Merge pull request #3457 from AlexsLemonade/dev #1858
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI/CD | |
on: push | |
env: | |
DOCKER_BUILDKIT: 1 | |
OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_ENGINEERING_AUTH_TOKEN }} | |
jobs: | |
# Code quality check jobs. | |
check_syntax: | |
name: Check Syntax | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Load secrets | |
uses: 1password/load-secrets-action@v1 | |
with: | |
export-env: true | |
env: | |
AWS_ACCESS_KEY_ID: ${{ secrets.OP_AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.OP_AWS_SECRET_ACCESS_KEY }} | |
- uses: actions/setup-python@v3 | |
with: | |
python-version: '3.11' | |
- uses: hashicorp/setup-terraform@v2 | |
with: | |
terraform_version: 0.13.5 | |
- name: Init Terraform in the Infrastructure Folder for Validation | |
run: cd infrastructure && TF_VAR_user=ci TF_VAR_stage=dev ./init_terraform.sh | |
- name: Init Terraform in the AMI Folder for Validation | |
run: cd ami && terraform init | |
- uses: pre-commit/action@v3.0.0 | |
# Test jobs. | |
test_affymetrix: | |
name: Test Affymetrix | |
env: | |
IMAGES: migrations affymetrix | |
needs: | |
- test_base | |
runs-on: ubuntu-latest-m | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Load secrets | |
uses: 1password/load-secrets-action@v1 | |
with: | |
export-env: true | |
env: | |
DOCKER_USERNAME: ${{ secrets.OP_DOCKER_USERNAME }} | |
DOCKER_PASSWORD: ${{ secrets.OP_DOCKER_PASSWORD }} | |
- name: Login to Packages Container Registry | |
uses: docker/login-action@v2 | |
with: | |
username: ${{ env.DOCKER_USERNAME }} | |
password: ${{ env.DOCKER_PASSWORD }} | |
- name: Start Postgres | |
run: scripts/run_postgres.sh | |
- name: Pause for Initialization | |
run: sleep 15 | |
- name: Install Database | |
run: scripts/install_db_docker.sh | |
- name: Update Models | |
run: scripts/update_models.sh | |
- name: Run Affymetrix Tests | |
run: | | |
sudo chmod -R a+rw workers/test_volume | |
.github/scripts/filter_tests.sh -t affymetrix | |
test_agilent: | |
name: Test Agilent | |
env: | |
IMAGES: migrations affymetrix | |
needs: | |
- test_affymetrix | |
runs-on: ubuntu-latest-m | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Load secrets | |
uses: 1password/load-secrets-action@v1 | |
with: | |
export-env: true | |
env: | |
DOCKER_USERNAME: ${{ secrets.OP_DOCKER_USERNAME }} | |
DOCKER_PASSWORD: ${{ secrets.OP_DOCKER_PASSWORD }} | |
- name: Login to Packages Container Registry | |
uses: docker/login-action@v2 | |
with: | |
username: ${{ env.DOCKER_USERNAME }} | |
password: ${{ env.DOCKER_PASSWORD }} | |
- name: Start Postgres | |
run: scripts/run_postgres.sh | |
- name: Pause for Initialization | |
run: sleep 15 | |
- name: Install Database | |
run: scripts/install_db_docker.sh | |
- name: Update Models | |
run: scripts/update_models.sh | |
- name: Run Agilent Tests | |
run: | | |
sudo -E chown -R $USER:$USER workers/test_volume | |
.github/scripts/filter_tests.sh -t agilent | |
test_api: | |
name: Test API | |
env: | |
IMAGES: migrations api_base api_local | |
needs: | |
- check_syntax | |
