower at exactly :00.
- cron: '42 1,5,9,13,17,21 * * *'
permissions:
id-token: write
contents: write
pull-requests: write
jobs:
build:
name: Build and Test
strategy:
matrix:
os: [ ubuntu ]
hhvm: [ '4.164' ]
runs-on: ${{matrix.os}}-latest
steps:
- uses: actions/checkout@v3
- name: Fetch docker images
run: |
docker pull hhvm/hhvm:${{matrix.hhvm}}-latest
docker pull hhvm/hhvm-proxygen:${{matrix.hhvm}}-latest
- name: Build
run: docker build -t hhvm/user-documentation:scratch -f .deploy/built-site.Dockerfile .
- name: Typecheck
run: docker run --rm -w /var/www hhvm/user-documentation:scratch hh_server --check .
- name: Run tests
run: docker run --rm -w /var/www hhvm/user-documentation:scratch vendor/bin/hacktest tests/
- name: Lint
run: docker run --rm -w /var/www hhvm/user-documentation:scratch vendor/bin/hhast-lint
- name: Verify codegen is unchanged
run: docker run --rm -w /var/www hhvm/user-documentation:scratch vendor/bin/hh-codegen-verify-signatures src
- name: Set up cache for Docker image
uses: actions/cache@v3
with:
key: ${{github.run_id}}
path: hack-docs.tar
- name: Export Docker image
run: docker save hhvm/user-documentation:scratch -o hack-docs.tar
update-docker-image:
concurrency: ${{github.ref}}
if: github.ref == 'refs/heads/main'
name: Deploy
needs: build
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- id: download-tar
name: Set up cache for Docker image
uses: actions/cache@v3
with:
key: ${{github.run_id}}
path: hack-docs.tar
- name: Import Docker image
run: docker load --input hack-docs.tar
- name: Build HHBC repo
run: |
mkdir ${{runner.temp}}/repo-out
docker run --rm \
-v ${{runner.temp}}/repo-out:/var/out \
-w /var/www \
hhvm/user-documentation:scratch \
.deploy/build-repo.sh
- name: Set image tag/name variables
run: |
DEPLOY_REV=$(git rev-parse --short HEAD)
HHVM_VERSION=$(awk '/APIProduct::HACK/{print $NF}' src/codegen/PRODUCT_TAGS.php | cut -f2 -d- | cut -f1-2 -d.)
IMAGE_TAG="HHVM-${HHVM_VERSION}-$(date +%Y-%m-%d)-${DEPLOY_REV}"
IMAGE_NAME="hhvm/user-documentation:$IMAGE_TAG"
echo "DEPLOY_REV=$DEPLOY_REV" >> $GITHUB_ENV
echo "IMAGE_TAG=$IMAGE_TAG" >> $GITHUB_ENV
echo "IMAGE_NAME=$IMAGE_NAME" >> $GITHUB_ENV
- name: Build repo-authoritative Docker image
run: |
cp hhvm.prod.ini ${{runner.temp}}/repo-out
cp .deploy/prod.Dockerfile ${{runner.temp}}/repo-out/Dockerfile
(
cd ${{runner.temp}}/repo-out
docker build -t ${IMAGE_NAME} .
)
- name: Log in to DockerHub
run: |
echo "${{secrets.DOCKERHUB_PASSWORD}}" | docker login -u "${{secrets.DOCKERHUB_USER}}" \
--password-stdin
- name: Push image to DockerHub
run: |
docker push "$IMAGE_NAME"
- if: github.ref == 'refs/heads/main'
name: Update the latest tag to DockerHub
run: |
docker tag "$IMAGE_NAME" hhvm/user-documentation:latest
docker push "hhvm/user-documentation:latest"
- name: Checkout the existing deploy branch
id: checkout-existing-deploy-branch
continue-on-error: true
uses: actions/checkout@v3
with:
path: .var/tmp/deploy
ref: deploy/prod-${{github.ref_name}}
- name: Checkout the default deploy branch
if: steps.checkout-existing-deploy-branch.outcome == 'failure'
uses: actions/checkout@v3
with:
path: .var/tmp/deploy
ref: deploy/prod-main
- run: |
cat > .var/tmp/deploy/terraform.tfvars <<EOF
container_image = "$IMAGE_NAME"
EOF
- uses: aws-actions/configure-aws-credentials@v1
with:
role-duration-seconds: 7000
role-to-assume: arn:aws:iam::223121549624:role/hhvm-user-documentation-github-actions
aws-region: us-west-2
- uses: hashicorp/setup-terraform@v2
- name: Push to staging branch
uses: stefanzweifel/git-auto-commit-action@v4
with:
commit_message: Update the Docker image name to ${{env.IMAGE_TAG}}, which was built from ${{github.sha}}
repository: .var/tmp/deploy
create_branch: true
push_options: --force
branch: deploy/staging-${{github.run_id}}
- name: Deploy staging server
run: |
terraform init &&
(terraform workspace select "$WORKSPACE_NAME" || terraform workspace new "$WORKSPACE_NAME") &&
terraform apply -auto-approve
working-directory: .var/tmp/deploy/
env:
WORKSPACE_NAME: staging-${{github.run_id}}
- name: Print staging host name
id: print-staging-host-name
run: terraform output -raw aws_lb_lb_dns_name
working-directory: .var/tmp/deploy/
- name: Wait until the server is up
run: wget --retry-connrefused --retry-on-http-error=503,504 --tries=720 --no-http-keep-alive --output-document=- "http://${{steps.print-staging-host-name.outputs.stdout}}/"
- name: Run test suite against staging
run: |
docker run --rm \
-w /var/www \
-e "REMOTE_TEST_HOST=${{steps.print-staging-host-name.outputs.stdout}}" \
hhvm/user-documentation:scratch \
vendor/bin/hacktest \
--filter-groups remote \
tests/
- name: Destroy staging server and branch
run: |
terraform workspace select "$WORKSPACE_NAME" && \
terraform destroy -auto-approve && \
git push origin :deploy/staging-${{github.run_id}}
if: always()
working-directory: .var/tmp/deploy/
env:
WORKSPACE_NAME: staging-${{github.run_id}}
- name: Push to prod branch
uses: ad-m/github-push-action@master
with:
directory: .var/tmp/deploy
branch: deploy/prod-${{github.ref_name}}
- name: Deploy prod server
run: |
(terraform workspace select "$WORKSPACE_NAME" || terraform workspace new "$WORKSPACE_NAME") &&
terraform apply -auto-approve
working-directory: .var/tmp/deploy/
env:
WORKSPACE_NAME: prod-${{github.ref_name}}