Merge branch 'master' of github.com:alchemy-fr/phraseanet-services in… #1537
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: [push] | |
env: | |
COMPOSE_PROJECT_NAME: build | |
PS_SUBNET: 172.34.0.0/16 | |
PS_GATEWAY_IP: 172.34.0.1 | |
PHRASEA_DOMAIN: phrasea.local | |
TRAEFIK_HTTPS_PORT: 4442 | |
TRAEFIK_HTTP_PORT: 8042 | |
HTTPS_PORT_PREFIX: ':4442' | |
REGISTRY_NAMESPACE: ghcr.io/${{ github.repository_owner }}/ps- | |
DOCKER_TAG: ${{ github.sha }} | |
IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }} | |
VERIFY_SSL: "false" | |
COMPOSE_PROFILES: databox,expose,notify,uploader,databox-worker,expose-worker,notify-worker,uploader-worker,db,report,mailhog,dashboard | |
jobs: | |
build_keycloak: | |
name: 'Build Keycloak' | |
uses: ./.github/workflows/build_base.yaml | |
with: | |
image: keycloak | |
context: ./infra/docker/keycloak | |
target: keycloak | |
secrets: inherit | |
build_php-fpm-base: | |
name: 'Build php-fpm-base' | |
uses: ./.github/workflows/build_base.yaml | |
with: | |
image: php-fpm-base | |
context: ./infra/docker/php-fpm-base | |
secrets: inherit | |
build_configurator: | |
name: 'Build Configurator' | |
uses: ./.github/workflows/build_base.yaml | |
with: | |
image: configurator | |
context: ./configurator | |
secrets: inherit | |
needs: | |
- build_php-fpm-base | |
build_nginx-fpm-base: | |
name: 'Build nginx-fpm-base' | |
uses: ./.github/workflows/build_base.yaml | |
with: | |
image: nginx-fpm-base | |
context: ./infra/docker/nginx-fpm-base | |
secrets: inherit | |
build_nodejs-base: | |
name: 'Build nodejs-base' | |
uses: ./.github/workflows/build_base.yaml | |
with: | |
image: nodejs-base | |
context: ./infra/docker/nodejs-base | |
secrets: inherit | |
build_nginx-cache-purge: | |
name: 'Build nginx-cache-purge' | |
uses: ./.github/workflows/build_base.yaml | |
with: | |
image: nginx-cache-purge | |
context: ./infra/docker/nginx-cache-purge | |
secrets: inherit | |
build_dashboard: | |
name: 'Build Dashboard' | |
uses: ./.github/workflows/build.yaml | |
with: | |
image: dashboard | |
context: ./dashboard/client | |
withLibs: true | |
secrets: inherit | |
needs: | |
- build_nodejs-base | |
build_databox_api: | |
name: 'Build Databox API' | |
uses: ./.github/workflows/build_api.yaml | |
with: | |
prefix: databox | |
context: ./databox/api | |
withLibs: true | |
secrets: inherit | |
needs: | |
- build_php-fpm-base | |
- build_nginx-fpm-base | |
build_databox_client: | |
name: 'Build Databox Client' | |
uses: ./.github/workflows/build.yaml | |
with: | |
image: databox-client | |
context: ./databox/client | |
withLibs: true | |
secrets: inherit | |
needs: | |
- build_nodejs-base | |
build_databox_indexer: | |
name: 'Build Databox Indexer' | |
uses: ./.github/workflows/build.yaml | |
with: | |
image: databox-indexer | |
context: ./databox/indexer | |
withLibs: true | |
secrets: inherit | |
build_expose_api: | |
name: 'Build Expose API' | |
uses: ./.github/workflows/build_api.yaml | |
with: | |
prefix: expose | |
context: ./expose/api | |
withLibs: true | |
secrets: inherit | |
needs: | |
- build_php-fpm-base | |
- build_nginx-cache-purge | |
build_expose_client: | |
name: 'Build Expose Client' | |