- test_api_base | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Load secrets | |
uses: 1password/load-secrets-action@v1 | |
with: | |
export-env: true | |
env: | |
DOCKER_USERNAME: ${{ secrets.OP_DOCKER_USERNAME }} | |
DOCKER_PASSWORD: ${{ secrets.OP_DOCKER_PASSWORD }} | |
- name: Login to Packages Container Registry | |
uses: docker/login-action@v2 | |
with: | |
username: ${{ env.DOCKER_USERNAME }} | |
password: ${{ env.DOCKER_PASSWORD }} | |
- name: Start Postgres | |
run: scripts/run_postgres.sh | |
- name: Start Elasticsearch | |
run: scripts/run_es.sh | |
- name: Pause for Initialization | |
run: sleep 15 | |
- name: Install Database | |
run: scripts/install_db_docker.sh | |
- name: Update Models | |
run: scripts/update_models.sh | |
- name: Rebuild the Elasticsearch Index | |
run: scripts/rebuild_es_index.sh | |
- name: Run API Tests | |
run: | | |
mkdir -p test_volume | |
sudo chmod -R a+rw test_volume | |
api/run_tests.sh | |
.github/scripts/prepare_test_coverage.sh api | |
- name: Upload Test Coverage to Codecov | |
uses: codecov/codecov-action@v3 | |
with: | |
files: ./test_volume/api_coverage.xml | |
name: API Tests | |
test_api_base: | |
name: Test API Base | |
env: | |
IMAGES: migrations api_base | |
needs: | |
- test_base | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Load secrets | |
uses: 1password/load-secrets-action@v1 | |
with: | |
export-env: true | |
env: | |
DOCKER_USERNAME: ${{ secrets.OP_DOCKER_USERNAME }} | |
DOCKER_PASSWORD: ${{ secrets.OP_DOCKER_PASSWORD }} | |
- name: Login to Packages Container Registry | |
uses: docker/login-action@v2 | |
with: | |
username: ${{ env.DOCKER_USERNAME }} | |
password: ${{ env.DOCKER_PASSWORD }} | |
- name: Start Postgres | |
run: scripts/run_postgres.sh | |
- name: Start Elasticsearch | |
run: scripts/run_es.sh | |
- name: Pause for Initialization | |
run: sleep 15 | |
- name: Install Database | |
run: scripts/install_db_docker.sh | |
- name: Update Models | |
run: scripts/update_models.sh | |
- name: Build the Docker Image | |
run: scripts/prepare_image.sh -i api_base -s api | |
test_base: | |
name: Test Base | |
env: | |
IMAGES: base | |
needs: | |
- check_syntax | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Load secrets | |
uses: 1password/load-secrets-action@v1 | |
with: | |
export-env: true | |
env: | |
DOCKER_USERNAME: ${{ secrets.OP_DOCKER_USERNAME }} | |
DOCKER_PASSWORD: ${{ secrets.OP_DOCKER_PASSWORD }} | |
- name: Login to Packages Container Registry | |
uses: docker/login-action@v2 | |
with: | |
username: ${{ env.DOCKER_USERNAME }} | |
password: ${{ env.DOCKER_PASSWORD }} | |
- name: Build the Docker Image | |
run: scripts/prepare_image.sh -i base -s common | |
test_common: | |
name: Test Common | |
env: | |
IMAGES: migrations common_tests | |
needs: | |
- test_api | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Load secrets | |
uses: 1password/load-secrets-action@v1 | |
with: | |
export-env: true | |
env: | |
DOCKER_USERNAME: ${{ secrets.OP_DOCKER_USERNAME }} | |
DOCKER_PASSWORD: ${{ secrets.OP_DOCKER_PASSWORD }} | |
- name: Login to Packages Container Registry | |
