Ms2/iam-layout #522
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build, test, and deploy | |
on: | |
push: | |
branches: | |
- main | |
pull_request: | |
branches: | |
- main | |
workflow_dispatch: | |
inputs: | |
environment: | |
description: 'Environment to deploy to' | |
type: environment | |
required: true | |
env: | |
OUTPUT_PATH_ENGINE_NODE: './build/engine/' | |
OUTPUT_PATH_ENGINE_ANDROID: './src/engine/native/android/app/build/outputs/apk/debug/' | |
OUTPUT_PATH_MS_SERVER: './build/management-system/server/' | |
FILE_NAME_NODE_ENGINE: 'PROCEED-Engine-0.1.0.zip' | |
FILE_NAME_ANDROID: 'PROCEED-Engine-0.1.0.apk' | |
jobs: | |
install: | |
runs-on: ubuntu-latest | |
outputs: | |
compose: ${{ steps.changes.outputs.compose }} | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: dorny/paths-filter@v2 | |
id: changes | |
with: | |
filters: | | |
compose: | |
- 'docker-compose.yml' | |
- name: Set up Node.js | |
uses: actions/setup-node@v3 | |
with: | |
node-version: 20 | |
check-latest: true | |
cache: 'yarn' | |
- run: yarn install --frozen-lockfile --ignore-engines # Remove once node-ipc is removed | |
# Cache for this workflow run. | |
- uses: actions/cache@v3 | |
timeout-minutes: 2 | |
id: cache-install | |
with: | |
path: ./* | |
key: ${{ github.sha }}-${{ github.run_number }} | |
lint: | |
runs-on: ubuntu-latest | |
needs: install | |
steps: | |
- uses: actions/cache@v3 | |
timeout-minutes: 2 | |
id: restore-install | |
with: | |
path: ./* | |
key: ${{ github.sha }}-${{ github.run_number }} | |
- name: Set up Node.js | |
uses: actions/setup-node@v3 | |
with: | |
node-version: 20 | |
check-latest: true | |
cache: 'yarn' | |
- run: yarn prettier --check . | |
testEngine: | |
runs-on: ubuntu-latest | |
needs: install | |
steps: | |
- uses: actions/cache@v3 | |
timeout-minutes: 2 | |
id: restore-install | |
with: | |
path: ./* | |
key: ${{ github.sha }}-${{ github.run_number }} | |
- name: Set up Node.js | |
uses: actions/setup-node@v3 | |
with: | |
node-version: 20 | |
check-latest: true | |
cache: 'yarn' | |
- run: yarn test-engine --ci | |
testEngineE2E: | |
runs-on: ubuntu-latest | |
needs: install | |
steps: | |
- uses: actions/cache@v3 | |
timeout-minutes: 2 | |
id: restore-install | |
with: | |
path: ./* | |
key: ${{ github.sha }}-${{ github.run_number }} | |
- name: Set up Node.js | |
uses: actions/setup-node@v3 | |
with: | |
node-version: 20 | |
check-latest: true | |
cache: 'yarn' | |
- run: yarn test-e2e --ci | |
testMS: | |
runs-on: ubuntu-latest | |
needs: install | |
steps: | |
- uses: actions/cache@v3 | |
timeout-minutes: 2 | |
id: restore-install | |
with: | |
path: ./* | |
key: ${{ github.sha }}-${{ github.run_number }} | |
- name: Set up Node.js | |
uses: actions/setup-node@v3 | |
with: | |
node-version: 20 | |
check-latest: true | |
cache: 'yarn' | |
- run: yarn test-ms --ci | |
# testE2E: | |
# timeout-minutes: 60 | |
# runs-on: ubuntu-latest | |
# steps: | |
# - uses: actions/cache@v3 | |
# timeout-minutes: 2 | |
# id: restore-install | |
# with: | |
# path: ./* | |
# key: ${{ github.sha }}-${{ github.run_number }} | |
# - name: Set up Node.js | |
# uses: actions/setup-node@v3 | |
# with: | |
# node-version: 20 | |
# check-latest: true | |
# cache: 'yarn' | |
# - name: Install Playwright Browsers | |
# run: yarn playwright install --with-deps | |
# - name: Run Playwright tests | |
# run: yarn dev-ms-server & sleep 5 && yarn playwright test | |
# - uses: actions/upload-artifact@v3 | |
# if: always() | |
# with: | |
# name: playwright-report | |
# path: playwright-report/ | |
# retention-days: 30 | |
buildEngine: | |