uses: ./.github/workflows/build.yaml | |
with: | |
image: expose-client | |
context: ./expose/client | |
withLibs: true | |
secrets: inherit | |
needs: | |
- build_nodejs-base | |
build_matomo_php: | |
name: 'Build Matomo PHP' | |
uses: ./.github/workflows/build.yaml | |
with: | |
image: matomo-php | |
context: ./infra/docker/matomo-php | |
secrets: inherit | |
build_matomo_nginx: | |
name: 'Build Matomo NGINX' | |
uses: ./.github/workflows/build.yaml | |
with: | |
image: matomo-nginx | |
context: ./infra/docker/matomo-nginx | |
secrets: inherit | |
build_notify_api: | |
name: 'Build Notify API' | |
uses: ./.github/workflows/build_api.yaml | |
with: | |
prefix: notify | |
context: ./notify/api | |
withLibs: true | |
secrets: inherit | |
needs: | |
- build_php-fpm-base | |
- build_nginx-fpm-base | |
build_report_api: | |
name: 'Build Report API' | |
uses: ./.github/workflows/build.yaml | |
with: | |
image: report-api | |
context: report | |
secrets: inherit | |
build_uploader_api: | |
name: 'Build Uploader API' | |
uses: ./.github/workflows/build_api.yaml | |
with: | |
prefix: uploader | |
context: ./uploader/api | |
withLibs: true | |
secrets: inherit | |
needs: | |
- build_php-fpm-base | |
- build_nginx-fpm-base | |
build_uploader_client: | |
name: 'Build Uploader Client' | |
uses: ./.github/workflows/build.yaml | |
with: | |
image: uploader-client | |
context: ./uploader/client | |
withLibs: true | |
secrets: inherit | |
needs: | |
- build_nodejs-base | |
setup: | |
name: 'Setup stack' | |
runs-on: ubuntu-latest | |
needs: | |
- build_configurator | |
- build_dashboard | |
- build_databox_api | |
- build_databox_client | |
- build_databox_indexer | |
- build_expose_api | |
- build_expose_client | |
- build_keycloak | |
- build_matomo_nginx | |
- build_matomo_php | |
- build_notify_api | |
- build_report_api | |
- build_uploader_api | |
- build_uploader_client | |
steps: | |
- name: Install mkcert | |
run: | | |
sudo apt-get update | |
sudo apt-get install wget libnss3-tools | |
wget https://github.com/FiloSottile/mkcert/releases/download/v1.4.3/mkcert-v1.4.3-linux-amd64 | |
sudo mv mkcert-v1.4.3-linux-amd64 /usr/bin/mkcert | |
sudo chmod +x /usr/bin/mkcert | |
mkcert -install | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Log in to the Container registry | |
uses: docker/login-action@v2 | |
with: | |
registry: ${{ env.IMAGE_REGISTRY }} | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Pull images | |
run: | | |
docker compose pull | |
docker compose pull configurator | |
- name: Setup | |
if: "!contains(github.event.head_commit.message, '[skip test]')" | |
run: | | |
docker compose down --volumes | |
bin/dev/make-cert.sh | |
sudo PHRASEA_DOMAIN=${PHRASEA_DOMAIN} bin/dev/append-etc-hosts.sh | |
bin/setup.sh test | |
- name: Test | |
if: "!contains(github.event.head_commit.message, '[skip test]')" | |
run: bin/test.sh | |
- name: Run Cypress tests | |
if: "!contains(github.event.head_commit.message, '[skip cypress]') && !contains(github.event.head_commit.message, '[skip test]')" | |
run: | | |
docker compose up -d | |
docker compose run --rm cypress | |
- name: Extract Cypress output | |
if: failure() | |
run: | | |
mkdir cypress-output | |