uses: docker/login-action@v2 | |
with: | |
username: ${{ env.DOCKER_USERNAME }} | |
password: ${{ env.DOCKER_PASSWORD }} | |
- name: Start Postgres | |
run: scripts/run_postgres.sh | |
- name: Start Elasticsearch | |
run: scripts/run_es.sh | |
- name: Pause for Initialization | |
run: sleep 15 | |
- name: Install Database | |
run: scripts/install_db_docker.sh | |
- name: Update Models | |
run: scripts/update_models.sh | |
- name: Rebuild the Elasticsearch Index | |
run: scripts/rebuild_es_index.sh | |
- name: Run Common Tests | |
run: | | |
mkdir -p workers/test_volume | |
sudo chmod -R a+rw workers/test_volume | |
common/run_tests.sh | |
.github/scripts/prepare_test_coverage.sh common | |
- name: Upload Test Coverage to Codecov | |
uses: codecov/codecov-action@v3 | |
with: | |
files: ./test_volume/common_coverage.xml | |
name: Common Tests | |
test_downloaders: | |
name: Test Downloaders | |
env: | |
IMAGES: migrations api_base api_local downloaders foreman | |
needs: | |
- test_base | |
runs-on: ubuntu-latest-m | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Load secrets | |
uses: 1password/load-secrets-action@v1 | |
with: | |
export-env: true | |
env: | |
DOCKER_USERNAME: ${{ secrets.OP_DOCKER_USERNAME }} | |
DOCKER_PASSWORD: ${{ secrets.OP_DOCKER_PASSWORD }} | |
- name: Login to Packages Container Registry | |
uses: docker/login-action@v2 | |
with: | |
username: ${{ env.DOCKER_USERNAME }} | |
password: ${{ env.DOCKER_PASSWORD }} | |
- name: Start Postgres | |
run: scripts/run_postgres.sh | |
- name: Pause for Initialization | |
run: sleep 15 | |
- name: Install Database | |
run: scripts/install_db_docker.sh | |
- name: Update Models | |
run: scripts/update_models.sh | |
- name: Run Downloader Tests | |
run: | | |
.github/scripts/filter_tests.sh -t downloaders | |
test_foreman: | |
name: Test Foreman | |
env: | |
IMAGES: migrations foreman | |
needs: | |
- test_api | |
runs-on: ubuntu-latest-m | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Load secrets | |
uses: 1password/load-secrets-action@v1 | |
with: | |
export-env: true | |
env: | |
DOCKER_USERNAME: ${{ secrets.OP_DOCKER_USERNAME }} | |
DOCKER_PASSWORD: ${{ secrets.OP_DOCKER_PASSWORD }} | |
- name: Login to Packages Container Registry | |
uses: docker/login-action@v2 | |
with: | |
username: ${{ env.DOCKER_USERNAME }} | |
password: ${{ env.DOCKER_PASSWORD }} | |
- name: Start Postgres | |
run: scripts/run_postgres.sh | |
- name: Start Elasticsearch | |
run: scripts/run_es.sh | |
- name: Pause for Initialization | |
run: sleep 15 | |
- name: Install Database | |
run: scripts/install_db_docker.sh | |
- name: Update Models | |
run: scripts/update_models.sh | |
- name: Rebuild the Elasticsearch Index | |
run: scripts/rebuild_es_index.sh | |
- name: Run Foreman Tests | |
run: | | |
mkdir -p workers/test_volume | |
sudo chmod -R a+rw workers/test_volume | |
foreman/run_tests.sh --exclude-tag=end_to_end | |
.github/scripts/prepare_test_coverage.sh foreman | |
- name: Upload Test Coverage to Codecov | |
uses: codecov/codecov-action@v3 | |
with: | |