runs-on: ubuntu-latest | |
if: ${{ github.ref == 'refs/heads/main' }} | |
needs: | |
- lint | |
- testEngine | |
- testEngineE2E | |
- testMS | |
steps: | |
- uses: actions/cache@v3 | |
timeout-minutes: 2 | |
id: restore-install | |
with: | |
path: ./* | |
key: ${{ github.sha }}-${{ github.run_number }} | |
- name: Set up Node.js | |
uses: actions/setup-node@v3 | |
with: | |
node-version: 20 | |
check-latest: true | |
cache: 'yarn' | |
- run: yarn build | |
- name: Upload engine build | |
uses: actions/upload-artifact@v3 | |
with: | |
name: PROCEED_Engine | |
path: ${{ env.OUTPUT_PATH_ENGINE_NODE }} | |
# buildEngineAndroid: | |
# runs-on: ubuntu-latest | |
# if: ${{ github.ref == 'refs/heads/main' }} | |
# needs: | |
# - lint | |
# - testEngine | |
# - testEngineE2E | |
# steps: | |
# - uses: actions/cache@v3 | |
# timeout-minutes: 2 | |
# id: restore-install | |
# with: | |
# path: ./* | |
# key: ${{ github.sha }}-${{ github.run_number }} | |
# | |
# - name: Set up Node.js | |
# uses: actions/setup-node@v3 | |
# with: | |
# node-version: 20 | |
# check-latest: true | |
# cache: 'yarn' | |
# | |
# - run: yarn build-android | |
# - run: cp ${{ env.OUTPUT_PATH_ENGINE_ANDROID }}/app-debug.apk ${{ env.BUILD_PATH_ENGINE_ANDROID }}/${{ env.FILE_NAME_ANDROID }} | |
# | |
# - name: Upload android engine build | |
# uses: actions/upload-artifact@v3 | |
# with: | |
# name: PROCEED_Engine_Android | |
# path: ${{ env.OUTPUT_PATH_ENGINE_ANDROID }}/${{ env.FILE_NAME_ANDROID }} | |
buildMS: | |
runs-on: ubuntu-latest | |
if: ${{ github.ref == 'refs/heads/main' }} | |
needs: | |
- lint | |
- testEngine | |
- testEngineE2E | |
- testMS | |
steps: | |
- uses: actions/cache@v3 | |
timeout-minutes: 2 | |
id: restore-install | |
with: | |
path: ./* | |
key: ${{ github.sha }}-${{ github.run_number }} | |
- name: Set up Node.js | |
uses: actions/setup-node@v3 | |
with: | |
node-version: 20 | |
check-latest: true | |
cache: 'yarn' | |
- run: yarn build-ms-server | |
- name: Upload MS server build | |
uses: actions/upload-artifact@v3 | |
with: | |
name: PROCEED_Management_System_Server | |
path: ${{ env.OUTPUT_PATH_MS_SERVER }} | |
docker: | |
strategy: | |
matrix: | |
# Run a job each for the engine and MS server images | |
include: | |
- output: PROCEED_Engine | |
output_path: OUTPUT_PATH_ENGINE_NODE | |
image: proceed/engine | |
- output: PROCEED_Management_System_Server | |
output_path: OUTPUT_PATH_MS_SERVER | |
image: proceed/ms-server | |
runs-on: ubuntu-latest | |
environment: ${{ inputs.environment || 'Staging' }} | |
needs: | |
- buildEngine | |
- buildMS | |
steps: | |
- name: Download build | |
uses: actions/download-artifact@v3 | |
with: | |
name: ${{ matrix.output }} | |
path: ${{ env[matrix.output_path] }} | |
- name: Display structure of downloaded files | |
run: ls ${{ env[matrix.output_path] }} | |
- name: Kaniko build | |
uses: aevea/action-kaniko@master | |
with: | |
image: ${{ matrix.image }} | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_PASSWORD }} | |
path: ${{ env[matrix.output_path] }} | |
tag: ${{ vars.IMAGE_TAG }} | |
extra_args: --build-arg OLD=${{ inputs.environment == 'Production' }} | |
deploy: | |
runs-on: ubuntu-latest | |
environment: ${{ inputs.environment || 'Staging' }} | |
needs: docker | |
strategy: | |
matrix: | |
# Run a job each for the engine and MS server images | |
include: | |
- serviceName: engine | |
- serviceName: management_system | |
env: | |
