Skip to content

fix: sequential cicd, .secrets in ignore #20

fix: sequential cicd, .secrets in ignore

fix: sequential cicd, .secrets in ignore #20

Workflow file for this run

name: Lint+Format, Test, Update, Upload
on:
# To manually run the workflow
workflow_dispatch:
# On each main push event
push:
branches:
- main
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
jobs:
# JOB 1
run-lint-and-formatting:
# checks for common errors, code style consistency...
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- name: Checkout the repository
uses: actions/checkout@v4
- name: Setup python
uses: actions/setup-python@v5
with:
python-version: '3.12'
- name: Installing dependicies and running lint+formatting
run: |
make deps
make lint
- name: Check if changes happened...
run: if [ -n "$(git status --porcelain)" ]; then export GIT_STATUS=1; else export GIT_STATUS=0; fi
- name: Push changes
if: ${{ env.GIT_STATUS == 1 }}
run: |
git config user.name github-actions
git config user.email github-actions@github.com
git add .
git commit -m "Automated formatting and linting..."
git push
# JOB 2
run-tests:
needs: run-lint-and-formatting
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Checkout the repository
uses: actions/checkout@v4
- name: Setup python
uses: actions/setup-python@v5
with:
python-version: '3.12'
- name: Installing deps
run: make deps
- name: Running tests
run: pytest
# JOB 3
update-image:
# update docker images if requirements are changed
needs: run-tests
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Log in to the Container Registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract metadata (tags, labels)
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
- name: Build and push Docker image
uses: docker/build-push-action@v5
with:
context: .
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
# JOB 4
update-remote:
needs: update-image
runs-on: ubuntu-latest
permissions:
contents: read
env:
SSH_KEY: ${{ secrets.PRIVATE_SSH_KEY }}
REMOTE_PORT: ${{ secrets.REMOTE_PORT }}
REMOTE_USERNAME: ${{ secrets.REMOTE_USERNAME }}
REMOTE_HOST: ${{ secrets.REMOTE_HOST }}
CONN_STRING: ${{ secrets.CONN_STRING }}
TELEGRAM_TOKEN: ${{ secrets.TELEGRAM_TOKEN }}
GHCR_TOKEN: ${{ secrets.GHCR_TOKEN }}
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Put ssh key
run: |
mkdir -p ~/.ssh
touch ~/.ssh/id_ed25519
echo "$SSH_KEY" >> ~/.ssh/id_ed25519
chmod 600 ~/.ssh/id_ed25519
ssh-keyscan $REMOTE_HOST >> ~/.ssh/known_hosts
- name: Start SSH agent and add the key
run: |
eval `ssh-agent -s`
ssh-add -vvv ~/.ssh/id_ed25519
- name: RSync prod compose
# archive, verbose, compress
run: |
rsync -avz -e "ssh -p ${REMOTE_PORT}" --progress ./prod.docker-compose.yml $REMOTE_USERNAME@$REMOTE_HOST:~/project/
- name: RSync environment variables in a file
run: |
echo "MONGO_CONNECT=${CONN_STRING}">> .env
echo "BOT_TOKEN=${TELEGRAM_TOKEN}" >> .env
rsync -avz -e "ssh -p ${REMOTE_PORT}" --progress ./.env $REMOTE_USERNAME@$REMOTE_HOST:~/project/
- name: Clear environment file
run: "rm .env"
- name: Run a compose file
run: |
ssh -p $REMOTE_PORT $REMOTE_USERNAME@$REMOTE_HOST "
echo $GHCR_TOKEN | docker login ghcr.io -u $DOCKER_USERNAME --password-stdin &&
docker compose -f ~/project/prod.docker-compose.yml build &&
docker compose -f ~/project/prod.docker-compose.yml up"