files: ./test_volume/foreman_coverage.xml | |
name: Foreman Tests | |
test_illumina: | |
name: Test Illumina | |
env: | |
IMAGES: migrations illumina | |
needs: | |
- test_base | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Load secrets | |
uses: 1password/load-secrets-action@v1 | |
with: | |
export-env: true | |
env: | |
DOCKER_USERNAME: ${{ secrets.OP_DOCKER_USERNAME }} | |
DOCKER_PASSWORD: ${{ secrets.OP_DOCKER_PASSWORD }} | |
- name: Login to Packages Container Registry | |
uses: docker/login-action@v2 | |
with: | |
username: ${{ env.DOCKER_USERNAME }} | |
password: ${{ env.DOCKER_PASSWORD }} | |
- name: Start Postgres | |
run: scripts/run_postgres.sh | |
- name: Pause for Initialization | |
run: sleep 15 | |
- name: Install Database | |
run: scripts/install_db_docker.sh | |
- name: Update Models | |
run: scripts/update_models.sh | |
- name: Run Illumina Tests | |
run: | | |
mkdir -p workers/test_volume | |
sudo chmod -R a+rw workers/test_volume | |
.github/scripts/filter_tests.sh -t illumina | |
.github/scripts/prepare_test_coverage.sh workers | |
- name: Upload Test Coverage to Codecov | |
uses: codecov/codecov-action@v3 | |
with: | |
files: ./workers/test_volume/workers_coverage.xml | |
name: Illumina Tests | |
test_no_op: | |
name: Test No-Op | |
env: | |
IMAGES: migrations api_base api_local downloaders foreman | |
needs: | |
- test_base | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Load secrets | |
uses: 1password/load-secrets-action@v1 | |
with: | |
export-env: true | |
env: | |
DOCKER_USERNAME: ${{ secrets.OP_DOCKER_USERNAME }} | |
DOCKER_PASSWORD: ${{ secrets.OP_DOCKER_PASSWORD }} | |
- name: Login to Packages Container Registry | |
uses: docker/login-action@v2 | |
with: | |
username: ${{ env.DOCKER_USERNAME }} | |
password: ${{ env.DOCKER_PASSWORD }} | |
- name: Start Postgres | |
run: scripts/run_postgres.sh | |
- name: Pause for Initialization | |
run: sleep 15 | |
- name: Install Database | |
run: scripts/install_db_docker.sh | |
- name: Update Models | |
run: scripts/update_models.sh | |
- name: Run No-Op Tests | |
run: | | |
sudo -E chown -R $USER:$USER workers/test_volume | |
.github/scripts/filter_tests.sh -t no_op | |
test_salmon: | |
name: Test Salmon | |
env: | |
IMAGES: migrations salmon | |
needs: | |
- test_base | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Load secrets | |
uses: 1password/load-secrets-action@v1 | |
with: | |
export-env: true | |
env: | |
DOCKER_USERNAME: ${{ secrets.OP_DOCKER_USERNAME }} | |
DOCKER_PASSWORD: ${{ secrets.OP_DOCKER_PASSWORD }} | |
- name: Login to Packages Container Registry | |
uses: docker/login-action@v2 | |
with: | |
username: ${{ env.DOCKER_USERNAME }} | |
password: ${{ env.DOCKER_PASSWORD }} | |
- name: Start Postgres | |
run: scripts/run_postgres.sh | |
- name: Pause for Initialization | |
run: sleep 15 | |
- name: Install Database | |
run: scripts/install_db_docker.sh | |
- name: Update Models | |
run: scripts/update_models.sh | |
- name: Run Salmon Tests | |
run: | | |
sudo chmod -R a+rw workers/test_volume | |
.github/scripts/filter_tests.sh -t salmon | |