docker run -d --rm --name dummy -v ${COMPOSE_PROJECT_NAME}_cypress_output:/cypress/output alpine:3.14.8 tail -f /dev/null | |
docker cp dummy:/cypress/output ./cypress-output/ | |
docker stop dummy | |
docker compose down --volumes | |
- name: Upload Cypress output | |
if: failure() | |
uses: actions/upload-artifact@v3 | |
with: | |
name: cypress-error | |
path: | | |
./cypress-output/output/screenshots | |
./cypress-output/output/results | |
retention-days: 2 | |
- name: Clean containers | |
if: ${{ always() }} | |
run: | | |
docker compose down --volumes | |
- name: Login to Docker Hub | |
env: | |
DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} | |
if: env.DOCKERHUB_USERNAME != null && (github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/')) | |
uses: docker/login-action@v1 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
- name: Push images to Dockerhub | |
env: | |
DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} | |
if: env.DOCKERHUB_USERNAME != null && startsWith(github.ref, 'refs/tags/') | |
run: | | |
docker image ls | grep ${{ env.DOCKER_TAG }} | awk '{ print $1 }' | xargs -I {} echo docker tag {}:${{ env.DOCKER_TAG }} {}:${{ github.ref_name }} | sed "s,${{ env.REGISTRY_NAMESPACE }},alchemyfr/ps-,2" | bash | |
export COMPOSE_PROFILES="${COMPOSE_PROFILES},configurator" | |
REGISTRY_NAMESPACE=alchemyfr/ps- DOCKER_TAG=${{ github.ref_name }} docker compose push | |
set -ex | |
LATEST_TAG=$(curl \ | |
-H "Accept: application/vnd.github+json" \ | |
-H "Authorization: Bearer ${{ github.token }}" \ | |
-H "X-GitHub-Api-Version: 2022-11-28" \ | |
https://api.github.com/repos/${{ github.repository }}/releases/latest | jq --raw-output '.tag_name') | |
if [ "${LATEST_TAG}" == "${{ github.ref_name }}" ]; then | |
docker image ls | grep ${{ env.DOCKER_TAG }} | awk '{ print $1 }' | xargs -I {} echo docker tag {}:${{ env.DOCKER_TAG }} {}:latest | sed "s,${{ env.REGISTRY_NAMESPACE }},alchemyfr/ps-,2" | bash | |
REGISTRY_NAMESPACE=alchemyfr/ps- DOCKER_TAG=latest docker compose push | |
fi | |
- name: Configure AWS Credentials | |
env: | |
AWS_ECR_ACCESS_KEY_ID: ${{ secrets.AWS_ECR_ACCESS_KEY_ID }} | |
if: env.AWS_ECR_ACCESS_KEY_ID != null | |
uses: aws-actions/configure-aws-credentials@v2 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ECR_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_ECR_ACCESS_KEY_SECRET }} | |
aws-region: us-east-1 | |
- name: Login to Amazon ECR Public | |
id: login-ecr-public | |
uses: aws-actions/amazon-ecr-login@v1 | |
with: | |
registry-type: public | |
- name: Push images to AWS ECR | |
env: | |
AWS_ECR_ACCESS_KEY_ID: ${{ secrets.AWS_ECR_ACCESS_KEY_ID }} | |
REGISTRY_ALIAS: b2s9z7l1 | |
if: env.AWS_ECR_ACCESS_KEY_ID != null | |
run: | | |
ECR_REGISTRY="${{ steps.login-ecr-public.outputs.registry }}/${REGISTRY_ALIAS}" | |
docker image ls | grep ${{ env.DOCKER_TAG }} | awk '{ print $1 }' | xargs -I {} echo docker tag {}:${{ env.DOCKER_TAG }} {}:${{ github.ref_name }} | sed "s,${{ env.REGISTRY_NAMESPACE }},${ECR_REGISTRY}/ps-,2" | bash | |
export COMPOSE_PROFILES="${COMPOSE_PROFILES},configurator" | |
REGISTRY_NAMESPACE=${ECR_REGISTRY}/ps- DOCKER_TAG=${{ github.ref_name }} docker compose push |