Push tagged Web app to GHCR and deploy to production #31
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Push tagged Web app to GHCR and deploy to production | |
on: | |
workflow_dispatch: | |
push: | |
paths: | |
- app/** | |
- k8s/prod/prod/cc-prod-prod-migrate.yml | |
- k8s/prod/cc-prod-seed.yml | |
- k8s/prod/cc-prod-sync-catalogue.yml | |
- k8s/prod/cc-prod-create-admin.yml | |
- k8s/cc-web.yml | |
- k8s/prod/cc-prod-seed.yml | |
- k8s/prod/cc-prod-sync-catalogue.yml | |
- k8s/prod/cc-prod-create-admin.yml | |
- k8s/cc-web.yml | |
- k8s/cc-web-deploy.yml | |
- .github/workflows/web-tag.yml | |
tags: | |
- "v[0-9]+.[0-9]+.[0-9]+" | |
jobs: | |
runTests: | |
runs-on: ubuntu-latest | |
if: ${{ !contains(github.ref, '-') }} | |
env: | |
NODE_ENV: test | |
NEXTAUTH_SECRET: "diTMz/XLX4edSmmfzwJtmzKjCJGRt81Gf0PdjO3IPs8=" | |
NEXTAUTH_URL: "http://localhost:3000" | |
CDP_API_KEY: ${{ secrets.CDP_API_KEY_TEST }} | |
CDP_MODE: "test" | |
defaults: | |
run: | |
working-directory: ./app | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: 20 | |
cache: "npm" | |
cache-dependency-path: app/package-lock.json | |
- name: Install dependencies | |
run: npm ci | |
- name: Set up database | |
run: | | |
docker run --name github_action_postgresql -d -p 5432:5432 -e POSTGRES_HOST_AUTH_METHOD=trust -e POSTGRES_PASSWORD="" postgres | |
sleep 10 | |
createuser -w -h localhost -p 5432 -U postgres citycatalyst | |
createdb -w -h localhost -p 5432 -U postgres citycatalyst -O citycatalyst | |
cp env.example .env | |
npm run db:migrate | |
npm run db:seed | |
- name: Run NextJS build | |
run: npm run build | |
- name: Run API tests | |
run: npm run api:test | |
- name: Install Playwright Browsers | |
run: npx playwright install --with-deps | |
- name: Run Playwright tests | |
run: npx playwright test | |
- uses: actions/upload-artifact@v4 | |
if: always() | |
with: | |
name: playwright-report | |
path: playwright-report/ | |
retention-days: 30 | |
- name: Shut down database | |
run: docker stop github_action_postgresql | |
pushToGHCR: | |
needs: runTests | |
if: ${{ !contains(github.ref, '-') }} | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Log in to the Container registry | |
uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Pushing citycatalyst to GHCR | |
env: | |
SHA: ${{ github.sha }} | |
REF: ${{ github.ref }} | |
IMAGE: ghcr.io/open-earth-foundation/citycatalyst | |
run: | | |
export VERSION=${REF#refs/tags/v} | |
export MAJOR=${VERSION%.*.*} | |
export MINOR=${VERSION%.*} | |
echo Version: ${VERSION} Major: ${MAJOR} Minor: ${MINOR} | |
docker build -t $IMAGE:$SHA app | |
docker tag $IMAGE:$SHA $IMAGE:$VERSION | |
docker tag $IMAGE:$SHA $IMAGE:$MAJOR | |
docker tag $IMAGE:$SHA $IMAGE:$MINOR | |
docker tag $IMAGE:$SHA $IMAGE:stable | |
docker push $IMAGE:$SHA | |
docker push $IMAGE:$VERSION | |
docker push $IMAGE:$MAJOR | |
docker push $IMAGE:$MINOR | |
docker push $IMAGE:stable | |
deployToEKS: | |
needs: pushToGHCR | |
if: ${{ !contains(github.ref, '-') }} | |
runs-on: ubuntu-latest | |
env: | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID_EKS_PROD_USER }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY_EKS_PROD_USER }} | |
EKS_PROD_NAME: ${{ secrets.EKS_PROD_NAME }} | |
SHA: ${{ github.sha }} | |
REF: ${{ github.ref }} | |
IMAGE: ghcr.io/open-earth-foundation/citycatalyst | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Creating kubeconfig file | |
run: aws eks update-kubeconfig --name ${{secrets.EKS_PROD_NAME}} --region us-east-1 | |
- name: Testing connection to EKS | |
run: kubectl get pods -n default | |
- name: Deploying service | |
run: | | |
export VERSION=${REF#refs/tags/v} | |
export VERSION=${REF#refs/tags/v} | |
kubectl create -f k8s/prod/cc-prod-migrate.yml -n default | |
kubectl create -f k8s/prod/cc-prod-seed.yml -n default | |
kubectl apply -f k8s/prod/cc-prod-sync-catalogue.yml -n default | |
kubectl apply -f k8s/cc-web-deploy.yml -n default | |
kubectl set image deployment/cc-web-deploy \ | |
cc-web=$IMAGE:$VERSION \ | |
-n default | |
kubectl set image cronjob/cc-prod-sync-catalogue \ | |
cc-sync-catalogue=$IMAGE:$VERSION \ | |
-n default | |
kubectl set env deployment/cc-web-deploy \ | |
SMTP_USER=${{secrets.SMTP_USER}} \ | |
SMTP_PASSWORD=${{secrets.SMTP_PASSWORD}} \ | |
NEXTAUTH_SECRET=${{secrets.NEXTAUTH_SECRET}} \ | |
RESET_TOKEN_SECRET=${{secrets.RESET_TOKEN_SECRET}} \ | |
VERIFICATION_TOKEN_SECRET=${{secrets.VERIFICATION_TOKEN_SECRET}} \ | |
OPENAI_API_KEY=${{secrets.OPENAI_API_KEY_PROD}} \ | |
"OPENAI_ASSISTANT_ID=asst_FCZ1wta3NElIFXCxDO1KME9I" \ | |
HUGGINGFACE_API_KEY=${{secrets.HUGGINGFACE_API_KEY}} \ | |
"ADMIN_EMAILS=${{secrets.ADMIN_EMAILS}}" \ | |
"ADMIN_NAMES=${{secrets.ADMIN_NAMES}}" \ | |
"DEFAULT_ADMIN_EMAIL=${{secrets.DEFAULT_ADMIN_EMAIL}}" \ | |
"DEFAULT_ADMIN_PASSWORD=${{secrets.DEFAULT_ADMIN_PASSWORD}}" \ | |
"HOST=https://citycatalyst.io" \ | |
"NEXTAUTH_URL=https://citycatalyst.io" \ | |
"NEXT_PUBLIC_API_URL=https://api.citycatalyst.io" \ | |
"GLOBAL_API_URL=https://api.citycatalyst.io" \ | |
"NEXT_PUBLIC_OPENCLIMATE_API_URL=https://app.openclimate.network" \ | |
"OPENCLIMATE_API_URL=https://app.openclimate.network" \ | |
CDP_API_KEY=${{secrets.CDP_API_KEY_TEST}} | |
kubectl create -f k8s/prod/cc-prod-create-admin.yml -n default | |
kubectl rollout restart deployment cc-web-deploy -n default |