This repository has been archived by the owner on Jan 10, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 11
173 lines (172 loc) · 6.86 KB
/
ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
---
name: Continuous Integration
env:
SLACK_CHANNEL_ID: "${{ secrets.SLACK_CHANNEL_ID }}"
on:
push:
branches-ignore:
- refs/tags/*_staging
- refs/tags/*_production
jobs:
build:
runs-on: ubuntu-20.04
steps:
- name: Checkout branch
# Pin to v3.1.0 SHA
uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
- name: Extract branch name
shell: bash
run: echo "branch=${GITHUB_REF#refs/heads/}" >> $GITHUB_OUTPUT
id: extract_branch
- name: Cache gems
# Pin to 3.0.11 SHA
uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7
env:
nix-hash: |
${{ hashFiles('default.nix', 'shell.nix', 'nix/sources.*') }}
dependencies-hash: |
${{ hashFiles('Gemfile', 'Gemfile.lock') }}
with:
path: |
vendor/bundle
key: |
${{ runner.OS }}-gem-cache-${{ env.nix-hash }}-${{ env.dependencies-hash }}
restore-keys: |
${{ runner.OS }}-gem-cache-${{ env.nix-hash }}-
# Pin to the v18 SHA
- uses: "cachix/install-nix-action@daddc62a2e67d1decb56e028c9fa68344b9b7c2a"
with:
install_url: "https://releases.nixos.org/nix/nix-2.7.0/install"
nix_path: nixpkgs=channel:nixos-22.05
- name: Run CI through nix-shell
run: nix develop -c ./run_ci.sh
- name: Post to Slack if build fails
if: failure() && (github.ref == 'refs/heads/master' || github.ref == 'refs/heads/main' || github.ref == 'refs/heads/stable')
# Pin to the v1.23.0 SHA
uses: slackapi/slack-github-action@007b2c3c751a190b6f0f040e47ed024deaa72844
env:
SLACK_BOT_TOKEN: "${{ secrets.BELLROY_SLACK_TOKEN }}"
with:
channel-id: "${{ env.SLACK_CHANNEL_ID }}"
payload: |
{
"text": "* ${{ github.repository }} BUILD FAILURE*",
"attachments": [
{
"fallback": "Failure summary",
"color": "ff0000",
"fields": [
{
"title": "Branch",
"value": "${{ steps.extract_branch.outputs.branch}}"
},
{
"title": "Who broke it",
"value": "${{ github.actor }}"
},
{
"title": "Build output",
"value": "https://github.com/${{ github.repository }}/commit/${{ github.sha }}/checks",
"short": false
}
]
}
]
}
services:
postgres:
image: postgres:12.12
env:
POSTGRES_USER: runner
POSTGRES_DB: postgres
POSTGRES_PASSWORD: postgres
ports:
- 5432:5432
options:
"--health-cmd pg_isready --health-interval 10s --health-timeout 5s
--health-retries 5"
env:
PGHOST: localhost
PGPORT: 5432
PGPASSWORD: postgres
RAILS_ENV: test
deploy:
if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/stable'
needs:
- build
defaults:
run:
shell: bash -leo pipefail {0}
runs-on: self-hosted
steps:
- name: Checkout branch
# Pin to v3.1.0 SHA
uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
with:
submodules: true
token: ${{ secrets.ACTIONS_TOKEN }}
fetch-depth: 10
- name: Extract branch name and stage
shell: bash
id: extract_branch
run: |
STAGE=staging
if [[ "${GITHUB_REF#refs/heads/}" == "stable" ]]; then
STAGE=production
fi
echo "STAGE=$STAGE" >> $GITHUB_ENV
echo "BRANCH=${GITHUB_REF#refs/heads/}" >> $GITHUB_ENV
- name: Set secrets to environment variables
shell: bash
id: set_secrets_to_environment_variables
run: |
echo "SLACK_WEBHOOK_URL=${{ secrets.SLACK_WEBHOOK_URL }}" >> $GITHUB_ENV
if [[ "${GITHUB_REF#refs/heads/}" == "stable" ]]; then
echo "PRODUCTION_SERVER_HOSTNAME=${{ secrets.PRODUCTION_SERVER_HOSTNAME }}" >> $GITHUB_ENV
echo "PRODUCTION_SERVER_USERNAME=${{ secrets.PRODUCTION_SERVER_USERNAME }}" >> $GITHUB_ENV
echo "RAILS_PRODUCTION_KEY=${{ secrets.RAILS_PRODUCTION_KEY }}" >> $GITHUB_ENV
else
echo "STAGING_SERVER_HOSTNAME=${{ secrets.STAGING_SERVER_HOSTNAME }}" >> $GITHUB_ENV
echo "STAGING_SERVER_USERNAME=${{ secrets.STAGING_SERVER_USERNAME }}" >> $GITHUB_ENV
echo "RAILS_STAGING_KEY=${{ secrets.RAILS_STAGING_KEY }}" >> $GITHUB_ENV
fi
- name: Deploy with capistrano
id: cap_deploy
run: |
echo "Start ssh agent if required"
if [ -z "$SSH_AUTH_SOCK" ] ; then
eval "$(ssh-agent -s)"
ssh-add
fi
echo "SSH_AGENT_PID=$SSH_AGENT_PID" >> $GITHUB_OUTPUT
LAST_DEPLOY_TAG=$(git tag -l [0-9]*_$STAGE | tail -n 1)
AUTHORS=$(git log --oneline --format="%an" $LAST_DEPLOY_TAG..origin/$BRANCH | sort -u | tr '\n' ',' | sed 's/trike-deploy,//;s/,$//g')
if [ -z "$AUTHORS" ]; then
AUTHORS=$(git log --oneline --format="%an" | sed -n '1p')
fi
git config user.name "$AUTHORS"
echo "AUTHORS=$AUTHORS" >> $GITHUB_ENV
nix develop -c ./run_deploy.sh
- name: Kill ssh-agent
if: always()
run: |
SSH_AGENT_PID=${{ steps.cap_deploy.outputs.SSH_AGENT_PID }}
kill $SSH_AGENT_PID
- name: Open PR to stable
if: github.ref == 'refs/heads/master'
run: |
curl -X POST -H "Accept: application/vnd.github.v3+json" -H "Authorization: token ${{ secrets.ACTIONS_TOKEN }}" https://api.github.com/repos/${{ github.repository }}/pulls -d '{"head":"master","base":"stable","title":"Merge branch master into stable","body":"This PR is automatically generated by CI."}'
PR_URL=$(curl -sX GET -H "Accept: application/vnd.github.v3+json" -H "Authorization: token ${{ secrets.ACTIONS_TOKEN }}" https://api.github.com/repos/${{ github.repository }}/pulls\?head\=bellroy:master\&base\=stable | jq -r '.[0].html_url | select(length>0)')
echo "PR_URL=$PR_URL" >> $GITHUB_ENV
- name: Post to Slack if deploy succeeds
if: github.ref == 'refs/heads/master'
# Pin to the v1.23.0 SHA
uses: slackapi/slack-github-action@007b2c3c751a190b6f0f040e47ed024deaa72844
env:
SLACK_BOT_TOKEN: "${{ secrets.BELLROY_SLACK_TOKEN }}"
with:
channel-id: "${{ env.SLACK_CHANNEL_ID }}"
payload: |
{
"text": ":loudspeaker: *${{ env.AUTHORS }}* succesfully deployed to `staging`. Open PR: ${{ env.PR_URL }}"
}