.github/scripts/prepare_test_coverage.sh workers | |
- name: Upload Test Coverage to Codecov | |
uses: codecov/codecov-action@v3 | |
with: | |
files: ./workers/test_volume/workers_coverage.xml | |
name: Salmon Tests | |
test_smasher: | |
name: Test Smasher | |
env: | |
IMAGES: migrations smasher | |
needs: | |
- test_base | |
runs-on: ubuntu-latest-m | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Load secrets | |
uses: 1password/load-secrets-action@v1 | |
with: | |
export-env: true | |
env: | |
DOCKER_USERNAME: ${{ secrets.OP_DOCKER_USERNAME }} | |
DOCKER_PASSWORD: ${{ secrets.OP_DOCKER_PASSWORD }} | |
- name: Login to Packages Container Registry | |
uses: docker/login-action@v2 | |
with: | |
username: ${{ env.DOCKER_USERNAME }} | |
password: ${{ env.DOCKER_PASSWORD }} | |
- name: Start Postgres | |
run: scripts/run_postgres.sh | |
- name: Pause for Initialization | |
run: sleep 15 | |
- name: Install Database | |
run: scripts/install_db_docker.sh | |
- name: Update Models | |
run: scripts/update_models.sh | |
- name: Run Smasher Tests | |
run: | | |
mkdir -p workers/test_volume | |
sudo chmod -R a+rw workers/test_volume | |
.github/scripts/filter_tests.sh -t smasher | |
.github/scripts/prepare_test_coverage.sh workers | |
- name: Run Janitor Tests | |
run: | | |
sudo -E chown -R $USER:$USER workers/test_volume | |
.github/scripts/filter_tests.sh -t janitor | |
.github/scripts/prepare_test_coverage.sh workers | |
- name: Upload Test Coverage to Codecov | |
uses: codecov/codecov-action@v3 | |
with: | |
files: ./workers/test_volume/workers_coverage.xml | |
name: Janitor Tests | |
- name: Run Compendia Tests | |
run: | | |
sudo -E chown -R $USER:$USER workers/test_volume | |
.github/scripts/filter_tests.sh -t compendia | |
.github/scripts/prepare_test_coverage.sh workers | |
- name: Upload Test Coverage to Codecov | |
uses: codecov/codecov-action@v3 | |
with: | |
files: ./workers/test_volume/workers_coverage.xml | |
name: Compendia Tests | |
- name: Run QN Tests | |
run: | | |
sudo -E chown -R $USER:$USER workers/test_volume | |
.github/scripts/filter_tests.sh -t qn | |
.github/scripts/prepare_test_coverage.sh workers | |
- name: Upload Test Coverage to Codecov | |
uses: codecov/codecov-action@v3 | |
with: | |
files: ./workers/test_volume/workers_coverage.xml | |
name: QN Tests | |
test_transcriptome: | |
name: Test Transcriptome | |
env: | |
DOCKER_BUILDKIT: 1 | |
IMAGES: migrations transcriptome | |
needs: | |
- test_base | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Load secrets | |
uses: 1password/load-secrets-action@v1 | |
with: | |
export-env: true | |
env: | |
DOCKER_USERNAME: ${{ secrets.OP_DOCKER_USERNAME }} | |
DOCKER_PASSWORD: ${{ secrets.OP_DOCKER_PASSWORD }} | |
- name: Login to Packages Container Registry | |
uses: docker/login-action@v2 | |
with: | |
username: ${{ env.DOCKER_USERNAME }} | |
password: ${{ env.DOCKER_PASSWORD }} | |
- name: Start Postgres | |
run: scripts/run_postgres.sh | |
- name: Pause for Initialization | |
run: sleep 15 | |
- name: Install Database | |
run: scripts/install_db_docker.sh | |
- name: Update Models | |
