-
Notifications
You must be signed in to change notification settings - Fork 0
177 lines (155 loc) Β· 5.99 KB
/
ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
name: Dashboard Workflow
on:
push:
branches:
- develop
- release
jobs:
build_test:
name: π΄ Build + Lint + Test π΄ # Match the name below (8398a7/action-slack).
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: π³ Prepare Docker
id: prep
run: |
TAG=$(echo $GITHUB_SHA | head -c7)
IMAGE="ghcr.io/${GITHUB_REPOSITORY}"
echo "tagged_image=${IMAGE}:${TAG}" >> $GITHUB_OUTPUT
echo "name=tag::${TAG}" >> $GITHUB_OUTPUT
- name: π³ Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@master
- name: π³ Cache Docker layers
uses: actions/cache@v2
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-single-buildx-${{ github.sha }}
restore-keys: |
${{ runner.os }}-single-buildx
- name: π³ Build image
uses: docker/build-push-action@v2
with:
context: .
builder: ${{ steps.buildx.outputs.name }}
file: Dockerfile
push: false # This would be set to true in a real world deployment scenario.
load: true
tags: ${{ steps.prep.outputs.tagged_image }}
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache-new
- name: π€ Run Lint π§ͺ
env:
DOCKER_IMAGE: ${{ steps.prep.outputs.tagged_image }}
run: |
docker run --rm --workdir="/code/" $DOCKER_IMAGE sh -c 'yarn lint'
# - name: π€ Run Test π§ͺ
# env:
# DOCKER_IMAGE: ${{ steps.prep.outputs.tagged_image }}
# run: |
# docker run --rm --workdir="/code/" $DOCKER_IMAGE sh -c 'yarn test'
- name: π€ Run Build π§ͺ
env:
DOCKER_IMAGE: ${{ steps.prep.outputs.tagged_image }}
REACT_APP_GRAPHQL_ENDPOINT: ${{ secrets.REACT_APP_GRAPHQL_ENDPOINT }}
REACT_APP_ENVIRONMENT: prod
REACT_APP_SENTRY_DSN: ${{ secrets.REACT_APP_SENTRY_DSN }}
REACT_APP_MAPBOX_STYLE: mapbox://styles/togglecorp/cl50rwy0a002d14mo6w9zprio
REACT_APP_MAPBOX_ACCESS_TOKEN: ${{ secrets.REACT_APP_MAPBOX_ACCESS_TOKEN }}
REACT_APP_API_END: ${{ secrets.REACT_APP_API_END }}
REACT_APP_ADMIN_END: ${{ secrets.REACT_APP_ADMIN_END }}
# Not required for now.
GRAPHQL_CODEGEN_ENDPOINT: ${{ secrets.GRAPHQL_CODEGEN_ENDPOINT }}
REACT_APP_GA_TRACKING_ID:
run: |
env > .env
docker run --rm --workdir="/code/" -v `pwd`/.env:/code/.env -v `pwd`/build/:/code/build/ $DOCKER_IMAGE sh -c 'yarn build'
- name: Save build files as artifact
uses: actions/upload-artifact@v1
with:
name: ifrc-gates-dashboard
path: build
# Temp fix
# https://github.com/docker/build-push-action/blob/master/docs/advanced/cache.md#github-cache
# https://github.com/docker/build-push-action/issues/252
# https://github.com/moby/buildkit/issues/1896
- name: π³ Move docker cache (π§ Hack fix)
run: |
rm -rf /tmp/.buildx-cache
mv /tmp/.buildx-cache-new /tmp/.buildx-cache
build_terraform:
name: Terraform actions
runs-on: ubuntu-latest
environment:
name: production
url: https://dashboard.collective-service.net/
needs: build_test
defaults:
run:
working-directory: "./terraform"
if: github.ref == 'refs/heads/release'
steps:
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.AWS_REGION }}
- name: Checkout code
uses: actions/checkout@v2
- name: Setup Terraform
uses: hashicorp/setup-terraform@v1
with:
terraform_version: 1.1.2
terraform_wrapper: false
- name: Terraform init
id: init
run: terraform init -upgrade
- name: Terraform validate
id: validate
run: terraform validate
- name: Terraform plan
id: plan
run: terraform plan -var-file=prod.tfvars -no-color
- name: Terraform apply
id: apply
run: terraform apply -var-file=prod.tfvars -auto-approve -no-color
- name: Get Terraform outputs
id: op-bucket-name
run: echo "bucket_name=$(terraform output s3_bucket_name)" >> $GITHUB_OUTPUT
- name: Get Terraform outputs
id: op-distid
run: echo "distid=$(terraform output -raw website_cdn_id)" >> $GITHUB_OUTPUT
outputs:
s3-bucket-name: ${{ steps.op-bucket-name.outputs.bucket_name }}
dist-id: ${{ steps.op-distid.outputs.distid }}
deploy:
name: Deploy to AWS (S3 + Cloudfront)
needs: build_terraform
runs-on: ubuntu-latest
if: github.ref == 'refs/heads/release' && github.event_name == 'push'
steps:
- uses: actions/download-artifact@v1
with:
name: ifrc-gates-dashboard
path: build
# Copy build to S3
- name: S3 Sync
uses: jakejarvis/s3-sync-action@master
with:
args: --acl public-read --follow-symlinks --delete
env:
AWS_S3_BUCKET: ${{ needs.build_terraform.outputs.s3-bucket-name }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_REGION: ${{ secrets.AWS_REGION }}
SOURCE_DIR: './build'
# Invalidate Cloudfront (this action)
- name: Cloudfront Invalidate
uses: chetan/invalidate-cloudfront-action@master
env:
DISTRIBUTION: ${{ needs.build_terraform.outputs.dist-id }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_REGION: ${{ secrets.AWS_REGION }}
PATHS: '/*'