ENV: ${{ inputs.environment || 'Staging' }} | |
ENGINE_TAG: ${{ vars.IMAGE_TAG }} | |
MS_TAG: ${{ vars.IMAGE_TAG }} | |
LOG_DRIVER: ${{ vars.LOG_DRIVER }} | |
SERVICE_NAME: ${{ matrix.serviceName }} | |
steps: | |
- name: Configure SSH | |
run: | | |
mkdir -p ~/.ssh/ | |
echo "$SSH_KEY" > ~/.ssh/$ENV.key | |
chmod 600 ~/.ssh/$ENV.key | |
cat >>~/.ssh/config <<END | |
Host $ENV | |
HostName $SSH_HOST | |
User $SSH_USER | |
IdentityFile ~/.ssh/$ENV.key | |
StrictHostKeyChecking no | |
END | |
env: | |
SSH_USER: ${{ secrets.SSH_USER }} | |
SSH_KEY: ${{ secrets.SSH_KEY }} | |
SSH_HOST: ${{ secrets.SSH_HOST }} | |
# Get the new version from dockerhub | |
- run: ssh $ENV "sudo docker run --rm -e MS_TAG="$MS_TAG" -e ENGINE_TAG="$ENGINE_TAG" -v /var/run/docker.sock:/var/run/docker.sock -v "\$PWD:\$PWD" -w="\$PWD" docker/compose:1.29.0 pull $SERVICE_NAME" | |
# Restart the engine container with the new image | |
- run: ssh $ENV "sudo docker run --rm -e MS_BIND_MOUNT_DIRECTORY="/var/PROCEED/ms-server" -e ENGINE_BIND_MOUNT_DIRECTORY="/var/PROCEED/engine" -e MS_LOG_DRIVER="$LOG_DRIVER" -e ENGINE_LOG_DRIVER="$LOG_DRIVER" -e MS_HTTPS_PORT="${{ inputs.environment == 'Production' && '443' || '33080' }}" -e MS_TAG="$MS_TAG" -e ENGINE_TAG="$ENGINE_TAG" -v /var/run/docker.sock:/var/run/docker.sock -v "\$PWD:\$PWD" -w="\$PWD" docker/compose:1.29.0 up -d --remove-orphans $SERVICE_NAME" | |
# Remove unused images | |
- run: ssh $ENV "sudo docker image prune -f -a" | |
updateCompose: | |
runs-on: ubuntu-latest | |
if: ${{ needs.install.outputs.compose == 'true' }} | |
environment: ${{ inputs.environment || 'Staging' }} | |
needs: | |
- install | |
- deploy | |
env: | |
ENV: ${{ inputs.environment || 'Staging' }} | |
ENGINE_TAG: ${{ vars.IMAGE_TAG }} | |
MS_TAG: ${{ vars.IMAGE_TAG }} | |
LOG_DRIVER: ${{ vars.LOG_DRIVER }} | |
steps: | |
- uses: actions/cache@v3 | |
timeout-minutes: 2 | |
id: restore-install | |
with: | |
path: ./* | |
key: ${{ github.sha }}-${{ github.run_number }} | |
- name: Configure SSH | |
run: | | |
mkdir -p ~/.ssh/ | |
echo "$SSH_KEY" > ~/.ssh/$ENV.key | |
chmod 600 ~/.ssh/$ENV.key | |
cat >>~/.ssh/config <<END | |
Host $ENV | |
HostName $SSH_HOST | |
User $SSH_USER | |
IdentityFile ~/.ssh/$ENV.key | |
StrictHostKeyChecking no | |
END | |
env: | |
SSH_USER: ${{ secrets.SSH_USER }} | |
SSH_KEY: ${{ secrets.SSH_KEY }} | |
SSH_HOST: ${{ secrets.SSH_HOST }} | |
# clean up data from the old docker compose file on the compute engine if there is any | |
- run: ssh $ENV "sudo docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -v "\$PWD:\$PWD" -w="\$PWD" docker/compose:1.29.0 down --rmi all || true" | |
# copy opa config to compute engine | |
- run: scp src/management-system/opa/config.yaml $ENV:~/opa/config.yaml | |
# push new docker compose file to the compute engine | |
- run: scp docker-compose.yml $ENV:~ | |
# start MS services and the engine (escaped $ to prevent gitlab CI from trying to interpret PWD which can only be determined when the command is run in the compute engine) | |
# TODO: restart when the compute engine restarts | |
- run: ssh $ENV "sudo docker run --rm -e MS_BIND_MOUNT_DIRECTORY="/var/PROCEED/ms-server" -e ENGINE_BIND_MOUNT_DIRECTORY="/var/PROCEED/engine" -e MS_LOG_DRIVER="$LOG_DRIVER" -e ENGINE_LOG_DRIVER="$LOG_DRIVER" -e MS_HTTPS_PORT="${{ inputs.environment == 'Production' && '443' || '33080' }}" -e MS_TAG="$MS_TAG" -e ENGINE_TAG="$ENGINE_TAG" -v /var/run/docker.sock:/var/run/docker.sock -v "\$PWD:\$PWD" -w="\$PWD" docker/compose:1.29.0 up -d --remove-orphans" |