run: scripts/update_models.sh | |
- name: Run Transcriptome Tests | |
run: | | |
mkdir -p workers/test_volume | |
sudo chmod -R a+rw workers/test_volume | |
.github/scripts/filter_tests.sh -t transcriptome | |
.github/scripts/prepare_test_coverage.sh workers | |
- name: Upload Test Coverage to Codecov | |
uses: codecov/codecov-action@v3 | |
with: | |
files: ./workers/test_volume/workers_coverage.xml | |
name: Transcriptome Tests | |
# Deploy jobs. | |
deploy: | |
name: Deploy | |
env: | |
CI_USERNAME: ${{ github.actor }} | |
if: startsWith(github.ref, 'refs/tags/v') && ! endsWith(github.ref, '-hotfix') | |
needs: | |
- determine_branch | |
- test_affymetrix | |
- test_agilent | |
- test_api | |
- test_common | |
- test_downloaders | |
- test_foreman | |
- test_illumina | |
- test_no_op | |
- test_salmon | |
- test_smasher | |
- test_transcriptome | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: Load secrets | |
uses: 1password/load-secrets-action@v1 | |
with: | |
export-env: true | |
env: | |
DEPLOY_BOX_SSH_PRIVATE_KEY: ${{ secrets.OP_DEPLOY_BOX_SSH_PRIVATE_KEY }} | |
SSH_PUBLIC_KEY: ${{ secrets.OP_SSH_PUBLIC_KEY }} | |
AWS_ACCESS_KEY_ID: ${{ secrets.OP_AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.OP_AWS_SECRET_ACCESS_KEY }} | |
DEPLOY_BOX_IP: ${{ secrets.OP_DEPLOY_BOX_IP }} | |
DOCKER_USERNAME: ${{ secrets.OP_DOCKER_USERNAME }} | |
DOCKER_PASSWORD: ${{ secrets.OP_DOCKER_PASSWORD }} | |
SENTRY_DSN: ${{ secrets.OP_SENTRY_DSN }} | |
SLACK_WEBHOOK_URL: ${{ secrets.OP_SLACK_WEBHOOK_URL }} | |
STAGING_DATABASE_PASSWORD: ${{ secrets.OP_STAGING_DATABASE_PASSWORD }} | |
STAGING_DJANGO_SECRET_KEY: ${{ secrets.OP_STAGING_DJANGO_SECRET_KEY }} | |
PRODUCTION_DATABASE_PASSWORD: ${{ secrets.OP_PRODUCTION_DATABASE_PASSWORD }} | |
PRODUCTION_DJANGO_SECRET_KEY: ${{ secrets.OP_PRODUCTION_DJANGO_SECRET_KEY }} | |
- name: Set the $BRANCH and $CI_TAG Environment Variables | |
run: | | |
. scripts/common.sh | |
echo "BRANCH=$(get_deploy_branch ${GITHUB_REF#refs/tags/})" >> $GITHUB_ENV | |
# Remove /ref/tags/ from the beginning of the tag name | |
echo "CI_TAG=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV | |
- name: Set Staging Specific Environment Variables | |
if: ${{needs.determine_branch.outputs.branch == 'dev'}} | |
run: | | |
echo "DATABASE_PASSWORD=${STAGING_DATABASE_PASSWORD}" >> $GITHUB_ENV | |
echo "DJANGO_SECRET_KEY=${STAGING_DJANGO_SECRET_KEY}" >> $GITHUB_ENV | |
echo "SENTRY_DSN=${SENTRY_DSN}" >> $GITHUB_ENV | |
# Staging doesn't notify the engagementbot, so overwrite this to be blank. | |
echo "SLACK_WEBHOOK_URL=" >> $GITHUB_ENV | |
- name: Set Production Specific Environment Variables | |
if: ${{needs.determine_branch.outputs.branch == 'master'}} | |
run: | | |
echo "DATABASE_PASSWORD=${PRODUCTION_DATABASE_PASSWORD}" >> $GITHUB_ENV | |
echo "DJANGO_SECRET_KEY=${PRODUCTION_DJANGO_SECRET_KEY}" >> $GITHUB_ENV | |
echo "SENTRY_DSN=${SENTRY_DSN}" >> $GITHUB_ENV | |
echo "SLACK_WEBHOOK_URL=${SLACK_WEBHOOK_URL}" >> $GITHUB_ENV | |
- name: Deploy | |
run: .github/scripts/remote_deploy.sh | |
- name: Cleanup Deploy | |
run: .github/scripts/post_deploy_cleanup.sh | |
timeout-minutes: 1440 | |
deploy_hotfix: | |
name: Deploy Hotfix | |
env: | |
CI_USERNAME: ${{ github.actor }} | |
if: startsWith(github.ref, 'refs/tags/v') && endsWith(github.ref, '-hotfix') | |
needs: | |
- determine_branch | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: Load secrets | |
uses: 1password/load-secrets-action@v1 | |
with: | |
export-env: true | |
env: | |
DEPLOY_BOX_SSH_PRIVATE_KEY: ${{ secrets.OP_DEPLOY_BOX_SSH_PRIVATE_KEY }} | |
SSH_PUBLIC_KEY: ${{ secrets.OP_SSH_PUBLIC_KEY }} | |
AWS_ACCESS_KEY_ID: ${{ secrets.OP_AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.OP_AWS_SECRET_ACCESS_KEY }} | |
DEPLOY_BOX_IP: ${{ secrets.OP_DEPLOY_BOX_IP }} | |
DOCKER_USERNAME: ${{ secrets.OP_DOCKER_USERNAME }} | |
DOCKER_PASSWORD: ${{ secrets.OP_DOCKER_PASSWORD }} | |
SENTRY_DSN: ${{ secrets.OP_SENTRY_DSN }} | |
SLACK_WEBHOOK_URL: ${{ secrets.OP_SLACK_WEBHOOK_URL }} | |
STAGING_DATABASE_PASSWORD: ${{ secrets.OP_STAGING_DATABASE_PASSWORD }} | |
STAGING_DJANGO_SECRET_KEY: ${{ secrets.OP_STAGING_DJANGO_SECRET_KEY }} | |
PRODUCTION_DATABASE_PASSWORD: ${{ secrets.OP_PRODUCTION_DATABASE_PASSWORD }} | |
PRODUCTION_DJANGO_SECRET_KEY: ${{ secrets.OP_PRODUCTION_DJANGO_SECRET_KEY }} | |
- name: Set the $BRANCH and $CI_TAG Environment Variables | |
run: | | |
. scripts/common.sh | |
echo "BRANCH=$(get_deploy_branch ${GITHUB_REF#refs/tags/})" >> $GITHUB_ENV | |
# Remove /ref/tags/ from the beginning of the tag name | |
echo "CI_TAG=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV | |
- name: Set Staging Specific Environment Variables | |
if: ${{needs.determine_branch.outputs.branch == 'dev'}} | |
run: | | |
echo "DATABASE_PASSWORD=${STAGING_DATABASE_PASSWORD}" >> $GITHUB_ENV | |
echo "DJANGO_SECRET_KEY=${STAGING_DJANGO_SECRET_KEY}" >> $GITHUB_ENV | |
echo "SENTRY_DSN=${SENTRY_DSN}" >> $GITHUB_ENV | |
# Staging doesn't notify the engagementbot, so overwrite this to be blank. | |
echo "SLACK_WEBHOOK_URL=" >> $GITHUB_ENV | |
- name: Set Production Specific Environment Variables | |
if: ${{needs.determine_branch.outputs.branch == 'master'}} | |
run: | | |
echo "DATABASE_PASSWORD=${PRODUCTION_DATABASE_PASSWORD}" >> $GITHUB_ENV | |
echo "DJANGO_SECRET_KEY=${PRODUCTION_DJANGO_SECRET_KEY}" >> $GITHUB_ENV | |
echo "SENTRY_DSN=${SENTRY_DSN}" >> $GITHUB_ENV | |
echo "SLACK_WEBHOOK_URL=${SLACK_WEBHOOK_URL}" >> $GITHUB_ENV | |
- name: Deploy | |
run: .github/scripts/remote_deploy.sh | |
- name: Cleanup Deploy | |
run: .github/scripts/post_deploy_cleanup.sh | |
timeout-minutes: 1440 | |
determine_branch: | |
name: Determene Branch | |
# As far as I can tell, this is the only way to use the output of | |
# a script in a github conditional. | |
if: startsWith(github.ref, 'refs/tags/v') | |
runs-on: ubuntu-latest | |
outputs: | |
branch: ${{ steps.set_branch.outputs.branch }} | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- id: set_branch | |
name: Set the $CI_TAG Environment Variable | |
run: | | |
. scripts/common.sh | |
echo "branch=$(get_deploy_branch ${GITHUB_REF#refs/tags/})" >> $GITHUB_OUTPUT |